Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown (to me) virus/malware [Solved]


  • This topic is locked This topic is locked

#1
Niccix

Niccix

    Member

  • Member
  • PipPip
  • 14 posts
Hello!

For a little more than a week now my computer have not been working properly.

From what i've picked up the problem (I believe it to be a virus, but I'm not completely sure either, i apologize for this) is affecting my connection to the Internet.

When I try to download torrents it takes excessive amount of time for them to first connect to peers, and the download itself is very limited. Uploading doesn't work at all. When trying to play online games, mainly World of Warcraft and Leauge of Legends I have immense troubles signing in. In the case of WoW, it takes about 5-10 minutes of trying to logg on only to get the "unable to connect" message, I estimate it usually takes around 40 tries for one to suddently work out normally and establish a connection. In LoL it's similar, I get unable to connect and can try to logg in for hours until it finally just works. Internet browsing most of the time works out somewhat as usual, though at a bit slower rate. When opening a new tab or switching websites I sometimes get "unable to connect" but after refreshing a few times it works out.

I tried turning off my firewall and antivirus but none of them are conflicting with my connection.

Now this definitely sounds like a problem with my Internet connection, but all the other computers in the household work perfectly fine at all times and did on my main computer for a long time before that.

What i have tried so far:
Resetted router, switched Internet cables back and forth with no sucess.
Scanned computer with avast! antivirus (free version), scan showed no infections.
Ran a registry clean with "Wise Registry Cleaner"
Ran CC cleaner.
Tried running Combofix - it starts up but without any notice combofix just shuts down without completing the fix.
Tried all of the above (except for router reset) in failsafe mode, with no better/different results.

I am using windows 7 64 bit.

Thanks in advance!

OTL logg below:

OTL logfile created on: 2012-11-04 16:58:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ragnar\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 36,50% Memory free
8,00 Gb Paging File | 4,49 Gb Available in Paging File | 56,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863,01 Gb Total Space | 808,69 Gb Free Space | 43,41% Space Free | Partition Type: NTFS
Drive D: | 6,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 465,75 Gb Total Space | 52,19 Gb Free Space | 11,21% Space Free | Partition Type: NTFS

Computer Name: RAGNAR-PC | User Name: ragnar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-11-04 16:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ragnar\Downloads\OTL.exe
PRC - [2012-10-26 17:34:22 | 007,880,664 | ---- | M] (Spotify Ltd) -- C:\Users\ragnar\AppData\Roaming\Spotify\spotify.exe
PRC - [2012-10-26 17:34:21 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\ragnar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012-10-23 12:17:40 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-10-23 12:17:40 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-09-07 17:40:32 | 000,104,560 | ---- | M] (SumRando) -- C:\Program Files (x86)\SumRando\SumRando\misc\vpnmanagesvc.exe
PRC - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-05-15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-04-19 23:04:06 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012-04-17 13:44:12 | 001,333,144 | ---- | M] (Technology Nexus AB) -- C:\Program Files (x86)\Personal\bin\Personal.exe
PRC - [2009-10-14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009-10-14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009-10-07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009-07-30 17:10:04 | 000,380,928 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
PRC - [2009-07-27 10:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe
PRC - [2002-01-11 20:44:44 | 001,310,720 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe


========== Modules (No Company Name) ==========

MOD - [2012-10-26 17:34:22 | 020,220,376 | ---- | M] () -- C:\Users\ragnar\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012-10-10 11:06:15 | 000,460,312 | ---- | M] () -- C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012-10-10 11:06:13 | 012,435,992 | ---- | M] () -- C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012-10-10 11:06:12 | 004,005,912 | ---- | M] () -- C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012-10-10 11:04:57 | 000,578,072 | ---- | M] () -- C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012-10-10 11:04:55 | 000,123,928 | ---- | M] () -- C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012-10-10 11:04:44 | 000,156,712 | ---- | M] () -- C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012-10-10 11:04:43 | 000,275,496 | ---- | M] () -- C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012-10-10 11:04:42 | 002,168,360 | ---- | M] () -- C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2009-10-14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009-10-14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009-04-29 19:46:20 | 001,077,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\GamerOSD\ImageTransform.dll
MOD - [2009-02-17 17:22:16 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\ASUS\GamerOSD\AudioOnVistaDLL.dll
MOD - [2007-03-13 15:46:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll
MOD - [2007-02-28 17:34:04 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012-10-23 12:17:40 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009-12-01 13:22:58 | 000,063,488 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)
SRV:64bit: - [2009-10-07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-10-27 20:58:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-10-24 18:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-09-07 17:40:32 | 000,104,560 | ---- | M] (SumRando) [Auto | Running] -- C:\Program Files (x86)\SumRando\SumRando\misc\vpnmanagesvc.exe -- (SumRandoVPNService)
SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-07-19 17:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012-05-15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-05-15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-04-21 00:16:31 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012-04-19 23:04:06 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012-02-29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-02-23 19:54:02 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-07-27 10:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-10-23 12:18:31 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012-10-23 12:18:31 | 000,364,096 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012-10-23 12:18:31 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012-10-23 12:18:30 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012-10-23 12:18:30 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012-10-15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012-04-18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-11-17 19:44:32 | 000,035,056 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tun3325.sys -- (tun3325)
DRV:64bit: - [2011-09-30 21:12:07 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2011-06-15 09:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011-03-11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-02-22 14:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2009-10-07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009-10-07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009-09-16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-01 00:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009-04-30 23:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009-04-30 23:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2009-02-17 17:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV:64bit: - [2009-02-17 17:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2007-09-29 06:30:46 | 000,091,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV - [2011-09-30 18:36:46 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3220468
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB 33 43 25 3E 97 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:6.0.1367
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ragnar\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ragnar\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-30 16:47:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-10-27 20:07:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012-10-27 20:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ragnar\AppData\Roaming\Mozilla\Extensions
[2012-10-29 12:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions
[2012-10-29 12:01:00 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012-10-27 20:07:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-10-30 16:47:56 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012-10-24 18:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-10-24 18:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-10-24 18:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 7 U6 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.60.24 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program Files (x86)\Personal\bin\np_prsnl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ragnar\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: AdBlock = C:\Users\ragnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.46_0\
CHR - Extension: avast! WebRep = C:\Users\ragnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1473_0\

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\ragnar\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\ragnar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\ragnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\sslsp104.dll (SumRando)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29541B7C-518B-411B-9713-5C1A68C72F36}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3100E656-70A5-4048-8EF6-028DD9447C60}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007-10-24 23:38:50 | 000,000,000 | ---D | M] - D:\autorun -- [ CDFS ]
O32 - AutoRun File - [2007-07-19 15:53:44 | 000,000,058 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007-10-24 23:11:40 | 004,318,432 | R--- | M] (Crytek) - D:\AutoRunCD.exe -- [ CDFS ]
O32 - AutoRun File - [2009-11-13 06:59:48 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{19ddb860-eb87-11e0-a2ac-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{19ddb860-eb87-11e0-a2ac-806e6f6e6963}\Shell\AutoRun\command - "" = D:\CheckID.exe
O33 - MountPoints2\{1da96f42-007e-11e1-9883-001a4d546427}\Shell - "" = AutoRun
O33 - MountPoints2\{1da96f42-007e-11e1-9883-001a4d546427}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{72b5d6a8-41d0-11e1-9935-001a4d546427}\Shell - "" = AutoRun
O33 - MountPoints2\{72b5d6a8-41d0-11e1-9935-001a4d546427}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{73777fcd-eddf-11e0-a400-001a4d546427}\Shell - "" = AutoRun
O33 - MountPoints2\{73777fcd-eddf-11e0-a400-001a4d546427}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\FalloutLauncher.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\OblivionLauncher.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\INSTALL.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-11-02 21:12:48 | 004,994,057 | R--- | C] (Swearware) -- C:\Users\ragnar\Desktop\Combo-Fix.exe
[2012-11-02 20:51:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-11-02 20:50:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-11-02 20:50:34 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012-10-30 16:47:57 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012-10-29 12:01:01 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\CRE
[2012-10-29 12:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012-10-29 12:00:54 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\Conduit
[2012-10-29 12:00:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentControl_v2
[2012-10-29 12:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012-10-29 12:00:04 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Roaming\uTorrent
[2012-10-27 22:03:40 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\LogiShrd
[2012-10-27 21:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2012-10-27 21:58:28 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Roaming\Leadertech
[2012-10-27 21:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012-10-27 21:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012-10-27 21:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012-10-27 20:58:16 | 009,575,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012-10-27 20:12:44 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\Macromedia
[2012-10-27 20:11:01 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-10-27 20:10:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012-10-27 20:08:16 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\Mozilla
[2012-10-27 20:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012-10-27 20:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012-10-27 20:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012-10-27 18:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012-10-27 18:52:30 | 002,755,096 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\LV302V64.SYS
[2012-10-27 18:52:30 | 000,764,952 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\LVUI64.dll
[2012-10-27 18:52:30 | 000,559,640 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\LVUIRC64.dll
[2012-10-27 18:52:30 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\LVUI2RC.dll
[2012-10-27 18:52:30 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\LVUI2.dll
[2012-10-27 18:52:30 | 000,416,280 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\lvcodec2.dll
[2012-10-27 18:52:30 | 000,398,360 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\lvcod64.dll
[2012-10-27 18:52:30 | 000,327,576 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lvrs64.sys
[2012-10-27 18:52:30 | 000,266,776 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\lvco1201278.dll
[2012-10-27 18:52:30 | 000,015,896 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lv302a64.sys
[2012-10-27 18:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2012-10-17 23:45:38 | 000,000,000 | ---D | C] -- C:\Users\ragnar\Desktop\dollhouse
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-11-04 16:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-11-04 16:51:11 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-04 16:51:11 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-04 16:28:00 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1922681404-1561175744-2858419983-1001UA.job
[2012-11-04 13:20:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-11-04 13:20:53 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012-11-03 14:01:07 | 000,792,914 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-11-03 14:01:07 | 000,661,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-11-03 14:01:07 | 000,125,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-11-03 12:28:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1922681404-1561175744-2858419983-1001Core.job
[2012-11-02 21:13:41 | 004,994,057 | R--- | M] (Swearware) -- C:\Users\ragnar\Desktop\Combo-Fix.exe
[2012-10-30 16:47:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012-10-29 22:11:55 | 000,001,029 | ---- | M] () -- C:\Users\ragnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk
[2012-10-29 12:00:36 | 000,000,971 | ---- | M] () -- C:\Users\ragnar\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012-10-29 12:00:36 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012-10-27 22:08:21 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2012-10-27 21:56:54 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2012-10-27 20:58:55 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-10-27 20:58:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-10-27 20:58:16 | 009,575,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012-10-27 20:08:08 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-10-23 12:18:31 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012-10-23 12:18:31 | 000,364,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012-10-23 12:18:31 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012-10-23 12:18:30 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012-10-23 12:18:30 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012-10-23 12:17:48 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012-10-23 12:17:38 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012-10-23 12:17:13 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012-10-15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012-10-10 22:32:04 | 000,002,493 | ---- | M] () -- C:\Users\ragnar\Desktop\Google Chrome.lnk
[2012-10-10 16:40:10 | 000,002,427 | ---- | M] () -- C:\Users\Public\Desktop\Dishonored.lnk
[2012-10-07 18:42:56 | 000,603,797 | ---- | M] () -- C:\Users\ragnar\Desktop\mattestuff 033.JPG
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-10-29 22:11:55 | 000,001,029 | ---- | C] () -- C:\Users\ragnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk
[2012-10-29 12:00:36 | 000,000,971 | ---- | C] () -- C:\Users\ragnar\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012-10-29 12:00:36 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012-10-27 22:08:21 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2012-10-27 21:56:54 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2012-10-27 20:11:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-10-27 20:08:08 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-10-27 20:08:07 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012-10-27 18:52:30 | 000,082,289 | ---- | C] () -- C:\Windows\SysNative\lvcoin64.ini
[2012-10-27 18:52:30 | 000,034,068 | ---- | C] () -- C:\Windows\SysNative\Repository.reg
[2012-10-10 16:40:10 | 000,002,427 | ---- | C] () -- C:\Users\Public\Desktop\Dishonored.lnk
[2012-10-07 18:42:59 | 000,603,797 | ---- | C] () -- C:\Users\ragnar\Desktop\mattestuff 033.JPG
[2012-09-20 16:13:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012-05-15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012-02-25 18:33:35 | 000,000,128 | ---- | C] () -- C:\Users\ragnar\.java.policy
[2011-10-30 17:08:19 | 000,282,696 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-10-30 17:08:11 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-09-30 22:50:28 | 000,778,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll
[2011-09-30 21:11:16 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-09-30 21:11:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-09-30 18:36:44 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2012-07-21 13:21:49 | 000,002,880 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\meshes\architecture\urban\signage\l.nif
[2012-07-21 13:21:49 | 000,004,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\meshes\architecture\urban\signage\n.nif
[2012-07-21 13:21:49 | 000,009,120 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\meshes\architecture\urban\signage\u.nif
[2012-08-14 14:00:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\fst\dlc05spaceboots\walk\l
[2012-08-14 14:04:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\npc\antqueen\foot\run\l
[2012-08-14 14:04:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\npc\antqueen\foot\walk\l
[2012-08-14 14:04:51 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\npc\brahmin\foot\pack\l
[2012-08-14 14:04:58 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\npc\deathclaw\foot\run\l
[2012-08-14 14:04:58 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\npc\deathclaw\foot\walk\l
[2012-08-14 14:04:59 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\npc\dlc05abomination\foot\l
[2012-08-14 14:04:59 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\npc\dlc05alien\foot\run\l
[2012-08-14 14:04:59 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\npc\dlc05alien\foot\walk\l
[2012-08-14 14:05:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\npc\minespider\foot\l
[2012-08-14 14:05:54 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\npc\radscorpion\foot\l
[2012-08-14 14:06:03 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\npc\trog\foot\run\l
[2012-08-14 14:06:04 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\npc\trog\foot\walk\l
[2012-08-14 14:06:40 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\phy\barrel\l
[2012-08-14 14:06:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\phy\bottle\l
[2012-08-14 14:06:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\phy\cansoda\l
[2012-08-14 14:25:57 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\phy\generic\cloth\l
[2012-08-14 14:06:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\phy\generic\conc\medium\l
[2012-08-14 14:06:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\phy\generic\metal\heavy\l
[2012-08-14 14:06:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\phy\generic\metal\medium\l
[2012-08-14 14:06:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\phy\generic\metal\small\l
[2012-08-14 14:06:53 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\phy\lunchbox\l
[2012-08-14 14:06:54 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\phy\shoppingcart\l
[2012-08-14 14:06:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\phy\weapon\pistol\l
[2012-08-14 14:06:57 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\phy\weapon\rifle\l
[2012-08-14 14:06:54 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\phy\vehicle\metal\body\l
[2012-08-14 14:06:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\phy\vehicle\metal\hollow\l
[2012-08-14 14:06:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\sound\fx\phy\vehicle\metal\solid\l
[2012-08-14 14:21:05 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\Data\textures\interface\icons\pipboyimages\s.p.e.c.i.a.l
[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010-07-27 15:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Niccix, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.


You have a variant of the zero access rootkit.


:alarm:
Warning: One or more of the identified infections on your computer is known to use a backdoor!
These are information stealing trojans installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

I would advise you to immediately disconnect this computer from the internet except when reading my posts, downloading the required tools and replying to this topic on this forum only.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following:
  • All passwords should be changed to include those used for banking, email, eBay, Facebook ect; and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS.
Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall


We can still clean this machine but I can't guarantee that it will be 100% secure afterward.
Let me know what you decide to do.
  • 0

#3
Niccix

Niccix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for the quick answer!

And [bleep], I had hoped it wasn't a rootkit virus :-(

I am planning on in the near future (a few weeks) upgrading my computer with a new motherboard, a SSD drive and a new processor, so I will have to format the whole computer at this point. So if you deem it safe enough to for now remove the rootkit without formating it now would be preferable so I don't have to go through formating it twice in such a short period of time.

I have already changed passwords and such from a different (hopefully none-infected) computer, and I do not use/plan to use any credit cards or bank ID's from this computer until I have done a complete format.

I consider myself atleast decent with computers - so following instructions on how to remove the infection should go smoothly!

Again thank you!
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

I have already changed passwords and such from a different (hopefully none-infected) computer, and I do not use/plan to use any credit cards or bank ID's from this computer until I have done a complete format.

Then it should be safe to clean the system.

I consider myself atleast decent with computers - so following instructions on how to remove the infection should go smoothly!

Famous last words. :lol:

Again thank you!

You're welcome.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.
  • 0

#5
Niccix

Niccix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

I have already changed passwords and such from a different (hopefully none-infected) computer, and I do not use/plan to use any credit cards or bank ID's from this computer until I have done a complete format.

Then it should be safe to clean the system.

I consider myself atleast decent with computers - so following instructions on how to remove the infection should go smoothly!

Famous last words. :lol:

Haha :D

Again thank you!

You're welcome.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.


OTL Extras logfile created on: 2012-11-04 16:58:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ragnar\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 36,50% Memory free
8,00 Gb Paging File | 4,49 Gb Available in Paging File | 56,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863,01 Gb Total Space | 808,69 Gb Free Space | 43,41% Space Free | Partition Type: NTFS
Drive D: | 6,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 465,75 Gb Total Space | 52,19 Gb Free Space | 11,21% Space Free | Partition Type: NTFS

Computer Name: RAGNAR-PC | User Name: ragnar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00718DA3-2707-4297-A510-D6C916CE8B64}" = rport=138 | protocol=17 | dir=out | app=system |
"{02912F1E-4848-44E2-A9C1-7504661B33EC}" = rport=137 | protocol=17 | dir=out | app=system |
"{047A35E2-F7CD-4DDD-9198-B25FED11BD24}" = lport=59014 | protocol=17 | dir=in | name=pando media booster |
"{04BCCE82-F363-4B27-B985-11CA26607607}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{146C4EDD-ACA4-4F11-A4D8-26A83CEBF902}" = rport=445 | protocol=6 | dir=out | app=system |
"{1AFF5252-1F1A-4049-83F2-0FBCE6F6603B}" = lport=6112 | protocol=6 | dir=in | name=dasdasd |
"{22FBF4F6-894F-408B-B6BE-DB3996699CAE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3676D205-664D-455C-8F28-09D83A650A3A}" = lport=59014 | protocol=6 | dir=in | name=pando media booster |
"{3A6AB0F6-A20D-4BCF-9F3E-30E1CA3A23B9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3B1B21F7-23C4-440F-9BDD-2F42B870A743}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FB65EB6-2F7A-44DD-9ECF-C87E54A85D5A}" = lport=1119 | protocol=6 | dir=in | name=wow |
"{5672F419-8ABA-4E6D-8F7F-552D8AAE82C4}" = lport=59014 | protocol=6 | dir=in | name=pando media booster |
"{58D26A0C-C8D3-424D-B15E-453540F5E815}" = lport=445 | protocol=6 | dir=in | app=system |
"{5BF62298-287E-43D3-99ED-6F58EE65D4D5}" = rport=139 | protocol=6 | dir=out | app=system |
"{5EEEA329-C038-4639-851C-5C8B6CFDBC25}" = lport=138 | protocol=17 | dir=in | app=system |
"{6A0B6A2D-EFBB-4BF8-8DAE-BBBE769EC2A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72C48EA5-5E1C-4E3F-8F90-415CA5072B0E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{782E8DDB-E28D-4DC5-9D1D-AA06056D818C}" = lport=1120 | protocol=6 | dir=in | name=adasd |
"{7F9CD9B0-BB62-4EC4-AB2E-B14B9736074F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D296094-673F-41FE-BCA4-B268B4F8BFB8}" = lport=4000 | protocol=6 | dir=in | name=blizzard |
"{A1B1DD10-F3B2-4CE5-A770-0FD41F4539D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B09020FB-02D3-4D09-B6AE-233757B3AEC9}" = lport=137 | protocol=17 | dir=in | app=system |
"{D3667CB7-92EC-4CFF-92C7-8D2D1765DCCB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D6760735-F1AC-4260-ADED-85739105AC4C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DBA3540A-7338-40AE-B163-253BE235DE02}" = lport=59014 | protocol=17 | dir=in | name=pando media booster |
"{DC67EE6D-9C56-4202-A214-2BEA045907F5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E63B5ACF-8A3E-4FE0-A1BE-7B193DD9F767}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC858305-1FDF-4871-A3BD-54DD937E42BE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EFC16408-9548-4C55-9A8D-F25EC9A180F4}" = lport=139 | protocol=6 | dir=in | app=system |
"{F11215B7-E961-4CF3-9CDA-01FEA762D0A5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FFA8F9A5-4E08-451A-BB93-FB04645C5606}" = lport=3724 | protocol=6 | dir=in | name=wow |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DD1259-34FD-4DF1-B768-1F3F485E70B9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |
"{03E506DA-66D9-4961-8BFF-06A9602358CE}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{06079E0B-6FF8-45E0-B279-CE2EB387EACA}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{06457578-5D23-4DBF-9AB2-1C1ACC333D97}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{08624F75-83B2-46E2-858A-3B97C47109E3}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{09DCBBC0-899E-4B85-B5DF-60ECA88FDF06}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{0C62566F-5475-40AD-AB91-BECD7588641D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{0DF5F26D-90BC-499B-B3A4-E08EF73C154E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F6C38E4-8DAB-4189-94DD-4871E2A212EA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0FCD2F94-3399-46D6-BC2B-A6B040A1425C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1194478D-8964-45EF-8B31-9193706446F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |
"{1195E25B-0BC0-483E-BF77-5A339EEFE587}" = protocol=1 | dir=out | [email protected],-28544 |
"{15CF5320-D4E0-41BF-85E3-922D815BD109}" = protocol=6 | dir=out | app=system |
"{15D219A3-E92E-40C9-8525-273093E81430}" = protocol=6 | dir=in | name=blizz |
"{16118F3F-68E9-4BC2-BC29-FDC2A8D943AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{172709AA-9A1B-4E70-B415-AE5FEB702D67}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17991D23-D952-43BD-88EA-A2E782A397FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{17D53817-5817-4786-8494-2F7BF95F381C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{1B24E31E-2EB3-4C51-8515-12D2B959F5B5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1B2640C7-7DC2-44A5-8C6D-3FA24EA4E4C6}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{1D65E73D-63C9-4781-8513-FB7D94BA6478}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{1DDF610D-97E1-428B-AF07-7F9E4B23A100}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{23AE50ED-D873-4F57-9837-174EAA5D11F5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{26ECD822-C1DA-472F-A626-CB95C57FA2B1}" = protocol=58 | dir=in | [email protected],-28545 |
"{28A6BFC0-3FC1-4F10-9CCE-06FC1B9EFB57}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{28D76FAB-7895-4C04-B669-0DE3DDC51A43}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{2EF66103-33F1-436B-83EF-44EB3F11D98A}" = protocol=1 | dir=in | [email protected],-28543 |
"{30A6C7E4-C6DB-40BC-858A-E0C818CDFE3B}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{32192114-BD41-4361-8641-7F240551B954}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{331BFF27-C890-488D-B550-FF793CA3017E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{3C0C678C-B41C-4AFE-A542-BB5B6FB3CDDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\binaries\win32\batmanac.exe |
"{3D81D079-6FC7-46EB-B045-06381EA65D97}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{41D28AED-6D9A-4A54-B4BC-CEA1C507375E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{42509251-DA8D-4DDD-99B2-1BC8667D5563}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{429F7F04-9A55-4C36-AD0C-31537230BBCA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4413CA83-18EF-4B53-B62F-D6DAE11260B0}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{471A4821-5D44-432C-AF90-FD242B0A1654}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{48384C48-FA0D-47B6-813D-BDE813C38A97}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{4D5D5412-90F6-4B8D-9C3E-A3B61FCB2209}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4E0C5784-6EB1-4FF3-B2B3-79CE692A43CC}" = dir=in | app=c:\program files (x86)\namco bandai games\darksouls\darksouls.exe |
"{4E0E1A9E-2892-4F8E-B195-C693A33974B3}" = dir=in | name=spel |
"{50475777-32A5-467E-9B08-AE47CF57AFF0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{53581CA6-DDB4-45AD-8CCF-23516996FE6D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55DF32DB-2DFE-4180-961F-014ED10C13E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C5542A6-A1E5-4891-93AF-A2510712A4BF}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
"{601965B6-FA2A-4974-989F-E2CB98A36ED6}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{6117C5B4-ED73-41DD-A709-B4C9E1D5BB61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{66E18937-796F-4C95-B15D-21C5B0508ABB}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{67345AB3-A2B1-4B0C-A86F-7EBE15B7455B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{6C5DD252-BF68-4B0A-84CA-3A31CECA7DDF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat |
"{7A1B7AB3-AF96-456C-A45F-7CDAC4D03E34}" = protocol=6 | dir=in | app=c:\program files (x86)\tribler\tribler.exe |
"{7A8AF8BC-A36E-4226-9523-DA6CAEBB52A2}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe |
"{7C427EA0-FD47-4594-83E0-96CF57F05BDB}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{7F47B00E-EAB0-48C1-8E3F-B473A0AC5FD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80AD3C7E-9E56-4E10-ADBD-7B6B6FF62F33}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{80E712A1-AB94-40A8-912F-D5BB3628C33B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83A4B256-FD31-4FD5-A5F6-F5529A424024}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{87161054-EB03-4E32-98CB-1FEA47F40067}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8CCCCA86-4869-48AC-913F-5B8C6AE536C5}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{9DF893B8-A3A1-48E2-A04C-C09B4F9E7DAE}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9E3463FE-5A82-4F3A-B4CC-62E7E73CC0B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9F682ABD-8BD6-4D1F-AA39-F9A11D3FEB7A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9FD108DA-ECD7-4AEC-BDCA-BBF8AF032BB8}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 3\binaries\win32\masseffect3.exe |
"{A26DB974-C375-44D3-B21F-4103658A5930}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{A47B52E0-C9C9-4290-B17C-A3D0EC712C2A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AA263007-DCD3-49E9-A537-E5DDF1940BEC}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{ACBAD71C-C1F4-47AB-A45C-E9D981BD26E7}" = protocol=6 | dir=in | name=blizzard spel |
"{B0E7B705-3F42-4C77-8E7A-684600D389BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B68C8ACC-8904-48E8-BF29-575D9427DF58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C1318051-52FF-4E1E-B1C3-3AB5B506D64A}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{CCFB3DBF-7C3D-4334-8BF2-83FCA93D248E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CFAE2A26-E8C0-4A51-8DC9-418A81D491C4}" = protocol=17 | dir=in | app=c:\program files (x86)\tribler\tribler.exe |
"{D2289CE2-F902-4BC3-A65B-AEE657A1FA54}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{D3DFD195-EDBF-4DCA-8260-56557DCBA5D0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DB6D92D4-9810-41CF-9A7F-19EAC945DDBC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{E1ABF9A2-D0D2-4312-99C8-D14619AB22AB}" = protocol=58 | dir=out | [email protected],-28546 |
"{E51D03C0-090E-444C-AC77-6E3D151D031B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E5FCCC9F-0147-4110-82CA-554590BC47D5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{E82A878D-00C3-4B77-9256-9FB97EE028F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{F0F203C2-060B-450C-BAFF-828123471916}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F10F71A7-561C-4DAF-9392-7810BABBC8B0}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{F197AC99-1592-4216-9C30-1E4C64D9AB13}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F57F14EA-51EA-4026-8088-BC5318F041C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\batman2\runlauncher.bat |
"{F6392164-BF24-46CC-8C64-508F2FB5B5F6}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{F9CF7D5D-04F7-4E9A-ABE0-F6FEEAA16A4F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{FDFBF776-0E9A-4732-B501-866116558719}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe |
"{FF524BA6-61B4-4878-982C-E2A2C5C03B8D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"TCP Query User{0DB84A47-261E-4868-B077-49D590A7C5B2}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{168A4D9C-E8B0-4B18-9957-F0E56411B0F3}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"TCP Query User{2AD868AF-E7D7-4976-A213-614A7FE98866}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"TCP Query User{39CA0E33-A3E3-4B51-B2E5-25E64A7F4AD8}C:\users\ragnar\downloads\diablo-iii-8370-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\ragnar\downloads\diablo-iii-8370-engb-installer-downloader.exe |
"TCP Query User{49CD0149-18B0-468C-888C-C048A2838EAD}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{4AE81461-1857-45AB-BB68-0D7D5B05DA69}C:\users\ragnar\downloads\diablo-iii-8370-enus-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\ragnar\downloads\diablo-iii-8370-enus-installer-downloader.exe |
"TCP Query User{4D4857A2-8D3A-4725-85E2-BDE03CF60D9B}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{59BFDDB0-2750-42A1-A3BC-77947E186A23}C:\users\ragnar\downloads\diablo-iii-8370-engb-installer-downloader (1).exe" = protocol=6 | dir=in | app=c:\users\ragnar\downloads\diablo-iii-8370-engb-installer-downloader (1).exe |
"TCP Query User{5DAAA615-8EEA-4700-8254-A9417BC1B7C7}C:\users\ragnar\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ragnar\appdata\roaming\spotify\spotify.exe |
"TCP Query User{62C532B6-534E-4242-A23A-BA7448C526D0}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{85D7EA25-66D7-4F3A-988E-C6A7A4C6A968}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{98D497BF-B670-4AF9-89E4-B6EAB4F160B4}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{A28E2247-77C2-4093-AF0F-7E06693B17B8}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"TCP Query User{AC873844-AA08-4A38-9F9A-0D29C7A6A6DC}C:\users\ragnar\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ragnar\appdata\roaming\spotify\spotify.exe |
"TCP Query User{D47EEDDD-EEAD-44D4-81D4-BD384C9CCA7B}E:\program\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=e:\program\the witcher 2\bin\witcher2.exe |
"TCP Query User{D6010ECD-65D3-4D76-9B46-83C353CD28E0}C:\program files (x86)\steam\steamapps\ag_47\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ag_47\team fortress 2\hl2.exe |
"TCP Query User{E6D0FA60-C9F2-4CA9-8D0D-ED1601CC2029}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{F743B365-3ACC-434A-91A0-EFAA7434652C}C:\users\ragnar\downloads\gw2.exe" = protocol=6 | dir=in | app=c:\users\ragnar\downloads\gw2.exe |
"UDP Query User{0B9D4149-7C66-455B-9244-A3ACAFAFE837}C:\users\ragnar\downloads\diablo-iii-8370-enus-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\ragnar\downloads\diablo-iii-8370-enus-installer-downloader.exe |
"UDP Query User{12BD9BF3-9818-45EC-8AE3-0D63F1815019}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{1C8B4474-A0C9-441B-9472-2F718EE898EA}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |
"UDP Query User{1CB90CBF-0FBB-49F6-8923-42277454CB9B}E:\program\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=e:\program\the witcher 2\bin\witcher2.exe |
"UDP Query User{1FC4C327-EEBD-4B8C-BDCD-CDB00826675F}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{215C32F2-9063-4905-BD36-70CDDF585D5C}C:\users\ragnar\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ragnar\appdata\roaming\spotify\spotify.exe |
"UDP Query User{4044AB05-0558-40C3-8DFC-DCD76F3BAD93}C:\users\ragnar\downloads\gw2.exe" = protocol=17 | dir=in | app=c:\users\ragnar\downloads\gw2.exe |
"UDP Query User{44E38CEB-832F-4E43-81C1-B52A478D9EB2}C:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{4CBEFDCF-25BB-43DA-A84C-6A4E2CAD7AED}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{4D139CAA-9208-41C7-89BE-EBD9C41B9286}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{59661B70-EB29-4A71-BB8F-E8C90CA71935}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{5E17313A-2DF2-407A-A6A8-97B7106768AB}C:\users\ragnar\downloads\diablo-iii-8370-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\ragnar\downloads\diablo-iii-8370-engb-installer-downloader.exe |
"UDP Query User{65D5CD6C-82D6-49A2-82BE-EA93BCABD6CF}C:\users\ragnar\downloads\diablo-iii-8370-engb-installer-downloader (1).exe" = protocol=17 | dir=in | app=c:\users\ragnar\downloads\diablo-iii-8370-engb-installer-downloader (1).exe |
"UDP Query User{A046095F-D7CF-4DDE-A912-011B5C7912DE}C:\users\ragnar\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ragnar\appdata\roaming\spotify\spotify.exe |
"UDP Query User{BF733EE3-E120-4DC1-BEEE-7A88C90B5743}C:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{F3ACF412-6DA4-477E-A5F8-424B20B72E32}C:\program files (x86)\steam\steamapps\ag_47\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ag_47\team fortress 2\hl2.exe |
"UDP Query User{F8279200-0407-4C70-8554-1E681B5642DE}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{FFCF7E75-1054-459B-87D1-A79D295C24B3}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.10 beta 3 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{281D28EC-1357-4778-B2D7-DEA56D70EF96}" = Logitech High Quality Video
"{287EAC0F-6C96-4712-97A6-958510872CBB}" = Utility
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.2.0
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6D87CAD9-9B94-4421-A439-B25F8DE14575}" = Tom Clancy's Ghost Recon Future Soldier
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7CAA7803-EF64-4592-B05A-80DE99923520}_is1" = Black Mesa version 1.0
"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1053-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Svenska
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA7F689F-88EB-4946-B105-4C434CF5B07A}" = BankID säkerhetsprogram
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Borderlands 2_is1" = Borderlands 2
"Civilization V" = Sid Meier's Civilization V
"Civilization.V.GOTY.incl.Gods.and.Kings_is1" = Civilization.V.GOTY.incl.Gods.and.Kings
"Darksiders II_is1" = Darksiders II
"Desura" = Desura
"Diablo III" = Diablo III
"Dishonored_is1" = Dishonored
"Fallout2" = Fallout2
"Game Booster 3_is1" = Game Booster 3
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"Guild Wars 2" = Guild Wars 2
"hon" = Heroes of Newerth
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
"Logitech Vid" = Logitech Vid HD
"Mafia II_is1" = Mafia II
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RADVideo" = RAD Video Tools
"Rage_is1" = Rage
"Saints Row The Third_is1" = Saints Row The Third
"StarCraft II" = StarCraft II
"Steam App 203970" = Kingdoms of Amalur: Reckoning Demo
"Steam App 240" = Counter-Strike: Source
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 440" = Team Fortress 2
"Steam App 57400" = Batman: Arkham City™
"Steam App 57419" = Batman: Arkham City™ PC
"Steam App 8930" = Sid Meier's Civilization V
"SumRandoSumRando" = SumRando
"The Darkness II_is1" = The Darkness II
"The Walking Dead © 3_is1" = The Walking Dead © 3 version 1
"Tribler" = Tribler (remove only)
"Tunngle beta_is1" = Tunngle beta
"uTorrent" = µTorrent
"uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar
"WinAVI Video Converter" = WinAVI Video Converter
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.43
"VLC media player" = VLC media player 1.1.11
"World of Warcraft" = World of Warcraft
"xvid" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect 9 Add-in" = Adobe Connect 9 Add-in
"Adobe Connect Add-in" = Adobe Connect Add-in
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012-11-02 16:16:42 | Computer Name = ragnar-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 2012-11-02 16:16:42 | Computer Name = ragnar-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 2012-11-02 22:55:58 | Computer Name = ragnar-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 2012-11-02 22:55:58 | Computer Name = ragnar-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 2012-11-03 06:39:57 | Computer Name = ragnar-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 2012-11-03 06:39:57 | Computer Name = ragnar-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 2012-11-03 21:19:06 | Computer Name = ragnar-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 2012-11-03 21:19:06 | Computer Name = ragnar-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 2012-11-04 08:21:04 | Computer Name = ragnar-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 2012-11-04 08:21:04 | Computer Name = ragnar-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

[ System Events ]
Error - 2012-11-02 22:58:11 | Computer Name = ragnar-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 2012-11-03 06:40:57 | Computer Name = ragnar-PC | Source = DCOM | ID = 10005
Description =

Error - 2012-11-03 06:40:56 | Computer Name = ragnar-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 2012-11-03 06:40:56 | Computer Name = ragnar-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 2012-11-03 06:42:22 | Computer Name = ragnar-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 2012-11-03 06:42:22 | Computer Name = ragnar-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 2012-11-03 21:22:10 | Computer Name = ragnar-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 2012-11-03 21:22:10 | Computer Name = ragnar-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 2012-11-04 08:23:30 | Computer Name = ragnar-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 2012-11-04 08:23:30 | Computer Name = ragnar-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069


< End of report >
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi Niccix,

Registry Cleaning Tools

Please do not use the Wise Registry Cleaner program or the registry feature of CCleaner during the cleanup process.
For that matter do not use registry cleaners at all:
A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.

Your problems are more than likely caused by the Peer to Peer programs you use. The media booster program is less than advertised. You also have some nasty toolbars.

You have Pando Media Booster on the computer. Pando Media Booster is Aaother dire application that does not perform as stated and can be a bandwidth hog also.


Step-1.

PunkBuster Advice:

There are some Issues with infections in relation to PunkBuster...The computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this would result in not being able to play the associated games, or worse.
Since we are dedicated to causing No Harm, we won't normally work on machines with this type of program installed without explicit permission from the owner.
If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help, but if you so choose, understand there is no assurance you will be able to do games afterwards.
If the Uninstaller ever fails, it is a nightmare to remove, just as they have intended.

So my advice would be download the Removal Tool for PunkBuster to the desktop.

  • Right-click on pbsvc.exe and select Run as Administrator.
  • Ensure Un-install/Remove PunkBuster Service is selected.
  • Click on Next >> Yes >> Finish.
  • Reboot(restart) your machine if not prompted to do so.
Once I give the all clear you can use the very same tool for removing PunkBuster Services(pbsvc.exe) to re-install again if you so wish.


Step-2.

You have the following Peer-to-Peer program(s) installed:

uTorrent
uTorrentControl_v2 Toolbar


GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors.

Optional Removals

1. Please click the Start Orb, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Pando Media Booster
uTorrent
uTorrentControl_v2 Toolbar


3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files (x86)\Pando Networks
C:\Program Files (x86)\uTorrentControl_v2
C:\Program Files (x86)\uTorrent
C:\Users\ragnar\AppData\Roaming\uTorrent


2. Close Windows Explorer.


Step-3.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3220468
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
[2012-10-29 12:01:00 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.6.2)
O33 - MountPoints2\{19ddb860-eb87-11e0-a2ac-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{19ddb860-eb87-11e0-a2ac-806e6f6e6963}\Shell\AutoRun\command - "" = D:\CheckID.exe
O33 - MountPoints2\{1da96f42-007e-11e1-9883-001a4d546427}\Shell - "" = AutoRun
O33 - MountPoints2\{1da96f42-007e-11e1-9883-001a4d546427}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{72b5d6a8-41d0-11e1-9935-001a4d546427}\Shell - "" = AutoRun
O33 - MountPoints2\{72b5d6a8-41d0-11e1-9935-001a4d546427}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{73777fcd-eddf-11e0-a400-001a4d546427}\Shell - "" = AutoRun
O33 - MountPoints2\{73777fcd-eddf-11e0-a400-001a4d546427}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\FalloutLauncher.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\OblivionLauncher.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\INSTALL.EXE
[2012-11-02 20:50:34 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

:FILES
ipconfig
C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs

:COMMANDS
[EMPTYTEMP]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-4.

Delete the ComboFix file on the computer now.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to reenable your Anti-Virus


Step-4.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Doubleclick the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-5.

Posted Image OTL Scan

Please re-open OTL
  • Double click the Posted Image on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
  • At the top of the console, click the box beside Scan All Users and Include 64bit Scans
  • Make sure the Output box at the top is set to Standard Output.
  • Click the box beside LOP Check and Purity Check
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is saved in the same location as OTL.
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.

Step-6.

Things For Your Next Post:
1. Let me know if you uninstalled any of the programs.
2. The OTL fixes log
3. The ComboFix log
4. The FSS.txt log
5. The new OTL.txt log
6. How is the computer running now?
  • 0

#7
Niccix

Niccix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Uninstalled the programs recommended to uninstall. Step 1 and 2 done.

Having problems at step 3 or it might be me just being unpatient. When running the fix with OTL the program seems to have frozen up at "creating restore point. DO NOT INTERRUPT...". I am posting from a different computer, OTL has been on "creating restore point" for about 30 minutes now, I am unsure how to proceed now...

Again thank you for all the help, really appreciate you taking the time!

Edited by Niccix, 04 November 2012 - 09:36 PM.

  • 0

#8
Niccix

Niccix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
The computer was completely frozen so I had to turn power of and attempted step 3 in failsafe mode, seemingly sucessful.

First OTL log below:

All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\ not found.
File C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\ not found.
File C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Plugins folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\modules folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\META-INF folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\lib folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\defaults\preferences folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\defaults folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\skin folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\sl folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\lib folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\core folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_POPUP folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\404 folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\js\resources folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\images folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\css folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\myStuffDialogs folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\features\js\resources folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\features\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\features folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\api folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\res folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\img folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\css folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468 folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome folder moved successfully.
C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\ not found.
File C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\ not found.
File C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19ddb860-eb87-11e0-a2ac-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19ddb860-eb87-11e0-a2ac-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19ddb860-eb87-11e0-a2ac-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19ddb860-eb87-11e0-a2ac-806e6f6e6963}\ not found.
File D:\CheckID.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1da96f42-007e-11e1-9883-001a4d546427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1da96f42-007e-11e1-9883-001a4d546427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1da96f42-007e-11e1-9883-001a4d546427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1da96f42-007e-11e1-9883-001a4d546427}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72b5d6a8-41d0-11e1-9935-001a4d546427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72b5d6a8-41d0-11e1-9935-001a4d546427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72b5d6a8-41d0-11e1-9935-001a4d546427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72b5d6a8-41d0-11e1-9935-001a4d546427}\ not found.
File F:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73777fcd-eddf-11e0-a400-001a4d546427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73777fcd-eddf-11e0-a400-001a4d546427}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73777fcd-eddf-11e0-a400-001a4d546427}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73777fcd-eddf-11e0-a400-001a4d546427}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\FalloutLauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\OblivionLauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\INSTALL.EXE not found.
C:\32788R22FWJFW\sv-SE folder moved successfully.
C:\32788R22FWJFW\N_ folder moved successfully.
C:\32788R22FWJFW\License folder moved successfully.
C:\32788R22FWJFW\EN-US folder moved successfully.
C:\32788R22FWJFW folder moved successfully.
========== FILES ==========
File\Folder ipconfig not found.
C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\mods folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ragnar
->Temp folder emptied: 652605775 bytes
->Temporary Internet Files folder emptied: 49256741 bytes
->Java cache emptied: 684015 bytes
->FireFox cache emptied: 66045614 bytes
->Google Chrome cache emptied: 426881519 bytes
->Flash cache emptied: 14998262 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3161394 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 12184099266 bytes

Total Files Cleaned = 12 777,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11052012_051819

Files\Folders moved on Reboot...
C:\Users\ragnar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

*End of first log*
Notes to this one: below the "files" section I deleted an incredibly long list of entries all almost identical to "C:\$Recycle.bin\S-1-5-21-1922681404-1561175744-2858419983-1001\$RTG12O6.Edition-KaOs\mods folder moved successfully." all just stating a sucessful move. It seems I forgot a deleted game in the recycle bin. Can post all of this if needed but it was just a really, really long list of posts like the one i quoted above. I made sure nothing else but this was removed.

Combofix log below (for some reason in Swedish):

ComboFix 12-11-04.01 - ragnar 2012-11-05 5:39.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.46.1033.18.4094.2848 [GMT 1:00]
Körs från: c:\users\ragnar\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
E:\install.exe
.
.
(((((((((((((((((((((((( Filer skapade från 2012-10-05 till 2012-11-05 ))))))))))))))))))))))))))))))
.
.
2012-11-05 04:50 . 2012-11-05 04:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-05 04:50 . 2012-11-05 04:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-05 04:29 . 2012-11-05 04:29 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D5795E9-7743-4B6B-AB0E-93899C96B5DF}\offreg.dll
2012-11-05 03:02 . 2012-11-05 03:02 -------- d-----w- C:\_OTL
2012-10-30 15:47 . 2012-10-15 17:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-29 11:01 . 2012-10-29 11:01 -------- d-----w- c:\users\ragnar\AppData\Local\CRE
2012-10-29 11:00 . 2012-10-29 11:00 -------- d-----w- c:\program files (x86)\Conduit
2012-10-29 11:00 . 2012-11-05 02:51 -------- d-----w- c:\users\ragnar\AppData\Local\Conduit
2012-10-27 21:03 . 2012-10-27 21:03 -------- d-----w- c:\users\ragnar\AppData\Local\LogiShrd
2012-10-27 20:58 . 2012-10-28 06:43 -------- d-----w- c:\program files (x86)\Logitech
2012-10-27 20:58 . 2012-10-27 20:58 -------- d-----w- c:\users\ragnar\AppData\Roaming\Leadertech
2012-10-27 20:56 . 2012-10-27 21:04 -------- d-----w- c:\programdata\LogiShrd
2012-10-27 20:56 . 2012-10-27 20:56 -------- d-----w- c:\program files\Logitech
2012-10-27 19:58 . 2012-10-27 19:58 9575864 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-27 19:12 . 2012-10-27 19:12 -------- d-----w- c:\users\ragnar\AppData\Local\Macromedia
2012-10-27 19:11 . 2012-10-27 19:58 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-27 19:10 . 2012-10-27 19:10 -------- d-----w- c:\windows\system32\Macromed
2012-10-27 19:08 . 2012-10-27 19:08 -------- d-----w- c:\users\ragnar\AppData\Local\Mozilla
2012-10-27 19:08 . 2012-10-27 19:08 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-27 19:58 . 2011-09-30 17:36 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-23 11:18 . 2011-09-30 17:58 364096 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-23 11:18 . 2011-09-30 17:58 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-23 11:18 . 2011-09-30 17:58 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-23 11:18 . 2011-09-30 17:58 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-23 11:18 . 2011-09-30 17:58 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-23 11:17 . 2011-09-30 17:56 41224 ----a-w- c:\windows\avastSS.scr
2012-10-23 11:17 . 2011-09-30 17:56 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-23 11:17 . 2011-09-30 17:58 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-07 16:40 . 2012-09-07 16:40 74352 ----a-w- c:\windows\SysWow64\sslsp104.dll
2012-09-07 16:40 . 2012-09-07 16:40 75888 ----a-w- c:\windows\system32\sslsp104.dll
2012-09-07 15:05 . 2012-09-07 15:05 52736 ----a-w- c:\windows\ipuninst.exe
2012-08-22 21:22 . 2012-08-22 21:22 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-22 21:21 . 2012-08-22 21:22 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-22 21:21 . 2011-09-30 21:03 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-07 1353080]
"Spotify Web Helper"="c:\users\ragnar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-26 1199576]
"Spotify"="c:\users\ragnar\AppData\Roaming\Spotify\spotify.exe" [2012-10-26 7880664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-23 4297136]
"ASUSGamerOSD"="c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe" [2009-07-30 380928]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-06-15 307200]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
.
c:\users\ragnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrering.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-17 1333144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-04-20 131912]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-31 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2011-09-30 16384]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-23 71600]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 SumRandoVPNService;SumRandoVPNService;c:\program files (x86)\SumRando\SumRando\misc\vpnmanagesvc.exe [2012-09-07 104560]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2009-04-30 15896]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-04-30 327576]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 tun3325;VPN Tunnel Adapter;c:\windows\system32\DRIVERS\tun3325.sys [2011-11-17 35056]
.
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-27 19:58]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1922681404-1561175744-2858419983-1001Core.job
- c:\users\ragnar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 17:37]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1922681404-1561175744-2858419983-1001UA.job
- c:\users\ragnar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 17:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-23 11:17 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\windows\system32\sslsp104.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
AddRemove-Adobe Connect 9 Add-in - c:\users\ragnar\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\adobeconnectaddin\adobeconnectaddin.exe
AddRemove-Adobe Connect Add-in - c:\users\ragnar\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
.
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\S-1-5-21-1922681404-1561175744-2858419983-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2012-11-05 06:00:50
ComboFix-quarantined-files.txt 2012-11-05 05:00
.
Före genomsökningen: 870 371 479 552 bytes free
Efter genomsökningen: 870 224 728 064 bytes free
.
- - End Of File - - 23CD972B542ABA16ADA4E852EBB71D1B

*End of combolog*

FFS log below:

Farbar Service Scanner Version: 04-11-2012
Ran by ragnar (administrator) on 05-11-2012 at 06:04:29
Running from "C:\Users\ragnar\Desktop"
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2011-10-31 03:33] - [2011-06-21 07:27] - 1896832 ____A (Microsoft Corporation) B9D87C7707F058AC652A398CD28DE14B

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Second OTL log below:

OTL logfile created on: 2012-11-05 06:06:30 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ragnar\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 62,89% Memory free
8,00 Gb Paging File | 6,55 Gb Available in Paging File | 81,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863,01 Gb Total Space | 810,55 Gb Free Space | 43,51% Space Free | Partition Type: NTFS
Drive D: | 6,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 465,75 Gb Total Space | 63,76 Gb Free Space | 13,69% Space Free | Partition Type: NTFS

Computer Name: RAGNAR-PC | User Name: ragnar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-11-04 16:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ragnar\Desktop\OTL.exe
PRC - [2012-10-23 12:17:40 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-10-23 12:17:40 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-09-07 17:40:32 | 000,104,560 | ---- | M] (SumRando) -- C:\Program Files (x86)\SumRando\SumRando\misc\vpnmanagesvc.exe
PRC - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-05-15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-04-17 13:44:12 | 001,333,144 | ---- | M] (Technology Nexus AB) -- C:\Program Files (x86)\Personal\bin\Personal.exe
PRC - [2009-10-07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009-07-30 17:10:04 | 000,380,928 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
PRC - [2009-07-27 10:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe
PRC - [2002-01-11 20:44:44 | 001,310,720 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe


========== Modules (No Company Name) ==========

MOD - [2009-04-29 19:46:20 | 001,077,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\GamerOSD\ImageTransform.dll
MOD - [2009-02-17 17:22:16 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\ASUS\GamerOSD\AudioOnVistaDLL.dll
MOD - [2007-03-13 15:46:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll
MOD - [2007-02-28 17:34:04 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012-10-23 12:17:40 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009-12-01 13:22:58 | 000,063,488 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)
SRV:64bit: - [2009-10-07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-10-27 20:58:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-10-24 18:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-10-24 13:54:43 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-09-07 17:40:32 | 000,104,560 | ---- | M] (SumRando) [Auto | Running] -- C:\Program Files (x86)\SumRando\SumRando\misc\vpnmanagesvc.exe -- (SumRandoVPNService)
SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-07-19 17:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012-05-15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-05-15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-04-21 00:16:31 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012-02-29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-07-27 10:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-10-23 12:18:31 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012-10-23 12:18:31 | 000,364,096 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012-10-23 12:18:31 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012-10-23 12:18:30 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012-10-23 12:18:30 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012-10-15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012-04-18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-11-17 19:44:32 | 000,035,056 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tun3325.sys -- (tun3325)
DRV:64bit: - [2011-09-30 21:12:07 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2011-06-15 09:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011-03-11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-02-22 14:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2009-10-07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009-10-07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009-09-16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-01 00:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009-04-30 23:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009-04-30 23:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2009-02-17 17:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV:64bit: - [2009-02-17 17:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2007-09-29 06:30:46 | 000,091,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV - [2011-09-30 18:36:46 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1922681404-1561175744-2858419983-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1922681404-1561175744-2858419983-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKU\S-1-5-21-1922681404-1561175744-2858419983-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB 33 43 25 3E 97 CC 01 [binary data]
IE - HKU\S-1-5-21-1922681404-1561175744-2858419983-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1922681404-1561175744-2858419983-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1922681404-1561175744-2858419983-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:6.0.1367
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ragnar\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ragnar\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-30 16:47:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-10-27 20:07:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012-10-27 20:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ragnar\AppData\Roaming\Mozilla\Extensions
[2012-11-05 05:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions
[2012-10-27 20:07:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-10-30 16:47:56 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012-10-24 18:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-10-24 18:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-10-24 18:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 7 U6 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.60.24 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program Files (x86)\Personal\bin\np_prsnl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ragnar\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: AdBlock = C:\Users\ragnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: avast! WebRep = C:\Users\ragnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1473_0\

O1 HOSTS File: ([2012-11-05 05:50:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\S-1-5-21-1922681404-1561175744-2858419983-1001..\Run: [Spotify] C:\Users\ragnar\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1922681404-1561175744-2858419983-1001..\Run: [Spotify Web Helper] C:\Users\ragnar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1922681404-1561175744-2858419983-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\ragnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1922681404-1561175744-2858419983-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1922681404-1561175744-2858419983-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-1922681404-1561175744-2858419983-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1922681404-1561175744-2858419983-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\sslsp104.dll (SumRando)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29541B7C-518B-411B-9713-5C1A68C72F36}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3100E656-70A5-4048-8EF6-028DD9447C60}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007-10-24 23:38:50 | 000,000,000 | ---D | M] - D:\autorun -- [ CDFS ]
O32 - AutoRun File - [2007-07-19 15:53:44 | 000,000,058 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007-10-24 23:11:40 | 004,318,432 | R--- | M] (Crytek) - D:\AutoRunCD.exe -- [ CDFS ]
O32 - AutoRun File - [2009-11-13 06:59:48 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-11-05 06:03:11 | 000,694,499 | ---- | C] (Farbar) -- C:\Users\ragnar\Desktop\FSS.exe
[2012-11-05 05:38:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-11-05 05:38:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-11-05 05:38:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-11-05 05:36:40 | 004,996,943 | R--- | C] (Swearware) -- C:\Users\ragnar\Desktop\ComboFix.exe
[2012-11-05 04:02:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-11-04 16:58:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ragnar\Desktop\OTL.exe
[2012-11-02 20:51:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-11-02 20:50:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-10-30 16:47:57 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012-10-29 12:01:01 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\CRE
[2012-10-29 12:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012-10-29 12:00:54 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\Conduit
[2012-10-27 22:03:40 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\LogiShrd
[2012-10-27 21:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2012-10-27 21:58:28 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Roaming\Leadertech
[2012-10-27 21:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012-10-27 21:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012-10-27 21:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012-10-27 20:58:16 | 009,575,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012-10-27 20:12:44 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\Macromedia
[2012-10-27 20:11:01 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-10-27 20:10:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012-10-27 20:08:16 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\Mozilla
[2012-10-27 20:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012-10-27 20:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012-10-27 20:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012-10-27 18:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012-10-27 18:52:30 | 002,755,096 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\LV302V64.SYS
[2012-10-27 18:52:30 | 000,764,952 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\LVUI64.dll
[2012-10-27 18:52:30 | 000,559,640 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\LVUIRC64.dll
[2012-10-27 18:52:30 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\LVUI2RC.dll
[2012-10-27 18:52:30 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\LVUI2.dll
[2012-10-27 18:52:30 | 000,416,280 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\lvcodec2.dll
[2012-10-27 18:52:30 | 000,398,360 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\lvcod64.dll
[2012-10-27 18:52:30 | 000,327,576 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lvrs64.sys
[2012-10-27 18:52:30 | 000,266,776 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\lvco1201278.dll
[2012-10-27 18:52:30 | 000,015,896 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lv302a64.sys
[2012-10-27 18:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2012-10-17 23:45:38 | 000,000,000 | ---D | C] -- C:\Users\ragnar\Desktop\dollhouse

========== Files - Modified Within 30 Days ==========

[2012-11-05 06:03:14 | 000,694,499 | ---- | M] (Farbar) -- C:\Users\ragnar\Desktop\FSS.exe
[2012-11-05 05:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-11-05 05:50:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-11-05 05:36:45 | 004,996,943 | R--- | M] (Swearware) -- C:\Users\ragnar\Desktop\ComboFix.exe
[2012-11-05 05:28:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-11-05 05:28:11 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012-11-05 04:28:00 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1922681404-1561175744-2858419983-1001UA.job
[2012-11-05 03:52:28 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-05 03:52:28 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-05 03:49:59 | 000,840,264 | ---- | M] () -- C:\Users\ragnar\Desktop\pbsvc.exe
[2012-11-04 16:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ragnar\Desktop\OTL.exe
[2012-11-03 14:01:07 | 000,792,914 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-11-03 14:01:07 | 000,661,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-11-03 14:01:07 | 000,125,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-11-03 12:28:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1922681404-1561175744-2858419983-1001Core.job
[2012-10-30 16:47:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012-10-29 22:11:55 | 000,001,029 | ---- | M] () -- C:\Users\ragnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk
[2012-10-27 22:08:21 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2012-10-27 21:56:54 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2012-10-27 20:58:55 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-10-27 20:58:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-10-27 20:58:16 | 009,575,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012-10-23 12:18:31 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012-10-23 12:18:31 | 000,364,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012-10-23 12:18:31 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012-10-23 12:18:30 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012-10-23 12:18:30 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012-10-23 12:17:48 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012-10-23 12:17:38 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012-10-23 12:17:13 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012-10-15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012-10-10 22:32:04 | 000,002,493 | ---- | M] () -- C:\Users\ragnar\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012-11-05 05:38:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-11-05 05:38:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-11-05 05:38:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-11-05 05:38:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-11-05 05:38:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-11-05 03:49:53 | 000,840,264 | ---- | C] () -- C:\Users\ragnar\Desktop\pbsvc.exe
[2012-10-29 22:11:55 | 000,001,029 | ---- | C] () -- C:\Users\ragnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk
[2012-10-27 22:08:21 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2012-10-27 21:56:54 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2012-10-27 20:11:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-10-27 20:08:07 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012-10-27 18:52:30 | 000,082,289 | ---- | C] () -- C:\Windows\SysNative\lvcoin64.ini
[2012-10-27 18:52:30 | 000,034,068 | ---- | C] () -- C:\Windows\SysNative\Repository.reg
[2012-09-20 16:13:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012-05-15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012-02-25 18:33:35 | 000,000,128 | ---- | C] () -- C:\Users\ragnar\.java.policy
[2011-09-30 22:50:28 | 000,778,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll
[2011-09-30 21:11:16 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-09-30 21:11:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-09-30 18:36:44 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010-07-27 15:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

*end of log*
  • 0

#9
Niccix

Niccix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
As for a report on how to computer runs.

Seemingly Internet browsing is back to normal, so for I haven't gotten "unable to connect" randomly as I did a lot before and it feels like pages are loading faster.

The connection issue with WoW and LoL still persists though. More then 90% of log in attempts I still get "unable to connect" and after trying for a few minutes suddently one of the log in attempts work out normally and I get connected.

If the infection was cleaned I guess there must be something else conflicting with these connections (although not my firewall) and I guess that is a matter for a different forum.

I will keep a close eye on this thread and continue following further instructions if it is still needed!

Again, thank you! :D

Edited by Niccix, 04 November 2012 - 11:42 PM.

  • 0

#10
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

Well that round killed a bunch of stuff.

If the infection was cleaned I guess there must be something else conflicting with these connections (although not my firewall) and I guess that is a matter for a different forum.

You really need to turn the firewall back on. And resetting the firewall settings would probably be a good idea.

Again, thank you! :D

You are welcome!

1.
This IP address in the log:
7.254.254.254
is for the US Naval Ocean Systems Center. Do you know anything about this. Does your internet service come from the US Navy Ocean Systems Center?

2.
I didn't see a program named Conduit in the installed programs list but I can see the installation folders in the log. Would you check the list of installed programs and see if anything named Conduit is there?

Now let's check for malware stragglers and remnants.


Step-1.

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer.

Double Click the mbam-setup.exe file to install the application. (Windows Vista/7 users will need to right click on the file and click Run As Administrator, then click the Continue button on the UAC window.)
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
  • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-2.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-3.

Things For Your Next Post:
1. The MalwareBytes log
2. The ESET log (If it found anything)
3. Answer my questions above
  • 0

Advertisements


#11
Niccix

Niccix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
For question one, no I don't know anything about that one. My Internet provider is a Swedish one called "Bredbandsbolaget", highly doubt they have anything to do with the "US Naval Ocean Systems Center" it seems strange to me!

Firewall is on and i'll keep it on!

No idea about that program "Conduit". It does not appear in the "Programs and Features" list, and when i search for it on the computer all that comes up are the loggs from combofix/OTL/FSS.

By the way, do you think avast! free version is a good antivirus to have? Or should I maybe switch to some different free antivirus? Maybe it's even worth buying a new antivirus?

Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.05.06

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
ragnar :: RAGNAR-PC [administrator]

Protection: Enabled

2012-11-05 20:39:36
mbam-log-2012-11-05 (20-39-36).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 921134
Time elapsed: 2 hour(s), 44 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files (x86)\NAMCO BANDAI Games\DarkSouls\xlive.dll (Trojan.Onlinegames) -> Quarantined and deleted successfully.
E:\Program\Electronic Arts\Need for Speed™ Hot Pursuit\NFSHP_Activator.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

(end)

Eset online scanner log. (After the scan took 5 hours my instinct was telling me to delete the threats, but left them there as instructed :P)

C:\Users\ragnar\Downloads\cnet_64bit_Vista_Win7_R265_exe (1).exe a variant of Win32/InstallCore.D application
C:\Users\ragnar\Downloads\cnet_64bit_Vista_Win7_R265_exe.exe a variant of Win32/InstallCore.D application
C:\Users\ragnar\Downloads\DriverSweeper_3.2.0.exe Win32/OpenCandy application
C:\Users\ragnar\Downloads\gb3-setup.exe a variant of Win32/Toolbar.Widgi application
C:\Users\ragnar\Downloads\installer_avast_home_edition.exe multiple threats
C:\Users\ragnar\Music\Digital\Slipknot - All Hope Is Gone (2008)\14. Vermilion Pt.2(Bloodstone Mix) (Bonus track ).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
E:\Documents and Settings\Ragnar\Application Data\Sun\Java\Deployment\cache\6.0\32\3c061da0-7d77ed04 multiple threats
E:\Documents and Settings\Ragnar\Lokala inställningar\temp\HyperCam.exe Win32/Somoto application
E:\Program\HyperCam Toolbar\UninstallToolbar.exe Win32/Somoto application
  • 0

#12
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

Firewall is on and i'll keep it on!

:thumbsup:

By the way, do you think avast! free version is a good antivirus to have? Or should I maybe switch to some different free antivirus? Maybe it's even worth buying a new antivirus?

The Avast AntiVirus is a very good one. It is recommended and used by a lot of the G2G malware staff members.
You can pay for a antivirus if you choose to, but the free version of Avast is the one we recommend.

Let's clean up the residual malware files that the scans showed.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[CREATERESTOREPOINT]

:OTL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3100E656-70A5-4048-8EF6-028DD9447C60}: DhcpNameServer = 7.254.254.254
[2012-10-29 12:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012-10-29 12:00:54 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\Conduit
[2012-11-05 03:49:59 | 000,840,264 | ---- | M] () -- C:\Users\ragnar\Desktop\pbsvc.exe

:FILES

C:\Users\ragnar\Downloads\cnet_64bit_Vista_Win7_R265_exe (1).exe
C:\Users\ragnar\Downloads\cnet_64bit_Vista_Win7_R265_exe.exe
C:\Users\ragnar\Downloads\DriverSweeper_3.2.0.exe
C:\Users\ragnar\Downloads\gb3-setup.exe
C:\Users\ragnar\Music\Digital\Slipknot - All Hope Is Gone (2008)\14. Vermilion Pt.2(Bloodstone Mix) (Bonus track ).mp3
E:\Documents and Settings\Ragnar\Application Data\Sun\Java\Deployment\cache\6.0\32\3c061da0-7d77ed04
E:\Documents and Settings\Ragnar\Lokala inställningar\temp\HyperCam.exe
E:\Program\HyperCam Toolbar\UninstallToolbar.exe

:COMMANDS
[EMPTYTEMP]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

%SYSTEMDRIVE%\*.exe
/md5start
ipconfig.exe
tcpip.sys
/md5stop
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c


2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
    Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image

  • Do Not check the box beside Scan All Users.
  • Check the box beside Include 64bit Scans at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-3.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-4.

Things For Your Next Post:
1. The OTL fixes log
2. The new OTL.txt log
3. The Checkup.txt log
  • 0

#13
Niccix

Niccix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL fix log:

OTL logfile created on: 2012-11-06 16:44:30 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ragnar\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,24% Memory free
8,00 Gb Paging File | 6,45 Gb Available in Paging File | 80,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863,01 Gb Total Space | 815,06 Gb Free Space | 43,75% Space Free | Partition Type: NTFS
Drive D: | 6,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 465,75 Gb Total Space | 70,76 Gb Free Space | 15,19% Space Free | Partition Type: NTFS

Computer Name: RAGNAR-PC | User Name: ragnar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-11-04 16:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ragnar\Desktop\OTL.exe
PRC - [2012-10-30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-10-26 17:34:22 | 007,880,664 | ---- | M] (Spotify Ltd) -- C:\Users\ragnar\AppData\Roaming\Spotify\spotify.exe
PRC - [2012-10-26 17:34:21 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\ragnar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012-10-24 13:54:43 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012-09-29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-09-07 17:40:32 | 000,104,560 | ---- | M] (SumRando) -- C:\Program Files (x86)\SumRando\SumRando\misc\vpnmanagesvc.exe
PRC - [2012-08-07 20:46:54 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-05-15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-04-17 13:44:12 | 001,333,144 | ---- | M] (Technology Nexus AB) -- C:\Program Files (x86)\Personal\bin\Personal.exe
PRC - [2009-10-14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009-10-14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009-10-07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009-07-30 17:10:04 | 000,380,928 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
PRC - [2009-07-27 10:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe
PRC - [2002-01-11 20:44:44 | 001,310,720 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe


========== Modules (No Company Name) ==========

MOD - [2012-10-26 17:34:22 | 020,220,376 | ---- | M] () -- C:\Users\ragnar\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012-10-24 13:54:42 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012-10-24 13:54:41 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012-10-24 13:54:40 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012-10-24 13:54:40 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012-10-24 13:54:40 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2009-10-14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009-10-14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009-04-29 19:46:20 | 001,077,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\GamerOSD\ImageTransform.dll
MOD - [2009-02-17 17:22:16 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\ASUS\GamerOSD\AudioOnVistaDLL.dll
MOD - [2007-03-13 15:46:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll
MOD - [2007-02-28 17:34:04 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009-12-01 13:22:58 | 000,063,488 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)
SRV:64bit: - [2009-10-07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-10-27 20:58:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-10-24 18:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-10-24 13:54:43 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-09-07 17:40:32 | 000,104,560 | ---- | M] (SumRando) [Auto | Running] -- C:\Program Files (x86)\SumRando\SumRando\misc\vpnmanagesvc.exe -- (SumRandoVPNService)
SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-07-19 17:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012-05-15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-05-15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-04-21 00:16:31 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012-02-29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-07-27 10:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-10-30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012-10-30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012-10-30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012-10-30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012-10-30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012-10-15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012-09-29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-04-18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-11-17 19:44:32 | 000,035,056 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tun3325.sys -- (tun3325)
DRV:64bit: - [2011-09-30 21:12:07 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2011-06-15 09:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011-03-11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-02-22 14:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2009-10-07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009-10-07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009-09-16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-01 00:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009-04-30 23:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009-04-30 23:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2009-02-17 17:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV:64bit: - [2009-02-17 17:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2007-09-29 06:30:46 | 000,091,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV - [2011-09-30 18:36:46 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB 33 43 25 3E 97 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1474
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ragnar\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ragnar\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-06 00:18:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-10-27 20:07:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012-10-27 20:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ragnar\AppData\Roaming\Mozilla\Extensions
[2012-11-05 05:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions
[2012-10-27 20:07:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-11-06 00:18:45 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012-10-24 18:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-10-24 18:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-10-24 18:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 7 U6 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.60.24 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program Files (x86)\Personal\bin\np_prsnl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ragnar\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: AdBlock = C:\Users\ragnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: avast! WebRep = C:\Users\ragnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2012-11-05 05:50:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\ragnar\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\ragnar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\ragnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\sslsp104.dll (SumRando)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29541B7C-518B-411B-9713-5C1A68C72F36}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007-10-24 23:38:50 | 000,000,000 | ---D | M] - D:\autorun -- [ CDFS ]
O32 - AutoRun File - [2007-07-19 15:53:44 | 000,000,058 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007-10-24 23:11:40 | 004,318,432 | R--- | M] (Crytek) - D:\AutoRunCD.exe -- [ CDFS ]
O32 - AutoRun File - [2009-11-13 06:59:48 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-11-05 20:38:41 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Roaming\Malwarebytes
[2012-11-05 20:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-11-05 20:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-11-05 20:38:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-11-05 20:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-11-05 20:35:41 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ragnar\Desktop\mbam-setup-1.65.1.1000.exe
[2012-11-05 06:28:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-11-05 06:03:11 | 000,694,499 | ---- | C] (Farbar) -- C:\Users\ragnar\Desktop\FSS.exe
[2012-11-05 05:38:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-11-05 05:38:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-11-05 05:38:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-11-05 05:36:40 | 004,996,943 | R--- | C] (Swearware) -- C:\Users\ragnar\Desktop\ComboFix.exe
[2012-11-05 04:02:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-11-04 16:58:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ragnar\Desktop\OTL.exe
[2012-11-02 20:51:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-11-02 20:50:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-10-30 16:47:57 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012-10-29 12:01:01 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\CRE
[2012-10-27 22:03:40 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\LogiShrd
[2012-10-27 21:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2012-10-27 21:58:28 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Roaming\Leadertech
[2012-10-27 21:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012-10-27 21:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012-10-27 21:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012-10-27 20:58:16 | 009,575,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012-10-27 20:12:44 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\Macromedia
[2012-10-27 20:11:01 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-10-27 20:10:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012-10-27 20:08:16 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\Mozilla
[2012-10-27 20:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012-10-27 20:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012-10-27 20:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012-10-27 18:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012-10-27 18:52:30 | 002,755,096 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\LV302V64.SYS
[2012-10-27 18:52:30 | 000,764,952 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\LVUI64.dll
[2012-10-27 18:52:30 | 000,559,640 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\LVUIRC64.dll
[2012-10-27 18:52:30 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\LVUI2RC.dll
[2012-10-27 18:52:30 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\LVUI2.dll
[2012-10-27 18:52:30 | 000,416,280 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\lvcodec2.dll
[2012-10-27 18:52:30 | 000,398,360 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\lvcod64.dll
[2012-10-27 18:52:30 | 000,327,576 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lvrs64.sys
[2012-10-27 18:52:30 | 000,266,776 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\lvco1201278.dll
[2012-10-27 18:52:30 | 000,015,896 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lv302a64.sys
[2012-10-27 18:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2012-10-17 23:45:38 | 000,000,000 | ---D | C] -- C:\Users\ragnar\Desktop\dollhouse

========== Files - Modified Within 30 Days ==========

[2012-11-06 16:35:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-11-06 16:35:06 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012-11-06 16:28:00 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1922681404-1561175744-2858419983-1001UA.job
[2012-11-06 16:26:21 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-06 16:26:21 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-06 15:58:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-11-06 12:28:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1922681404-1561175744-2858419983-1001Core.job
[2012-11-06 00:18:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012-11-05 20:38:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-11-05 20:35:53 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ragnar\Desktop\mbam-setup-1.65.1.1000.exe
[2012-11-05 06:03:14 | 000,694,499 | ---- | M] (Farbar) -- C:\Users\ragnar\Desktop\FSS.exe
[2012-11-05 05:50:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-11-05 05:36:45 | 004,996,943 | R--- | M] (Swearware) -- C:\Users\ragnar\Desktop\ComboFix.exe
[2012-11-04 16:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ragnar\Desktop\OTL.exe
[2012-11-03 14:01:07 | 000,792,914 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-11-03 14:01:07 | 000,661,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-11-03 14:01:07 | 000,125,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-10-30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012-10-30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012-10-30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012-10-30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012-10-30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012-10-30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012-10-30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012-10-30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012-10-29 22:11:55 | 000,001,029 | ---- | M] () -- C:\Users\ragnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk
[2012-10-27 22:08:21 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2012-10-27 21:56:54 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2012-10-27 20:58:55 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-10-27 20:58:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-10-27 20:58:16 | 009,575,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012-10-15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012-10-10 22:32:04 | 000,002,493 | ---- | M] () -- C:\Users\ragnar\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012-11-05 20:38:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-11-05 05:38:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-11-05 05:38:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-11-05 05:38:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-11-05 05:38:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-11-05 05:38:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-10-29 22:11:55 | 000,001,029 | ---- | C] () -- C:\Users\ragnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk
[2012-10-27 22:08:21 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2012-10-27 21:56:54 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2012-10-27 20:11:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-10-27 20:08:07 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012-10-27 18:52:30 | 000,082,289 | ---- | C] () -- C:\Windows\SysNative\lvcoin64.ini
[2012-10-27 18:52:30 | 000,034,068 | ---- | C] () -- C:\Windows\SysNative\Repository.reg
[2012-09-20 16:13:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012-05-15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012-02-25 18:33:35 | 000,000,128 | ---- | C] () -- C:\Users\ragnar\.java.policy
[2011-09-30 22:50:28 | 000,778,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll
[2011-09-30 21:11:16 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-09-30 21:11:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-09-30 18:36:44 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010-07-27 15:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: IPCONFIG.EXE >
[2009-07-14 02:14:21 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=CABB20E171770FF64614A54C1F31C033 -- C:\Windows.old\Windows\System32\ipconfig.exe
[2009-07-14 02:14:21 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=CABB20E171770FF64614A54C1F31C033 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-ipconfig_31bf3856ad364e35_6.1.7600.16385_none_4c104723794237c2\ipconfig.exe
[2009-07-14 02:14:21 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=CABB20E171770FF64614A54C1F31C033 -- C:\Windows\SysWOW64\ipconfig.exe
[2009-07-14 02:14:21 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=CABB20E171770FF64614A54C1F31C033 -- C:\Windows\winsxs\x86_microsoft-windows-ipconfig_31bf3856ad364e35_6.1.7600.16385_none_4c104723794237c2\ipconfig.exe
[2009-07-14 02:39:13 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=CF45949CDBB39C953331CDCB9CEC20F8 -- C:\Windows\SysNative\ipconfig.exe
[2009-07-14 02:39:13 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=CF45949CDBB39C953331CDCB9CEC20F8 -- C:\Windows\winsxs\amd64_microsoft-windows-ipconfig_31bf3856ad364e35_6.1.7600.16385_none_a82ee2a7319fa8f8\ipconfig.exe

< MD5 for: TCPIP.SYS >
[2011-04-25 06:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2009-07-14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows.old\Windows\System32\drivers\tcpip.sys
[2009-07-14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010-11-20 14:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011-06-21 07:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2011-04-25 06:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2009-07-14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011-04-25 06:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011-06-21 07:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011-04-25 07:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011-06-21 07:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\erdnt\cache64\tcpip.sys
[2011-06-21 07:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\SysNative\drivers\tcpip.sys
[2011-06-21 07:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011-06-21 07:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD20EARX-00PASB0 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3500630AS ATA Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 1 863,00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 466,00GB
Starting Offset: 32256
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7600
Copyright © 1999-2008 Microsoft Corporation.
On computer: RAGNAR-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D Crysis CDFS DVD-ROM 6169 MB Healthy
Volume 1 C NTFS Partition 1863 GB Healthy System
Volume 2 E HDD NTFS Partition 465 GB Healthy

< End of report >


New OTL log:

OTL logfile created on: 2012-11-06 16:44:30 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ragnar\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,24% Memory free
8,00 Gb Paging File | 6,45 Gb Available in Paging File | 80,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1863,01 Gb Total Space | 815,06 Gb Free Space | 43,75% Space Free | Partition Type: NTFS
Drive D: | 6,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 465,75 Gb Total Space | 70,76 Gb Free Space | 15,19% Space Free | Partition Type: NTFS

Computer Name: RAGNAR-PC | User Name: ragnar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-11-04 16:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ragnar\Desktop\OTL.exe
PRC - [2012-10-30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-10-26 17:34:22 | 007,880,664 | ---- | M] (Spotify Ltd) -- C:\Users\ragnar\AppData\Roaming\Spotify\spotify.exe
PRC - [2012-10-26 17:34:21 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\ragnar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012-10-24 13:54:43 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012-09-29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-09-07 17:40:32 | 000,104,560 | ---- | M] (SumRando) -- C:\Program Files (x86)\SumRando\SumRando\misc\vpnmanagesvc.exe
PRC - [2012-08-07 20:46:54 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-05-15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-04-17 13:44:12 | 001,333,144 | ---- | M] (Technology Nexus AB) -- C:\Program Files (x86)\Personal\bin\Personal.exe
PRC - [2009-10-14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009-10-14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009-10-07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009-07-30 17:10:04 | 000,380,928 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
PRC - [2009-07-27 10:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe
PRC - [2002-01-11 20:44:44 | 001,310,720 | ---- | M] (ASUSTeK Inc.) -- C:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe


========== Modules (No Company Name) ==========

MOD - [2012-10-26 17:34:22 | 020,220,376 | ---- | M] () -- C:\Users\ragnar\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012-10-24 13:54:42 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012-10-24 13:54:41 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012-10-24 13:54:40 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012-10-24 13:54:40 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012-10-24 13:54:40 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2009-10-14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009-10-14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2009-04-29 19:46:20 | 001,077,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\GamerOSD\ImageTransform.dll
MOD - [2009-02-17 17:22:16 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\ASUS\GamerOSD\AudioOnVistaDLL.dll
MOD - [2007-03-13 15:46:50 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\VOV32.dll
MOD - [2007-02-28 17:34:04 | 000,643,142 | ---- | M] () -- C:\Program Files (x86)\ASUS\SmartDoctor\aticlocklib.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012-10-30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009-12-01 13:22:58 | 000,063,488 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)
SRV:64bit: - [2009-10-07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-10-27 20:58:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-10-24 18:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-10-24 13:54:43 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-09-29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-09-29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-09-07 17:40:32 | 000,104,560 | ---- | M] (SumRando) [Auto | Running] -- C:\Program Files (x86)\SumRando\SumRando\misc\vpnmanagesvc.exe -- (SumRandoVPNService)
SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-07-19 17:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012-05-15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-05-15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-04-21 00:16:31 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012-02-29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-07-27 10:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-10-30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012-10-30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012-10-30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012-10-30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012-10-30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012-10-15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012-09-29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-04-18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-11-17 19:44:32 | 000,035,056 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tun3325.sys -- (tun3325)
DRV:64bit: - [2011-09-30 21:12:07 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2011-06-15 09:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011-03-11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-02-22 14:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)
DRV:64bit: - [2009-10-07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009-10-07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009-09-16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-01 00:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009-04-30 23:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009-04-30 23:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2009-02-17 17:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV:64bit: - [2009-02-17 17:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2007-09-29 06:30:46 | 000,091,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV - [2011-09-30 18:36:46 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB 33 43 25 3E 97 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1474
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ragnar\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ragnar\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-06 00:18:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-10-27 20:07:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012-10-27 20:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ragnar\AppData\Roaming\Mozilla\Extensions
[2012-11-05 05:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ragnar\AppData\Roaming\Mozilla\Firefox\Profiles\c1s5lane.default\extensions
[2012-10-27 20:07:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-11-06 00:18:45 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012-10-24 18:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-10-24 18:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-10-24 18:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\ragnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 7 U6 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.60.24 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program Files (x86)\Personal\bin\np_prsnl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ragnar\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: AdBlock = C:\Users\ragnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: avast! WebRep = C:\Users\ragnar\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2012-11-05 05:50:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\ragnar\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\ragnar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\ragnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\sslsp104.dll (SumRando)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29541B7C-518B-411B-9713-5C1A68C72F36}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007-10-24 23:38:50 | 000,000,000 | ---D | M] - D:\autorun -- [ CDFS ]
O32 - AutoRun File - [2007-07-19 15:53:44 | 000,000,058 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007-10-24 23:11:40 | 004,318,432 | R--- | M] (Crytek) - D:\AutoRunCD.exe -- [ CDFS ]
O32 - AutoRun File - [2009-11-13 06:59:48 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-11-05 20:38:41 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Roaming\Malwarebytes
[2012-11-05 20:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-11-05 20:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-11-05 20:38:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-11-05 20:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012-11-05 20:35:41 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ragnar\Desktop\mbam-setup-1.65.1.1000.exe
[2012-11-05 06:28:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-11-05 06:03:11 | 000,694,499 | ---- | C] (Farbar) -- C:\Users\ragnar\Desktop\FSS.exe
[2012-11-05 05:38:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-11-05 05:38:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-11-05 05:38:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-11-05 05:36:40 | 004,996,943 | R--- | C] (Swearware) -- C:\Users\ragnar\Desktop\ComboFix.exe
[2012-11-05 04:02:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-11-04 16:58:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ragnar\Desktop\OTL.exe
[2012-11-02 20:51:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-11-02 20:50:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-10-30 16:47:57 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012-10-29 12:01:01 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\CRE
[2012-10-27 22:03:40 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\LogiShrd
[2012-10-27 21:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2012-10-27 21:58:28 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Roaming\Leadertech
[2012-10-27 21:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012-10-27 21:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012-10-27 21:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012-10-27 20:58:16 | 009,575,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012-10-27 20:12:44 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\Macromedia
[2012-10-27 20:11:01 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-10-27 20:10:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012-10-27 20:08:16 | 000,000,000 | ---D | C] -- C:\Users\ragnar\AppData\Local\Mozilla
[2012-10-27 20:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012-10-27 20:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012-10-27 20:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012-10-27 18:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012-10-27 18:52:30 | 002,755,096 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\LV302V64.SYS
[2012-10-27 18:52:30 | 000,764,952 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\LVUI64.dll
[2012-10-27 18:52:30 | 000,559,640 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\LVUIRC64.dll
[2012-10-27 18:52:30 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\LVUI2RC.dll
[2012-10-27 18:52:30 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\LVUI2.dll
[2012-10-27 18:52:30 | 000,416,280 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\lvcodec2.dll
[2012-10-27 18:52:30 | 000,398,360 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\lvcod64.dll
[2012-10-27 18:52:30 | 000,327,576 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lvrs64.sys
[2012-10-27 18:52:30 | 000,266,776 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\lvco1201278.dll
[2012-10-27 18:52:30 | 000,015,896 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lv302a64.sys
[2012-10-27 18:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2012-10-17 23:45:38 | 000,000,000 | ---D | C] -- C:\Users\ragnar\Desktop\dollhouse

========== Files - Modified Within 30 Days ==========

[2012-11-06 16:35:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-11-06 16:35:06 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012-11-06 16:28:00 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1922681404-1561175744-2858419983-1001UA.job
[2012-11-06 16:26:21 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-06 16:26:21 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-06 15:58:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-11-06 12:28:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1922681404-1561175744-2858419983-1001Core.job
[2012-11-06 00:18:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012-11-05 20:38:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-11-05 20:35:53 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ragnar\Desktop\mbam-setup-1.65.1.1000.exe
[2012-11-05 06:03:14 | 000,694,499 | ---- | M] (Farbar) -- C:\Users\ragnar\Desktop\FSS.exe
[2012-11-05 05:50:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-11-05 05:36:45 | 004,996,943 | R--- | M] (Swearware) -- C:\Users\ragnar\Desktop\ComboFix.exe
[2012-11-04 16:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ragnar\Desktop\OTL.exe
[2012-11-03 14:01:07 | 000,792,914 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-11-03 14:01:07 | 000,661,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-11-03 14:01:07 | 000,125,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-10-30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012-10-30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012-10-30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012-10-30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012-10-30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012-10-30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012-10-30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012-10-30 23:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012-10-29 22:11:55 | 000,001,029 | ---- | M] () -- C:\Users\ragnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk
[2012-10-27 22:08:21 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2012-10-27 21:56:54 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2012-10-27 20:58:55 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-10-27 20:58:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-10-27 20:58:16 | 009,575,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012-10-15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012-10-10 22:32:04 | 000,002,493 | ---- | M] () -- C:\Users\ragnar\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012-11-05 20:38:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-11-05 05:38:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-11-05 05:38:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-11-05 05:38:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-11-05 05:38:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-11-05 05:38:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-10-29 22:11:55 | 000,001,029 | ---- | C] () -- C:\Users\ragnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk
[2012-10-27 22:08:21 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2012-10-27 21:56:54 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software.lnk
[2012-10-27 20:11:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-10-27 20:08:07 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012-10-27 18:52:30 | 000,082,289 | ---- | C] () -- C:\Windows\SysNative\lvcoin64.ini
[2012-10-27 18:52:30 | 000,034,068 | ---- | C] () -- C:\Windows\SysNative\Repository.reg
[2012-09-20 16:13:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012-05-15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012-02-25 18:33:35 | 000,000,128 | ---- | C] () -- C:\Users\ragnar\.java.policy
[2011-09-30 22:50:28 | 000,778,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll
[2011-09-30 21:11:17 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll
[2011-09-30 21:11:16 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011-09-30 21:11:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011-09-30 18:36:44 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010-07-27 15:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: IPCONFIG.EXE >
[2009-07-14 02:14:21 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=CABB20E171770FF64614A54C1F31C033 -- C:\Windows.old\Windows\System32\ipconfig.exe
[2009-07-14 02:14:21 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=CABB20E171770FF64614A54C1F31C033 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-ipconfig_31bf3856ad364e35_6.1.7600.16385_none_4c104723794237c2\ipconfig.exe
[2009-07-14 02:14:21 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=CABB20E171770FF64614A54C1F31C033 -- C:\Windows\SysWOW64\ipconfig.exe
[2009-07-14 02:14:21 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=CABB20E171770FF64614A54C1F31C033 -- C:\Windows\winsxs\x86_microsoft-windows-ipconfig_31bf3856ad364e35_6.1.7600.16385_none_4c104723794237c2\ipconfig.exe
[2009-07-14 02:39:13 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=CF45949CDBB39C953331CDCB9CEC20F8 -- C:\Windows\SysNative\ipconfig.exe
[2009-07-14 02:39:13 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=CF45949CDBB39C953331CDCB9CEC20F8 -- C:\Windows\winsxs\amd64_microsoft-windows-ipconfig_31bf3856ad364e35_6.1.7600.16385_none_a82ee2a7319fa8f8\ipconfig.exe

< MD5 for: TCPIP.SYS >
[2011-04-25 06:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2009-07-14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows.old\Windows\System32\drivers\tcpip.sys
[2009-07-14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010-11-20 14:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011-06-21 07:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2011-04-25 06:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2009-07-14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011-04-25 06:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011-06-21 07:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011-04-25 07:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011-06-21 07:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\erdnt\cache64\tcpip.sys
[2011-06-21 07:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\SysNative\drivers\tcpip.sys
[2011-06-21 07:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011-06-21 07:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD20EARX-00PASB0 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3500630AS ATA Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 1 863,00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 466,00GB
Starting Offset: 32256
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7600
Copyright © 1999-2008 Microsoft Corporation.
On computer: RAGNAR-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D Crysis CDFS DVD-ROM 6169 MB Healthy
Volume 1 C NTFS Partition 1863 GB Healthy System
Volume 2 E HDD NTFS Partition 465 GB Healthy

< End of report >

Checkup log:

esults of screen317's Security Check version 0.99.54
Windows 7 x64
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Wise Registry Cleaner 7.43
Java™ 6 Update 29
Java 7 Update 6
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

*end*


And once again i bow to thy great knowledge!

And with risk of once again repeating myself, thank you for all the help! =)
  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thank you for the kind words :geek:

We need to update some things.

Step-1.

You Windows needs service pack 1 and Internet Explorer is out of date.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

Vista and Windows 7 Users:
1. Click Start> All Programs, from the list find Windows Update and click it.
You should be offered Windows Service Pack 1 and Internet Explorer 9. Please update them.

Step-2.

Posted Image UPDATE JAVA
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

  • Please download JavaRa to your desktop.
    • Click the Download button next to Legacy Version Version 1.1.6 to download JavaRA and unzip it to its own folder.
  • Run JavaRa.exe
  • Pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts.
    Posted Image
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
    • The most current version is Java SE 7u9. You want the 64bit version. (jre-7u9-windows-x64.exe) 31.18MB

Step-3.

Things For Your Next Post:
1. Let me know how the updates went.
2. Do any issues remain with the system?
  • 0

#15
Niccix

Niccix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Updates went fine! :)

Not noticing any problems now whem browsing the Internet but it's pretty much the same when trying to connect to online games/steam. Usually I just get "unable to connect" as if I would have had my Internet cable unplugged, usually get this until when I just keep trying to sign in it suddenly connects and works normally (once connected I rarely get disconnected, just when trying to establish a connection it behaves oddly). Haven't had any problems with skype or spotify, they always work perfectly fine.

But since my system seems clean now i'm guessing it's not a virus causing the problem, rather something with the router or the connection itself.

Works fine on my roommates computer - maybe he is stealing all my internets!!? ;)

Thank you again for all the time you put into helping me!

Edited by Niccix, 06 November 2012 - 07:16 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP