Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Fun moods/funsearchmoods! [Solved]

Started by computeramatuer , Feb 21 2013 12:45 PM

  • This topic is locked This topic is locked

#1
computeramatuer
Posted 21 February 2013 - 12:45 PM

computeramatuer

    Member

  • Member
  • PipPip
  • 21 posts
Hi guys! You were so great and helped me last time I had problems so now I am here and need help with my old stationary computer. I got infected like over a month ago and I have no idea how I got it. My problem is that when I start my browser Chrome I get redirected from my ordinary startpage google to this site called "Funsearchmoods" or "Funmoods". So basically it redirects my homepage without my permission. I've tried to block it in Chrome settings but it reappears. Also I think I got something called: "WIN32.Trojan.agent" When I ran a scan this came up, can't remember which program that found it tho, I think it was Malwarebytes.
I've tried to remove it, runned my Norton, Ad-aware and Malwarebytes. Nothing helps.
If you wonder anything else or if I was unclear, please ask! Oh and btw, if we are going to run some programs that require me to shut down my realtime antivirus programs, is it ok if I pull the internet cable while that specific program is running?
Anyways, here comes the OTL:

OTL logfile created on: 2013-02-21 19:19:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ägaren\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 29,38% Memory free
6,21 Gb Paging File | 3,73 Gb Available in Paging File | 60,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458,46 Gb Total Space | 44,68 Gb Free Space | 9,75% Space Free | Partition Type: NTFS
Drive D: | 7,30 Gb Total Space | 1,19 Gb Free Space | 16,34% Space Free | Partition Type: NTFS

Computer Name: ÄGAREN-DATOR | User Name: Ägaren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-02-21 19:03:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ägaren\Desktop\OTL.exe
PRC - [2013-01-26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program\Google\Chrome\Application\chrome.exe
PRC - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-12-14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012-09-26 15:31:01 | 001,193,176 | ---- | M] () -- C:\Users\Ägaren\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012-09-24 19:12:05 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Program\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012-09-24 19:11:53 | 001,737,728 | ---- | M] (Lavasoft Limited ) -- C:\Program\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012-05-15 10:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012-05-15 10:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012-05-15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-04-17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2010-09-13 14:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmplayer.exe
PRC - [2010-03-03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010-03-03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-01-19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe
PRC - [2008-01-19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnscfg.exe
PRC - [2006-09-03 09:32:28 | 000,208,896 | ---- | M] () -- C:\Program\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe


========== Modules (No Company Name) ==========

MOD - [2013-02-21 18:59:57 | 012,638,576 | ---- | M] () -- C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
MOD - [2013-02-09 14:32:33 | 012,459,888 | ---- | M] () -- C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
MOD - [2013-01-26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013-01-26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013-01-26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013-01-26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013-01-26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2012-11-28 20:40:37 | 000,040,448 | ---- | M] () -- C:\Users\GAREN~1\AppData\Local\Temp\CMDLIN~1.DLL
MOD - [2012-09-26 15:31:01 | 001,193,176 | ---- | M] () -- C:\Users\Ägaren\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012-09-17 09:43:24 | 000,453,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\19ef40034376db1e313a02152dee9baf\IAStorUtil.ni.dll
MOD - [2012-09-17 09:40:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ebecb68534162bd3b6829394ff7b03f5\System.Windows.Forms.ni.dll
MOD - [2012-09-17 09:39:01 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\66cab5164d52da804ccc06fb61727353\WindowsBase.ni.dll
MOD - [2011-12-19 11:46:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011-12-19 11:45:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011-12-19 11:44:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011-12-19 11:44:09 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011-12-19 11:43:05 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011-12-19 11:42:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009-09-04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009-03-31 19:05:05 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009-03-31 19:05:05 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_sv_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2007-05-22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Program\WinRAR\RarExt.dll
MOD - [2006-09-11 15:10:52 | 000,040,960 | ---- | M] () -- C:\Program\Intel\IntelDH\Intel Media Server\Media Server\bin\umc_vob_source_filter.ax


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisk LiveUpdate-schemaläggare)
SRV - [2013-02-15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-02-09 15:18:35 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-09-24 19:11:53 | 001,737,728 | ---- | M] (Lavasoft Limited ) [Auto | Running] -- C:\Program\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012-05-15 11:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-05-15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-04-17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011-03-28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Program\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010-03-03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2008-11-22 16:02:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008-11-04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-01-19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-09-11 15:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006-09-11 15:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006-09-11 14:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006-09-11 14:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006-09-03 09:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006-08-31 22:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006-05-10 08:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\plugins\UI\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\GAREN~1\AppData\Local\Temp\CED58BC.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aj145jze)
DRV - [2013-02-09 14:30:06 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130221.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2013-02-09 14:30:06 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130221.003\NAVENG.SYS -- (NAVENG)
DRV - [2013-02-09 14:30:05 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013-02-08 17:44:32 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130220.002\IDSvix86.sys -- (IDSVix86)
DRV - [2013-01-16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130208.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012-12-14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-08-09 20:28:28 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012-05-15 11:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012-04-18 18:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011-07-18 05:24:08 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011-07-18 05:24:08 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011-07-18 05:24:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011-05-11 15:32:24 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011-04-21 02:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011-03-31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011-03-31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011-03-16 16:26:39 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011-03-15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011-01-27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011-01-27 06:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010-08-12 13:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010-02-03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007-12-01 20:23:41 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2007-05-09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007-05-09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2006-11-02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005-12-12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005-03-12 19:48:08 | 000,243,456 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt2500usb.sys -- (rt2500usb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BB8E5332-4153-4695-BF62-937BA18FA0FF}: "URL" = http://se.search.yah...&type=ie7chrome
IE - HKLM\..\SearchScopes\{C7D28089-0C53-4FA5-A6E7-BDC470AEB099}: "URL" = http://se.kelkoopart...tnerId=96913934

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.se...&rlz=1I7HPEA_sv
IE - HKCU\..\SearchScopes\{BB8E5332-4153-4695-BF62-937BA18FA0FF}: "URL" = http://se.search.yah...&type=ie7chrome
IE - HKCU\..\SearchScopes\{C7D28089-0C53-4FA5-A6E7-BDC470AEB099}: "URL" = http://se.kelkoopart...tnerId=96913934
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.3.0.11079
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..searchreset.backup.browser.search.defaultenginename: "Funmoods"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..searchreset.backup.keyword.URL: "http://searchfunmood...r=639034642&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ägaren\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2013-02-21 18:52:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2013-02-21 18:52:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-08 13:56:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-07-02 01:55:23 | 000,000,000 | ---D | M]

[2008-08-27 23:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Extensions
[2013-02-09 16:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Firefox\Profiles\t5ufaq5k.default\extensions
[2010-05-02 16:25:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Firefox\Profiles\t5ufaq5k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008-01-28 22:25:04 | 000,001,878 | ---- | M] () -- C:\Users\Ägaren\AppData\Roaming\mozilla\firefox\profiles\t5ufaq5k.default\searchplugins\aolsearch.xml
[2013-01-13 13:44:25 | 000,002,351 | ---- | M] () -- C:\Users\Ägaren\AppData\Roaming\mozilla\firefox\profiles\t5ufaq5k.default\searchplugins\Funmoods.xml
[2012-06-28 15:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions
[2012-11-02 22:51:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-04-01 09:56:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-06-12 13:29:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012-11-02 22:51:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013-02-21 18:52:50 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2011-09-08 13:56:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007-08-24 20:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2011-05-12 15:27:27 | 000,001,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2011-05-12 15:27:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011-05-12 15:27:27 | 000,002,670 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2011-05-12 15:27:27 | 000,000,948 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2011-05-12 15:27:27 | 000,001,174 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2011-05-12 15:27:27 | 000,000,951 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-sv-SE.xml

========== Chrome ==========

CHR - homepage: http://searchfunmood...yE&cr=639034642
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://searchfunmood...yE&cr=639034642
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java™ Platform SE 7 U5 (Disabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program Files\Personal\bin\np_prsnl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\\u00C4garen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Disabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: S\u00F6k p\u00E5 Google = C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Gmail = C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Länkhjälp till Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program\Winamp Toolbar\winamptb.dll (AOL LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program\Winamp Toolbar\winamptb.dll (AOL LLC)
O4 - HKLM..\Run: [IAStorIcon] C:\Program\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ägaren\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xportera till Microsoft Excel - C:\Program\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.150.193.150 83.255.245.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24F4A968-3A19-45D1-ACED-354FD112FA2E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{275301FD-0872-40EF-8D98-7346D05BA357}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BECEB73-DF5C-452C-BD39-1840F77F36DA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E72B82E-9E16-4CEB-BB34-437B02352DF0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3575D59-1316-40AD-BA80-17C48DFD4768}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3EE8BBA-2F03-48B2-BA40-EA223F1D7CCA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA08B2EC-FE30-4277-AB04-AF417DE015AA}: DhcpNameServer = 193.150.193.150 83.255.245.11
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivbordsunderlägg från Windows Fotogalleri.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivbordsunderlägg från Windows Fotogalleri.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-09-12 18:34:55 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008-04-10 18:52:50 | 000,000,000 | ---D | M] - C:\Automap -- [ NTFS ]
O33 - MountPoints2\{0939feaa-0f7f-11e1-9093-001d6052f120}\Shell - "" = AutoRun
O33 - MountPoints2\{0939feaa-0f7f-11e1-9093-001d6052f120}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a
O33 - MountPoints2\{e19845cf-3016-11de-bc73-001d6052f120}\Shell - "" = AutoRun
O33 - MountPoints2\{e19845cf-3016-11de-bc73-001d6052f120}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a
O33 - MountPoints2\{e19845e0-3016-11de-bc73-0011958ea0f7}\Shell - "" = AutoRun
O33 - MountPoints2\{e19845e0-3016-11de-bc73-0011958ea0f7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013-02-21 19:03:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ägaren\Desktop\OTL.exe
[2 C:\Users\Ägaren\Documents\*.tmp files -> C:\Users\Ägaren\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ägaren\Desktop\*.tmp files -> C:\Users\Ägaren\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-02-21 19:22:05 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-02-21 19:22:04 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-02-21 19:22:00 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{640ADB43-A987-4A4A-ACC5-476A9AE545C5}.job
[2013-02-21 19:18:16 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-02-21 19:14:16 | 000,114,176 | ---- | M] () -- C:\Users\Ägaren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-02-21 19:03:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ägaren\Desktop\OTL.exe
[2013-02-21 18:58:27 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8398C988-8CA4-4109-B17C-DAAAC0459226}.job
[2013-02-21 18:54:05 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2013-02-21 18:54:05 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2013-02-21 18:52:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013-02-21 18:52:33 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013-02-21 18:52:32 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\Registry Reviver-Ägaren-Startup.job
[2013-02-21 18:52:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-02-21 18:52:15 | 3219,611,648 | -HS- | M] () -- C:\hiberfil.sys
[2 C:\Users\Ägaren\Documents\*.tmp files -> C:\Users\Ägaren\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Ägaren\Desktop\*.tmp files -> C:\Users\Ägaren\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-10-03 00:04:37 | 000,000,027 | ---- | C] () -- C:\Program Files\plugins.dat
[2012-05-15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011-07-26 16:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011-07-26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011-07-26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011-07-26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011-07-26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011-04-24 23:45:29 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011-04-24 23:45:29 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010-11-28 19:33:29 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010-11-28 19:32:22 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009-02-18 22:18:38 | 000,001,356 | ---- | C] () -- C:\Users\Ägaren\AppData\Local\d3d9caps.dat
[2008-04-14 19:31:16 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008-01-27 22:15:58 | 000,024,206 | ---- | C] () -- C:\Users\Ägaren\AppData\Roaming\UserTile.png
[2008-01-04 11:42:48 | 000,000,094 | ---- | C] () -- C:\Users\Ägaren\AppData\Local\fusioncache.dat
[2008-01-03 15:25:47 | 000,022,328 | ---- | C] () -- C:\Users\Ägaren\AppData\Roaming\PnkBstrK.sys
[2007-11-28 18:43:54 | 000,114,176 | ---- | C] () -- C:\Users\Ägaren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005-04-08 03:16:43 | 000,006,618 | -H-- | C] () -- C:\Users\Ägaren\AppData\Roaming\Ägarenlog.dat

========== ZeroAccess Check ==========

[2006-11-02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011-01-21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010-07-22 00:13:34 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\8E0D0943DB0414FB9720FB4E027FB0D7
[2010-09-13 16:45:26 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Bioshock2
[2008-04-26 02:03:31 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2008-03-14 20:32:28 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010-05-25 21:54:10 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\DVDVideoSoftIEHelpers
[2011-01-02 10:31:27 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Leadertech
[2009-11-14 15:38:18 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Mina Slaget om Midgård™ II-filer
[2008-01-27 22:15:58 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\PeerNetworking
[2009-10-26 15:05:45 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Personal
[2011-09-03 20:33:53 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\PunkBuster
[2011-09-23 16:40:12 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Samsung
[2012-10-11 12:39:56 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Spotify
[2012-09-04 00:19:49 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\System32
[2012-12-06 22:00:57 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\SystemRequirementsLab
[2011-09-13 14:14:43 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\The Creative Assembly
[2012-10-04 12:15:58 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Tibia
[2011-04-22 23:27:14 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Tific
[2010-12-23 00:20:49 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\TS3Client
[2011-08-19 00:45:18 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Ubisoft
[2013-01-20 00:15:31 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\uTorrent
[2008-10-14 18:47:55 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >

Edited by computeramatuer, 21 February 2013 - 12:50 PM.

  • 0

Advertisements

#2
Essexboy
Posted 21 February 2013 - 01:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets clear this up for you

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aj145jze)
FF - prefs.js..searchreset.backup.browser.search.defaultenginename: "Funmoods"
FF - prefs.js..searchreset.backup.keyword.URL: "http://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtDyDtB0FtCtBtDyCyD0FzztN0D0Tzu0CtAtAtAtN1L2XzutBtFtBtFtDtFtAyEyE&cr=639034642&q="
[2013-01-13 13:44:25 | 000,002,351 | ---- | M] () -- C:\Users\Ägaren\AppData\Roaming\mozilla\firefox\profiles\t5ufaq5k.default\searchplugins\Funmoods.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#3
computeramatuer
Posted 22 February 2013 - 07:53 AM

computeramatuer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL logfile created on: 2013-02-22 14:27:53 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ägaren\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 50,50% Memory free
6,21 Gb Paging File | 4,61 Gb Available in Paging File | 74,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458,46 Gb Total Space | 49,20 Gb Free Space | 10,73% Space Free | Partition Type: NTFS
Drive D: | 7,30 Gb Total Space | 1,19 Gb Free Space | 16,34% Space Free | Partition Type: NTFS

Computer Name: ÄGAREN-DATOR | User Name: Ägaren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-02-21 19:03:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ägaren\Desktop\OTL.exe
PRC - [2013-02-15 13:08:24 | 001,597,864 | ---- | M] (Valve Corporation) -- C:\Program\Steam\steam.exe
PRC - [2013-02-15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) -- C:\Program\Common Files\Steam\SteamService.exe
PRC - [2013-01-26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program\Google\Chrome\Application\chrome.exe
PRC - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-12-14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012-09-26 15:31:01 | 001,193,176 | ---- | M] () -- C:\Users\Ägaren\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012-09-24 19:12:05 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Program\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012-09-24 19:11:53 | 001,737,728 | ---- | M] (Lavasoft Limited ) -- C:\Program\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012-05-15 10:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012-05-15 10:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012-05-15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-04-17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2010-09-13 14:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmplayer.exe
PRC - [2010-03-03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010-03-03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009-10-26 15:05:39 | 000,939,920 | ---- | M] (Technology Nexus AB) -- C:\Program\Personal\bin\Personal.exe
PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-03-08 12:34:00 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program\Internet Explorer\ielowutil.exe
PRC - [2008-01-19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe
PRC - [2008-01-19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnscfg.exe
PRC - [2006-09-03 09:32:28 | 000,208,896 | ---- | M] () -- C:\Program\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe


========== Modules (No Company Name) ==========

MOD - [2013-02-15 13:08:20 | 000,988,584 | ---- | M] () -- C:\Program\Steam\bin\chromehtml.dll
MOD - [2013-01-26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Program\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013-01-26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Program\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013-01-26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Program\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013-01-26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Program\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013-01-26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Program\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013-01-22 04:22:06 | 020,320,680 | ---- | M] () -- C:\Program\Steam\bin\libcef.dll
MOD - [2012-12-18 18:28:50 | 000,647,168 | ---- | M] () -- C:\Program\Steam\sdl.dll
MOD - [2012-12-11 09:51:10 | 001,100,800 | ---- | M] () -- C:\Program\Steam\bin\avcodec-53.dll
MOD - [2012-12-11 09:51:10 | 000,192,000 | ---- | M] () -- C:\Program\Steam\bin\avformat-53.dll
MOD - [2012-12-11 09:51:10 | 000,124,416 | ---- | M] () -- C:\Program\Steam\bin\avutil-51.dll
MOD - [2012-09-26 15:31:01 | 001,193,176 | ---- | M] () -- C:\Users\Ägaren\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012-09-17 09:43:24 | 000,453,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\19ef40034376db1e313a02152dee9baf\IAStorUtil.ni.dll
MOD - [2012-09-17 09:40:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ebecb68534162bd3b6829394ff7b03f5\System.Windows.Forms.ni.dll
MOD - [2012-09-17 09:39:01 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\66cab5164d52da804ccc06fb61727353\WindowsBase.ni.dll
MOD - [2011-12-19 11:46:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011-12-19 11:45:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011-12-19 11:44:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011-12-19 11:44:09 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011-12-19 11:43:05 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011-12-19 11:42:11 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009-09-04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009-03-31 19:05:05 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009-03-31 19:05:05 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_sv_b77a5c561934e089\System.Runtime.Remoting.resources.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisk LiveUpdate-schemaläggare)
SRV - [2013-02-15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-02-09 15:18:35 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-01-08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-09-24 19:11:53 | 001,737,728 | ---- | M] (Lavasoft Limited ) [Auto | Running] -- C:\Program\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012-05-15 11:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-05-15 01:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011-04-17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011-03-28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Program\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010-03-03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2008-11-22 16:02:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008-11-04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-01-19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006-10-26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-09-11 15:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006-09-11 15:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006-09-11 14:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006-09-11 14:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006-09-03 09:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006-08-31 22:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006-05-10 08:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\plugins\UI\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\GAREN~1\AppData\Local\Temp\CED58BC.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a8sezvc8)
DRV - [2013-02-09 14:30:06 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130221.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2013-02-09 14:30:06 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20130221.033\NAVENG.SYS -- (NAVENG)
DRV - [2013-02-09 14:30:05 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013-02-08 17:44:32 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20130221.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013-01-16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20130208.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012-12-14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012-08-09 20:28:28 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012-05-15 11:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012-04-18 18:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011-07-18 05:24:08 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011-07-18 05:24:08 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011-07-18 05:24:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011-05-11 15:32:24 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011-04-21 02:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011-03-31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys -- (SRTSP)
DRV - [2011-03-31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys -- (SRTSPX)
DRV - [2011-03-16 16:26:39 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011-03-15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)
DRV - [2011-01-27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys -- (SymDS)
DRV - [2011-01-27 06:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys -- (SymIRON)
DRV - [2010-08-12 13:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010-02-03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007-12-01 20:23:41 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2007-05-09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007-05-09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2006-11-02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005-12-12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005-03-12 19:48:08 | 000,243,456 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt2500usb.sys -- (rt2500usb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BB8E5332-4153-4695-BF62-937BA18FA0FF}: "URL" = http://se.search.yah...&type=ie7chrome
IE - HKLM\..\SearchScopes\{C7D28089-0C53-4FA5-A6E7-BDC470AEB099}: "URL" = http://se.kelkoopart...tnerId=96913934

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.se...&rlz=1I7HPEA_sv
IE - HKCU\..\SearchScopes\{BB8E5332-4153-4695-BF62-937BA18FA0FF}: "URL" = http://se.search.yah...&type=ie7chrome
IE - HKCU\..\SearchScopes\{C7D28089-0C53-4FA5-A6E7-BDC470AEB099}: "URL" = http://se.kelkoopart...tnerId=96913934
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.3.0.11079
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..searchreset.backup.browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: "about:home"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ägaren\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2013-02-22 14:23:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2013-02-22 14:23:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-09-08 13:56:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-07-02 01:55:23 | 000,000,000 | ---D | M]

[2008-08-27 23:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Extensions
[2013-02-09 16:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Firefox\Profiles\t5ufaq5k.default\extensions
[2010-05-02 16:25:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ägaren\AppData\Roaming\mozilla\Firefox\Profiles\t5ufaq5k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008-01-28 22:25:04 | 000,001,878 | ---- | M] () -- C:\Users\Ägaren\AppData\Roaming\mozilla\firefox\profiles\t5ufaq5k.default\searchplugins\aolsearch.xml
[2012-06-28 15:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions
[2012-11-02 22:51:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-04-01 09:56:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011-06-12 13:29:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012-11-02 22:51:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013-02-22 14:23:15 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2011-09-08 13:56:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007-08-24 20:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2011-05-12 15:27:27 | 000,001,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2011-05-12 15:27:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011-05-12 15:27:27 | 000,002,670 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2011-05-12 15:27:27 | 000,000,948 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2011-05-12 15:27:27 | 000,001,174 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2011-05-12 15:27:27 | 000,000,951 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-sv-SE.xml

========== Chrome ==========

CHR - homepage: http://searchfunmood...yE&cr=639034642
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://searchfunmood...yE&cr=639034642
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java™ Platform SE 7 U5 (Disabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program Files\Personal\bin\np_prsnl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\\u00C4garen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Disabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: S\u00F6k p\u00E5 Google = C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Skype Click to Call = C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Gmail = C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013-02-22 14:18:44 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Länkhjälp till Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program\Winamp Toolbar\winamptb.dll (AOL LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program\Winamp Toolbar\winamptb.dll (AOL LLC)
O4 - HKLM..\Run: [IAStorIcon] C:\Program\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ägaren\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xportera till Microsoft Excel - C:\Program\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.150.193.150 83.255.245.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24F4A968-3A19-45D1-ACED-354FD112FA2E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{275301FD-0872-40EF-8D98-7346D05BA357}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BECEB73-DF5C-452C-BD39-1840F77F36DA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E72B82E-9E16-4CEB-BB34-437B02352DF0}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3575D59-1316-40AD-BA80-17C48DFD4768}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3EE8BBA-2F03-48B2-BA40-EA223F1D7CCA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA08B2EC-FE30-4277-AB04-AF417DE015AA}: DhcpNameServer = 193.150.193.150 83.255.245.11
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivbordsunderlägg från Windows Fotogalleri.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ägaren\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivbordsunderlägg från Windows Fotogalleri.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-09-12 18:34:55 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008-04-10 18:52:50 | 000,000,000 | ---D | M] - C:\Automap -- [ NTFS ]
O33 - MountPoints2\{0939feaa-0f7f-11e1-9093-001d6052f120}\Shell - "" = AutoRun
O33 - MountPoints2\{0939feaa-0f7f-11e1-9093-001d6052f120}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a
O33 - MountPoints2\{e19845cf-3016-11de-bc73-001d6052f120}\Shell - "" = AutoRun
O33 - MountPoints2\{e19845cf-3016-11de-bc73-001d6052f120}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a
O33 - MountPoints2\{e19845e0-3016-11de-bc73-0011958ea0f7}\Shell - "" = AutoRun
O33 - MountPoints2\{e19845e0-3016-11de-bc73-0011958ea0f7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013-02-22 14:18:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-02-22 13:55:18 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Desktop\The.Cove.2009.LIMITED.DVDRip.XviD
[2013-02-21 19:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013-02-21 19:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013-02-21 19:46:25 | 000,000,000 | ---D | C] -- C:\Users\Ägaren\Desktop\Geekstg
[2013-02-21 19:03:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ägaren\Desktop\OTL.exe
[2 C:\Users\Ägaren\Documents\*.tmp files -> C:\Users\Ägaren\Documents\*.tmp -> ]
[1 C:\Users\Ägaren\Desktop\*.tmp files -> C:\Users\Ägaren\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-02-22 14:37:00 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{640ADB43-A987-4A4A-ACC5-476A9AE545C5}.job
[2013-02-22 14:27:25 | 000,001,356 | ---- | M] () -- C:\Users\Ägaren\AppData\Local\d3d9caps.dat
[2013-02-22 14:23:32 | 000,116,736 | ---- | M] () -- C:\Users\Ägaren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-02-22 14:23:01 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-02-22 14:22:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013-02-22 14:22:59 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013-02-22 14:22:59 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\Registry Reviver-Ägaren-Startup.job
[2013-02-22 14:22:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-02-22 14:22:43 | 3219,611,648 | -HS- | M] () -- C:\hiberfil.sys
[2013-02-22 14:18:44 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013-02-22 14:18:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-02-22 13:22:01 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-02-22 13:12:56 | 000,613,992 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
[2013-02-22 13:12:56 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-02-22 13:12:56 | 000,124,516 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
[2013-02-22 13:12:56 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-02-21 19:52:20 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013-02-21 19:03:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ägaren\Desktop\OTL.exe
[2013-02-21 18:58:27 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8398C988-8CA4-4109-B17C-DAAAC0459226}.job
[2013-02-21 18:54:05 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2013-02-21 18:54:05 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2 C:\Users\Ägaren\Documents\*.tmp files -> C:\Users\Ägaren\Documents\*.tmp -> ]
[1 C:\Users\Ägaren\Desktop\*.tmp files -> C:\Users\Ägaren\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-02-21 19:52:20 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012-10-03 00:04:37 | 000,000,027 | ---- | C] () -- C:\Program Files\plugins.dat
[2012-05-15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011-07-26 16:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011-07-26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011-07-26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011-07-26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011-07-26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011-04-24 23:45:29 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011-04-24 23:45:29 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010-11-28 19:33:29 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010-11-28 19:32:22 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009-02-18 22:18:38 | 000,001,356 | ---- | C] () -- C:\Users\Ägaren\AppData\Local\d3d9caps.dat
[2008-04-14 19:31:16 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008-01-27 22:15:58 | 000,024,206 | ---- | C] () -- C:\Users\Ägaren\AppData\Roaming\UserTile.png
[2008-01-04 11:42:48 | 000,000,094 | ---- | C] () -- C:\Users\Ägaren\AppData\Local\fusioncache.dat
[2008-01-03 15:25:47 | 000,022,328 | ---- | C] () -- C:\Users\Ägaren\AppData\Roaming\PnkBstrK.sys
[2007-11-28 18:43:54 | 000,116,736 | ---- | C] () -- C:\Users\Ägaren\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005-04-08 03:16:43 | 000,006,618 | -H-- | C] () -- C:\Users\Ägaren\AppData\Roaming\Ägarenlog.dat

========== ZeroAccess Check ==========

[2006-11-02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011-01-21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010-07-22 00:13:34 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\8E0D0943DB0414FB9720FB4E027FB0D7
[2010-09-13 16:45:26 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Bioshock2
[2008-04-26 02:03:31 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2008-03-14 20:32:28 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010-05-25 21:54:10 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\DVDVideoSoftIEHelpers
[2011-01-02 10:31:27 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Leadertech
[2009-11-14 15:38:18 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Mina Slaget om Midgård™ II-filer
[2008-01-27 22:15:58 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\PeerNetworking
[2009-10-26 15:05:45 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Personal
[2011-09-03 20:33:53 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\PunkBuster
[2011-09-23 16:40:12 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Samsung
[2013-02-22 14:08:08 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Spotify
[2012-09-04 00:19:49 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\System32
[2012-12-06 22:00:57 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\SystemRequirementsLab
[2011-09-13 14:14:43 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\The Creative Assembly
[2012-10-04 12:15:58 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Tibia
[2011-04-22 23:27:14 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Tific
[2010-12-23 00:20:49 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\TS3Client
[2011-08-19 00:45:18 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\Ubisoft
[2013-01-20 00:15:31 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\uTorrent
[2008-10-14 18:47:55 | 000,000,000 | ---D | M] -- C:\Users\Ägaren\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >
  • 0

#4
computeramatuer
Posted 22 February 2013 - 08:03 AM

computeramatuer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
# AdwCleaner v2.112 - Logfile created 02/22/2013 at 14:56:59
# Updated 10/02/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Ägaren - ÄGAREN-DATOR
# Boot Mode : Normal
# Running from : C:\Users\Ägaren\Desktop\adwcleaner0.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Winamp Toolbar
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\Users\Maria\AppData\Local\Winamp Toolbar
Folder Deleted : C:\Users\Ägaren\AppData\Local\Winamp Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\Software\Winamp Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19170

[OK] Registry is clean.

-\\ Mozilla Firefox v6.0.2 (sv-SE)

File : C:\Users\Ägaren\AppData\Roaming\Mozilla\Firefox\Profiles\t5ufaq5k.default\prefs.js

C:\Users\Ägaren\AppData\Roaming\Mozilla\Firefox\Profiles\t5ufaq5k.default\user.js ... Deleted !

Deleted : user_pref("extensions.funmoods.aflt", "download");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.cntry", "SE");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "A6A6061B33282EB063F7EB9401E92E45");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Deleted : user_pref("extensions.funmoods.id", "001D6052F12065F8");
Deleted : user_pref("extensions.funmoods.instlDay", "15672");
Deleted : user_pref("extensions.funmoods.instlRef", "download");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:55:47");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:55:47");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:55:47");

File : C:\Users\Maria\AppData\Roaming\Mozilla\Firefox\Profiles\xxlm3j3r.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Ägaren\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.13] : homepage = "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtC[...]
Deleted [l.17] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Deleted [l.1753] : homepage = "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtC0Dy[...]
Deleted [l.2400] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2X[...]

File : C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10034 octets] - [22/02/2013 14:55:44]
AdwCleaner[S1].txt - [9937 octets] - [22/02/2013 14:56:59]

########## EOF - C:\AdwCleaner[S1].txt - [9997 octets] ##########
  • 0

#5
Essexboy
Posted 22 February 2013 - 08:03 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of the AdwCleaner run could you let me know if it is all gone
  • 0

#6
computeramatuer
Posted 22 February 2013 - 09:09 AM

computeramatuer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I posted the AdwCleaner the same minute as you replied, guess you missed it. I think it is all gone but I don't know for sure, the funmoods is gone but what about the win32.trojan.agent?
  • 0

#7
Essexboy
Posted 22 February 2013 - 09:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is another name for the funmoods downloader

Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.


The log can also be found here:

Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
  • 0

#8
computeramatuer
Posted 22 February 2013 - 10:34 AM

computeramatuer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Databasversion: v2013.02.22.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Ägaren :: ÄGAREN-DATOR [administratör]

2013-02-22 17:18:52
mbam-log-2013-02-22 (17-18-52).txt

Skanningstyp: Snabbskanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 283103
Förfluten tid: 10 minut(er), 9 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 0
(Inga skadliga poster hittades)

(klar)
  • 0

#9
Essexboy
Posted 22 February 2013 - 12:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks good.. Any further problems before I tidy up ?
  • 0

#10
computeramatuer
Posted 23 February 2013 - 07:11 AM

computeramatuer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Alright, thanks! You guys are awesome. Not to my knowledge there isn't any further problems. But would recommend uninstall Norton to use Microsoft security essentials instead?
  • 0

#11
Essexboy
Posted 23 February 2013 - 07:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I would keep Norton 'till the licence expires, I would not recommend at this time MSES but one of the other free AV's : Either Avast, Avira or AVG

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run AdwCleaner and press the uninstall button

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected Keep safe :wave:
  • 0

#12
computeramatuer
Posted 24 February 2013 - 05:27 AM

computeramatuer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
AdwCleaner wont uninstall. The first time I tried to uninstall, it asked to restart the computer which I denied at that moment. Now after restart, when I click uninstall nothing happens. I even downloaded the update and it still wont uninstall.
  • 0

#13
Essexboy
Posted 24 February 2013 - 05:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK just delete from the desktop
  • 0

#14
Essexboy
Posted 26 February 2013 - 11:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP