Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow start up, cpu power draining for no reason.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 19th, 2010, 12:54 am

Hello friendly helpers! My computer started to use alot of cpu power without me using a program after a start up and the symptoms are visible alot more when I use programs or watch movies or play a game. It constantly lags for various of seconds and then everything is fine for a few minutes which I think is because the game/movie doesnt need as much power from the cpu/gpu and it can handle it and the suspected malware at the same time then! I can see in the task manager that my cpu usage is high but no process there is using it. Also when I start my computer now it takes maybe 5 minutes for the windows logo screen to load and then it takes alot more time then it should to choose a user.

Very grateful for any help, thanks in advance!
Sincerely Jacob!

HJT's Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 05:37:16, on 2010-12-19
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\Bin\Zanda.exe
C:\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Delade filer\LightScribe\LSSrvc.exe
C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program\Tele2\Tele2 Sjaelvhjaelp\m2Service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Norman\Npm\Bin\scheduler.exe
C:\Norman\Npm\Bin\Njeeves.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\Bin\cclaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Mozilla Firefox\plugin-container.exe
C:\Program\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll
O2 - BHO: WgEDmBHO Class - {D7EE14D1-9317-4a59-9EE6-EE64F22B5B10} - C:\Program\Right Ascension, Inc\Empire Download Manager\ieedm.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [AODAssist.exe] C:\Program\AMD\AMD OverDrive\AODAssist.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [DelReg] C:\Program\MSI\DualCoreCenter\DelReg.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Delade filer\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DualCoreCenter.lnk = C:\Program\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} (client Object) - http://www.octoshape.com/test/ax/octoshape.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AODService - Unknown owner - C:\Program\AMD\OverDrive\AODAssist.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Norman\nse\bin\NSESVC.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\Norman\Nvc\BIN\NVCSCHED.EXE (file missing)
O23 - Service: Norman Resource Provider (NVOY) - Norman ASA - C:\Norman\npm\bin\nvoy.exe
O23 - Service: RIS - Unknown owner - C:\Program\Tele2\Tele2 Sjaelvhjaelp\m2Service.exe
O23 - Service: Norman Scheduler Service (Scheduler) - Norman ASA - C:\Norman\Npm\Bin\scheduler.exe

--
End of file - 9237 bytes


Uninstall list:


3DMark06
AC2 server emulator 0.41 by Dormine
AC3Filter (remove only)
Ad-Aware
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.4.1 - Svenska
Adobe Shockwave Player
Adobe Stock Photos 1.0
AMD OverDrive
AMD OverDrive
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Assassin's Creed
Assassin's Creed II
ATI AVIVO Codecs
AviSynth 2.5
Batman: Arkham Asylum
Bonjour
BS.Player ControlBar
BS.Player PRO
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Catalyst Control Center - Branding
CD Audio Reader Filter (remove only)
Command & Conquer Generals
Command & Conquer Tiberian Sun
Command and ConquerTM Generals Zero Hour
ConvertXtoDVD 3.3.2.100
CoreAVC Professional Edition (remove only)
Counter-Strike
Crysis WARHEAD(R)
Crysis WARHEAD(R)
Crysis(R)
CyberLink PowerDVD 8
CyberLink PowerDVD 8
Data Lifeguard Diagnostic for Windows 1.22
Data Lifeguard Tools
DIKO 0.77
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Dual-Core Optimizer
DualCoreCenter
EAX Unified
Empire Download Manager
ffdshow v1.1.3562 [2010-09-07]
FinalCodecs 2008 Olympic Edition
Fraps (remove only)
Frets On Fire
Futuremark Measurement Services Client
Google Update Helper
Grand Theft Auto IV
Haali Media Splitter
Half-Life(R) 2
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
ImgBurn
ImTOO iPhone Transfer
iPod PC Transfer 5.1
iTunes
Java(TM) 6 Update 23
Java(TM) 6 Update 7
Kaspersky Online Scanner
LightScribe System Software 1.17.90.1
Mafia
Mafia II
Malwarebytes' Anti-Malware
Maxtor OneTouch
Media Go
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Media Video 9 VCM
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MKVtoolnix 2.9.8
Mozilla (1.7.13)
Mozilla Firefox (3.6.13)
MSI Live Update 3
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Nero 9
neroxml
Norman Virus Control
NVIDIA nTune
OpenOffice.org 3.0
Personal 4.10.4
PlayStation(R)Store
Promise FastTrak PDC42819 RAID Controller Windows Driver
PunkBuster Services
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Rockstar Games Social Club
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
Skype™ 3.8
Snabbkorrigering för Windows Internet Explorer 7 (KB947864)
Snabbkorrigering för Windows Media Player 11 (KB939683)
Snabbkorrigering för Windows XP (KB2158563)
Snabbkorrigering för Windows XP (KB2443685)
Snabbkorrigering för Windows XP (KB942288-v3)
Snabbkorrigering för Windows XP (KB952287)
Snabbkorrigering för Windows XP (KB961118)
Snabbkorrigering för Windows XP (KB970653-v3)
Snabbkorrigering för Windows XP (KB976098-v2)
Snabbkorrigering för Windows XP (KB979306)
Snabbkorrigering för Windows XP (KB981793)
Sony Ericsson PC Suite 5.009.00
Spelling Dictionaries Support For Adobe Reader 9
Split/Second
Spotify
StarCraft II
Steam(TM)
System Requirements Lab
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB942615)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB944533)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB950759)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB953838)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB956390)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB958215)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB960714)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB961260)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB963027)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB969897)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2183461)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2360131)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2416400)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB971961)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB972260)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB974455)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB976325)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB978207)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB981332)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB982381)
Säkerhetsuppdatering för Windows Media Player (KB2378111)
Säkerhetsuppdatering för Windows Media Player (KB952069)
Säkerhetsuppdatering för Windows Media Player (KB954155)
Säkerhetsuppdatering för Windows Media Player (KB968816)
Säkerhetsuppdatering för Windows Media Player (KB973540)
Säkerhetsuppdatering för Windows Media Player (KB975558)
Säkerhetsuppdatering för Windows Media Player (KB978695)
Säkerhetsuppdatering för Windows Media Player 11 (KB936782)
Säkerhetsuppdatering för Windows Media Player 11 (KB954154)
Säkerhetsuppdatering för Windows XP (KB2079403)
Säkerhetsuppdatering för Windows XP (KB2121546)
Säkerhetsuppdatering för Windows XP (KB2160329)
Säkerhetsuppdatering för Windows XP (KB2229593)
Säkerhetsuppdatering för Windows XP (KB2259922)
Säkerhetsuppdatering för Windows XP (KB2279986)
Säkerhetsuppdatering för Windows XP (KB2286198)
Säkerhetsuppdatering för Windows XP (KB2296011)
Säkerhetsuppdatering för Windows XP (KB2296199)
Säkerhetsuppdatering för Windows XP (KB2347290)
Säkerhetsuppdatering för Windows XP (KB2360937)
Säkerhetsuppdatering för Windows XP (KB2387149)
Säkerhetsuppdatering för Windows XP (KB2423089)
Säkerhetsuppdatering för Windows XP (KB2436673)
Säkerhetsuppdatering för Windows XP (KB2440591)
Säkerhetsuppdatering för Windows XP (KB2443105)
Säkerhetsuppdatering för Windows XP (KB923561)
Säkerhetsuppdatering för Windows XP (KB938464)
Säkerhetsuppdatering för Windows XP (KB938464-v2)
Säkerhetsuppdatering för Windows XP (KB941569)
Säkerhetsuppdatering för Windows XP (KB946648)
Säkerhetsuppdatering för Windows XP (KB950760)
Säkerhetsuppdatering för Windows XP (KB950762)
Säkerhetsuppdatering för Windows XP (KB950974)
Säkerhetsuppdatering för Windows XP (KB951066)
Säkerhetsuppdatering för Windows XP (KB951376)
Säkerhetsuppdatering för Windows XP (KB951376-v2)
Säkerhetsuppdatering för Windows XP (KB951698)
Säkerhetsuppdatering för Windows XP (KB951748)
Säkerhetsuppdatering för Windows XP (KB952004)
Säkerhetsuppdatering för Windows XP (KB952954)
Säkerhetsuppdatering för Windows XP (KB953839)
Säkerhetsuppdatering för Windows XP (KB954211)
Säkerhetsuppdatering för Windows XP (KB954459)
Säkerhetsuppdatering för Windows XP (KB954600)
Säkerhetsuppdatering för Windows XP (KB955069)
Säkerhetsuppdatering för Windows XP (KB956391)
Säkerhetsuppdatering för Windows XP (KB956572)
Säkerhetsuppdatering för Windows XP (KB956744)
Säkerhetsuppdatering för Windows XP (KB956802)
Säkerhetsuppdatering för Windows XP (KB956803)
Säkerhetsuppdatering för Windows XP (KB956841)
Säkerhetsuppdatering för Windows XP (KB956844)
Säkerhetsuppdatering för Windows XP (KB957095)
Säkerhetsuppdatering för Windows XP (KB957097)
Säkerhetsuppdatering för Windows XP (KB958644)
Säkerhetsuppdatering för Windows XP (KB958687)
Säkerhetsuppdatering för Windows XP (KB958690)
Säkerhetsuppdatering för Windows XP (KB958869)
Säkerhetsuppdatering för Windows XP (KB959426)
Säkerhetsuppdatering för Windows XP (KB960225)
Säkerhetsuppdatering för Windows XP (KB960715)
Säkerhetsuppdatering för Windows XP (KB960803)
Säkerhetsuppdatering för Windows XP (KB960859)
Säkerhetsuppdatering för Windows XP (KB961371-v2)
Säkerhetsuppdatering för Windows XP (KB961373)
Säkerhetsuppdatering för Windows XP (KB961501)
Säkerhetsuppdatering för Windows XP (KB968537)
Säkerhetsuppdatering för Windows XP (KB969059)
Säkerhetsuppdatering för Windows XP (KB969898)
Säkerhetsuppdatering för Windows XP (KB969947)
Säkerhetsuppdatering för Windows XP (KB970238)
Säkerhetsuppdatering för Windows XP (KB970430)
Säkerhetsuppdatering för Windows XP (KB971468)
Säkerhetsuppdatering för Windows XP (KB971486)
Säkerhetsuppdatering för Windows XP (KB971557)
Säkerhetsuppdatering för Windows XP (KB971633)
Säkerhetsuppdatering för Windows XP (KB971657)
Säkerhetsuppdatering för Windows XP (KB972270)
Säkerhetsuppdatering för Windows XP (KB973346)
Säkerhetsuppdatering för Windows XP (KB973354)
Säkerhetsuppdatering för Windows XP (KB973507)
Säkerhetsuppdatering för Windows XP (KB973525)
Säkerhetsuppdatering för Windows XP (KB973869)
Säkerhetsuppdatering för Windows XP (KB973904)
Säkerhetsuppdatering för Windows XP (KB974112)
Säkerhetsuppdatering för Windows XP (KB974318)
Säkerhetsuppdatering för Windows XP (KB974392)
Säkerhetsuppdatering för Windows XP (KB974571)
Säkerhetsuppdatering för Windows XP (KB975025)
Säkerhetsuppdatering för Windows XP (KB975467)
Säkerhetsuppdatering för Windows XP (KB975560)
Säkerhetsuppdatering för Windows XP (KB975561)
Säkerhetsuppdatering för Windows XP (KB975562)
Säkerhetsuppdatering för Windows XP (KB975713)
Säkerhetsuppdatering för Windows XP (KB977816)
Säkerhetsuppdatering för Windows XP (KB977914)
Säkerhetsuppdatering för Windows XP (KB978037)
Säkerhetsuppdatering för Windows XP (KB978251)
Säkerhetsuppdatering för Windows XP (KB978262)
Säkerhetsuppdatering för Windows XP (KB978338)
Säkerhetsuppdatering för Windows XP (KB978542)
Säkerhetsuppdatering för Windows XP (KB978601)
Säkerhetsuppdatering för Windows XP (KB978706)
Säkerhetsuppdatering för Windows XP (KB979309)
Säkerhetsuppdatering för Windows XP (KB979482)
Säkerhetsuppdatering för Windows XP (KB979559)
Säkerhetsuppdatering för Windows XP (KB979683)
Säkerhetsuppdatering för Windows XP (KB979687)
Säkerhetsuppdatering för Windows XP (KB980195)
Säkerhetsuppdatering för Windows XP (KB980218)
Säkerhetsuppdatering för Windows XP (KB980232)
Säkerhetsuppdatering för Windows XP (KB980436)
Säkerhetsuppdatering för Windows XP (KB981322)
Säkerhetsuppdatering för Windows XP (KB981852)
Säkerhetsuppdatering för Windows XP (KB981957)
Säkerhetsuppdatering för Windows XP (KB981997)
Säkerhetsuppdatering för Windows XP (KB982132)
Säkerhetsuppdatering för Windows XP (KB982214)
Säkerhetsuppdatering för Windows XP (KB982665)
Säkerhetsuppdatering för Windows XP (KB982802)
TeamSpeak 2 RC2
Tele2 Självhjälp
Tele2 Självhjälp
The KMPlayer (remove only)
TimeShift
Tortun 0.8
TweakNow RegCleaner
Ubisoft Game Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Service
Uppdatering för Windows Internet Explorer 8 (KB972636)
Uppdatering för Windows Internet Explorer 8 (KB976662)
Uppdatering för Windows Internet Explorer 8 (KB976749)
Uppdatering för Windows Internet Explorer 8 (KB980182)
Uppdatering för Windows XP (KB2141007)
Uppdatering för Windows XP (KB2345886)
Uppdatering för Windows XP (KB2467659)
Uppdatering för Windows XP (KB951072-v2)
Uppdatering för Windows XP (KB951978)
Uppdatering för Windows XP (KB955759)
Uppdatering för Windows XP (KB955839)
Uppdatering för Windows XP (KB961503)
Uppdatering för Windows XP (KB967715)
Uppdatering för Windows XP (KB968389)
Uppdatering för Windows XP (KB971737)
Uppdatering för Windows XP (KB973687)
Uppdatering för Windows XP (KB973815)
USB Storage Adapter FX (MXO)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
VideoMach
VideoMach 4.0.4
Viktig uppdatering för Windows Media Player 11 (KB959772)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live inloggningsassistenten
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format 11 SDK
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Service Pack 3
Windows-drivrutinspaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
WinRAR
VLC media player 1.0.0
VOIPlay
World of Warcraft
Xfire (remove only)
Zoom Player (remove only)
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm
Advertisement
Register to Remove

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 21st, 2010, 6:32 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 21st, 2010, 6:43 am

Hi Jacob A,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 21st, 2010, 5:00 pm

Hello deltalima! Thanks alot for your support and help to remove the malware from my computer :)

Your OTL Scan program stopped at a certain file for a few seconds which in all likelihood is a virus file located at:

C:\Documents and Settings\All Users\Dokument\bjihvp.exe

Im not touching it im just telling you so you know! I love all these little programs that can find these impostering files and together we will exterminate all of them!

OTL Scan:


OTL logfile created on: 2010-12-21 21:28:13 - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Jacob\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 127,99 Gb Total Space | 12,51 Gb Free Space | 9,77% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 6,70 Gb Free Space | 1,12% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 8,05 Gb Free Space | 0,86% Space Free | Partition Type: NTFS
Drive G: | 337,77 Gb Total Space | 5,52 Gb Free Space | 1,63% Space Free | Partition Type: NTFS
Drive I: | 1863,01 Gb Total Space | 725,45 Gb Free Space | 38,94% Space Free | Partition Type: NTFS

Computer Name: JAKE | User Name: Jacob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jacob\Skrivbord\OTL.exe (OldTimer Tools)
PRC - C:\Program\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program\Tele2\Tele2 Sjaelvhjaelp\m2Service.exe ()
PRC - C:\Norman\Nse\Bin\Nsesvc.exe (Norman ASA)
PRC - C:\Norman\NVC\Bin\Nvcoas.exe (Norman ASA)
PRC - C:\Norman\NVC\Bin\CClaw.exe (Norman ASA)
PRC - C:\Norman\npm\bin\Njeeves.exe (Norman ASA)
PRC - C:\Norman\npm\bin\scheduler.exe (Norman ASA)
PRC - C:\Norman\Ngs\Bin\nprosec.exe (Norman ASA)
PRC - C:\Norman\npm\bin\Zanda.exe (Norman ASA)
PRC - C:\Norman\npm\bin\Zlh.exe (Norman ASA)
PRC - C:\Norman\npm\bin\nvoy.exe (Norman ASA)
PRC - C:\Program\Delade filer\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Norman\npm\bin\elogsvc.exe (Norman ASA)
PRC - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\Program\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jacob\Skrivbord\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (PnkBstrA) -- C:\WINDOWS\System32\PnkBstrA.exe File not found
SRV - (NVCScheduler) -- C:\Norman\Nvc\BIN\NVCSCHED.EXE File not found
SRV - (Apple Mobile Device) -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (RIS) -- C:\Program\Tele2\Tele2 Sjaelvhjaelp\m2Service.exe ()
SRV - (nsesvc) -- C:\Norman\nse\bin\NSESVC.EXE (Norman ASA)
SRV - (nvcoas) -- C:\Norman\Nvc\bin\nvcoas.exe (Norman ASA)
SRV - (Adobe LM Service) -- C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Norman NJeeves) -- C:\Norman\Npm\Bin\Njeeves.exe (Norman ASA)
SRV - (Scheduler) -- C:\Norman\Npm\Bin\scheduler.exe (Norman ASA)
SRV - (NPROSECSVC) -- C:\Norman\Ngs\Bin\Nprosec.exe (Norman ASA)
SRV - (Norman ZANDA) -- C:\Norman\Npm\Bin\Zanda.exe (Norman ASA)
SRV - (AODService) -- C:\Program\AMD\OverDrive\AODAssist.exe ()
SRV - (NVOY) -- C:\Norman\npm\bin\nvoy.exe (Norman ASA)
SRV - (LightScribeService) -- C:\Program\Delade filer\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (aawservice) -- C:\Program\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (eLoggerSvc6) -- C:\Norman\Npm\bin\ELOGSVC.EXE (Norman ASA)
SRV - (nTuneService) -- C:\Program\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)


========== Driver Services (SafeList) ==========

DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (Cardex) -- C:\WINDOWS\System32\drivers\TBPANEL.SYS File not found
DRV - (AtiHdmiService) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys File not found
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (DualCoreCenter) -- C:\Program\MSI\DualCoreCenter\NTGLM7X.sys (MICRO-STAR INT'L CO., LTD.)
DRV - (NPROSEC) -- C:\Norman\Ngs\Bin\nprosec.sys (Norman ASA)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (NGS) -- c:\Norman\Ngs\Bin\ngs.sys (Norman ASA)
DRV - (NvcMFlt) -- C:\WINDOWS\system32\drivers\nvcw32mf.sys (Norman ASA)
DRV - (RushTopDevice2) -- C:\Program\MSI\DualCoreCenter\RushTop.sys (Your Corporation)
DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program\CyberLink\PowerDVD8\000.fcl (Cyberlink Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (usbaudio) USB-ljuddrivrutiner (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (FTT3) -- C:\WINDOWS\System32\DRIVERS\FTT3.sys (Promise Technology, Inc.)
DRV - (ASUDriver) -- C:\Program\AMD\AMD OverDrive\i386\AODDriver.sys ()
DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (Ndiskio) -- C:\Norman\Nse\Bin\Ndiskio.sys (Norman ASA)
DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (M2500) -- C:\WINDOWS\system32\drivers\M2500.sys (Ralink Technology Inc.)
DRV - (m4cxwxp) -- C:\WINDOWS\system32\drivers\m4cxwxp.sys (D-Link Corporation)
DRV - (MXOFX) USB Storage Adapter FX (MXO) -- C:\WINDOWS\system32\drivers\MXOFX.SYS (Cypress Semiconductor)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKU\S-1-5-21-1454471165-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: sv@dictionaries.addons.mozilla.org:1.44
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program\DivX\DivX Plus Web Player\firefox\html5video [2010-12-14 13:43:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program\DivX\DivX Plus Web Player\firefox\wpa [2010-12-14 13:43:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.13\Extensions\\Components: C:\Program\mozilla.org\Mozilla\Components [2010-11-29 02:05:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.13\Extensions\\Plugins: C:\Program\mozilla.org\Mozilla\Plugins [2010-11-30 15:04:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program\Mozilla Firefox\components [2010-12-11 17:42:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2010-12-11 17:42:00 | 000,000,000 | ---D | M]

[2008-08-29 17:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacob\Application Data\Mozilla\Extensions
[2010-12-21 16:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\c7wpk6xc.default\extensions
[2010-07-24 14:43:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\c7wpk6xc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-12-07 11:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\c7wpk6xc.default\extensions\sv@dictionaries.addons.mozilla.org
[2010-11-26 19:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\c7wpk6xc.default\extensions\toolbar@ask.com
[2010-12-21 16:45:37 | 000,000,000 | ---D | M] -- C:\Program\Mozilla Firefox\extensions
[2010-05-11 12:37:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-11 14:19:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-10-20 15:52:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-12-19 05:28:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010-11-12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010-04-10 16:07:52 | 000,000,253 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WgEDmBHO Class) - {D7EE14D1-9317-4a59-9EE6-EE64F22B5B10} - C:\Program\Right Ascension, Inc\Empire Download Manager\ieedm.dll ()
O3 - HKLM\..\Toolbar: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program\BS.Player ControlBar\BSToolbar.dll ()
O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\..\Toolbar\WebBrowser: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program\BS.Player ControlBar\BSToolbar.dll ()
O3 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AODAssist.exe] C:\Program\AMD\AMD OverDrive\AODAssist.exe ()
O4 - HKLM..\Run: [DelReg] C:\Program\MSI\DualCoreCenter\DelReg.exe ()
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
O4 - HKLM..\Run: [Norman ZANDA] C:\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\DualCoreCenter.lnk = C:\Program\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\..Trusted Domains: telenor.se ([www] https in Trusted sites)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partne ... nicode.cab (CKAVWebScan Object)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDow ... eqlab3.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (DLM Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDow ... eqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} http://www.octoshape.com/test/ax/octoshape.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers.com/systeminfo/MSC3.cab (Measurement Services Client v.3.12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-01-09 02:17:54 | 000,000,049 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0eeecfa6-fb6c-11dc-8f83-000d886c0ca0}\Shell\AutoRun\command - "" = H:\Launch.exe -- File not found
O33 - MountPoints2\{12733b4d-1976-11df-8499-000d886c0ca0}\Shell - "" = AutoRun
O33 - MountPoints2\{12733b4d-1976-11df-8499-000d886c0ca0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-12-21 21:03:58 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jacob\Skrivbord\OTL.exe
[2010-12-19 05:28:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-12-19 05:28:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-12-19 05:28:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-12-18 19:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010-12-18 17:45:46 | 000,000,000 | ---D | C] -- C:\Program\ATI Technologies
[2010-12-16 18:32:21 | 000,000,000 | ---D | C] -- C:\Program\TweakNow RegCleaner
[2010-12-16 18:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Application Data\TweakNow RegCleaner
[2010-12-16 18:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Application Data\GetRightToGo
[2010-12-16 18:25:17 | 000,102,416 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\RTNUninst32.dll
[2010-12-16 17:39:27 | 000,000,000 | ---D | C] -- C:\Program\Western Digital Corporation
[2010-12-15 10:03:00 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010-12-15 10:01:46 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010-12-14 13:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Application Data\Local
[2010-12-14 13:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Google
[2010-12-14 13:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\Temp
[2010-12-14 13:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Google
[2010-12-14 13:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\Google
[2010-12-14 13:36:44 | 000,000,000 | ---D | C] -- C:\Program\Google
[2010-11-30 15:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\AskToolbar
[2010-11-30 02:36:09 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010-11-30 02:36:09 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010-11-29 02:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ImTOO
[2010-11-29 02:08:57 | 000,000,000 | ---D | C] -- C:\Program\iPod
[2010-11-29 02:08:23 | 000,000,000 | ---D | C] -- C:\Program\iTunes
[2010-11-29 02:04:08 | 000,000,000 | ---D | C] -- C:\Program\QuickTime
[2010-11-29 02:02:54 | 000,000,000 | ---D | C] -- C:\Program\Apple Software Update
[2010-11-29 02:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010-11-29 02:01:20 | 000,000,000 | ---D | C] -- C:\Program\Bonjour
[2009-06-14 18:09:38 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe51.dll
[2008-12-21 19:25:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jacob\Application Data\pcouffin.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-12-21 21:19:45 | 000,000,410 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{72AB9688-47B1-4843-8370-414A8B59F059}.job
[2010-12-21 21:04:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jacob\Skrivbord\OTL.exe
[2010-12-21 21:01:00 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-12-21 20:50:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-12-21 13:50:00 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-12-21 01:18:17 | 000,051,200 | ---- | M] () -- C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-19 05:36:05 | 000,001,972 | ---- | M] () -- C:\Documents and Settings\Jacob\Skrivbord\HiJackThis.lnk
[2010-12-18 18:59:51 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-12-18 18:58:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-12-18 18:57:41 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-12-18 18:16:14 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-12-16 18:22:32 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\DualCoreCenter.lnk
[2010-12-15 19:56:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-11-29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-11-29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-11-26 05:17:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010-11-26 05:17:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2010-11-26 04:57:20 | 016,748,544 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2010-11-26 04:23:36 | 000,471,040 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2010-11-26 04:12:42 | 000,311,296 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010-11-26 04:07:34 | 000,057,344 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2010-11-26 04:07:24 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2010-11-26 04:06:14 | 004,489,216 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2010-11-26 03:55:42 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2010-11-26 03:54:36 | 000,302,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010-11-26 03:48:02 | 003,984,864 | ---- | M] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010-11-26 03:39:40 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2010-11-26 03:34:50 | 000,212,992 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010-11-26 03:34:38 | 000,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010-11-26 03:34:28 | 000,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010-11-26 03:34:22 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010-11-26 03:34:10 | 000,159,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2010-11-26 03:32:24 | 002,669,696 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010-11-26 03:32:04 | 000,539,392 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010-11-26 03:31:54 | 000,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-11-26 03:31:54 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-11-26 03:31:16 | 000,053,248 | ---- | M] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2010-11-26 03:30:34 | 000,121,776 | ---- | M] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010-11-26 03:30:30 | 000,143,360 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2010-11-26 03:26:38 | 000,651,264 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2010-11-26 03:24:46 | 000,196,608 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2010-11-26 03:24:22 | 000,017,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2010-11-26 03:18:16 | 000,765,952 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010-11-26 03:16:32 | 000,064,512 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2010-11-26 03:16:32 | 000,064,512 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2010-11-23 03:06:30 | 000,022,305 | ---- | M] () -- C:\WINDOWS\atiogl.xml
[2010-11-22 19:08:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-12-19 05:36:05 | 000,001,972 | ---- | C] () -- C:\Documents and Settings\Jacob\Skrivbord\HiJackThis.lnk
[2010-12-18 17:48:12 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-12-18 17:47:48 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-12-16 18:25:17 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010-12-14 13:37:35 | 000,000,924 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-12-14 13:37:34 | 000,000,920 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-11-29 02:02:56 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-07-14 18:11:50 | 001,184,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\FontCache3.0.0.0.dat
[2010-03-18 22:49:47 | 000,524,400 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2
[2009-07-14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-04-22 21:44:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009-04-22 21:16:38 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\default.pls
[2009-04-22 20:28:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\downloads.m3u
[2009-03-30 18:04:26 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2009-02-19 00:51:57 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-02-05 18:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MF.dll
[2008-12-24 01:35:20 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\default.rss
[2008-12-23 03:31:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-12-23 02:28:16 | 000,000,367 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2008-12-21 19:26:08 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\vso_ts_preview.xml
[2008-12-21 19:25:49 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\pcouffin.log
[2008-12-21 19:25:42 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\inst.exe
[2008-12-21 19:25:42 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\pcouffin.cat
[2008-12-21 19:25:42 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\pcouffin.inf
[2008-09-18 01:41:22 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008-07-01 00:38:36 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\sav950231.sys
[2008-07-01 00:37:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\sav970451.sys
[2008-07-01 00:36:19 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\sav80231.sys
[2008-06-22 22:49:01 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\coreavc.ini
[2008-02-05 16:49:46 | 000,697,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-02-05 16:30:18 | 000,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-01-10 13:16:20 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-01-10 13:15:30 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-01-09 20:33:49 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008-01-09 15:33:18 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008-01-09 15:33:18 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\PnkBstrK.sys
[2008-01-09 09:30:55 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-01-09 02:29:27 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-01-09 02:21:14 | 000,000,559 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2005-09-15 15:40:22 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\Unrar.dll
[2005-04-21 19:51:26 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GraphEdit.INI
[2002-05-15 05:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll
[2001-11-19 20:05:18 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

< End of report >


Extras:


OTL Extras logfile created on: 2010-12-21 21:28:13 - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Jacob\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 127,99 Gb Total Space | 12,51 Gb Free Space | 9,77% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 6,70 Gb Free Space | 1,12% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 8,05 Gb Free Space | 0,86% Space Free | Partition Type: NTFS
Drive G: | 337,77 Gb Total Space | 5,52 Gb Free Space | 1,63% Space Free | Partition Type: NTFS
Drive I: | 1863,01 Gb Total Space | 725,45 Gb Free Space | 38,94% Space Free | Partition Type: NTFS

Computer Name: JAKE | User Name: Jacob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"6112:TCP" = 6112:TCP:*:Enabled:warcraft
"6112:UDP" = 6112:UDP:*:Enabled:warcraft2

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Spel\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Spel\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Spel\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Spel\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\WINDOWS\system32\winver.exe" = C:\WINDOWS\system32\winver.exe:*:Enabled:winver -- (Microsoft Corporation)
"C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe" = C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords -- (Firaxis Games)
"C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe" = C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss -- (Firaxis Games)
"C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Spel\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\Program\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Program\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Program\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Program\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Program\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Program\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
"C:\Program\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Spel\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Spel\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Spel\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Spel\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- ()
"C:\Spel\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = C:\Spel\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Disabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"H:\yeash\uTorrent-program\uTorrent.exe" = H:\yeash\uTorrent-program\uTorrent.exe:*:Enabled:µTorrent -- File not found
"F:\NeroExpress\Installation\Setupx.exe" = F:\NeroExpress\Installation\Setupx.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program\DC++\DCPlusPlus.exe" = C:\Program\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- File not found
"C:\Spel\World of Warcraft\Launcher.exe" = C:\Spel\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program\Octoshape Streaming Services\Jacob\OctoshapeClient.exe" = C:\Program\Octoshape Streaming Services\Jacob\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\Program\VideoLAN\VLC\vlc.exe" = C:\Program\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Spel\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = C:\Spel\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program\Spotify\spotify.exe" = C:\Program\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program\Java\jre6\bin\java.exe" = C:\Program\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Spel\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe" = C:\Spel\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum -- (Rocksteady Studios Ltd)
"C:\Program\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"G:\Spel\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe" = G:\Spel\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II -- ()
"G:\Spel\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe" = G:\Spel\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update -- (Ubisoft)
"G:\Spel\Ubisoft\Assassin's Creed II\UPlayBrowser.exe" = G:\Spel\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay -- (Ubisoft Entertainment)
"C:\Program\Sony Ericsson\Update Service\Update Service.exe" = C:\Program\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Spel\Valve\Steam\SteamApps\lamlas@msn.com\counter-strike\hl.exe" = C:\Spel\Valve\Steam\SteamApps\lamlas@msn.com\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Spel\Valve\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Spel\Valve\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Spel\Valve\Steam\SteamApps\robin_corner\counter-strike\hl.exe" = C:\Spel\Valve\Steam\SteamApps\robin_corner\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Program\Tele2\Tele2 Sjaelvhjaelp\Selfrepair.exe" = C:\Program\Tele2\Tele2 Sjaelvhjaelp\Selfrepair.exe:*:Enabled:Tele2 Självhjälp -- (mquadr.at software engineering & consulting GmbH - Web: http://www.mquadr.at - Mail: office@mquadr.at)
"G:\Spel\Split Second\SplitSecond.exe" = G:\Spel\Split Second\SplitSecond.exe:*:Enabled:Split/Second -- (Disney Interactive Studios)
"C:\Spel\Valve\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Spel\Valve\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Program\iTunes\iTunes.exe" = C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{009435FA-9011-4C36-AE7C-CCC9669E7875}" = Windows Media Format 11 SDK
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1367FA2F-2B3D-430F-872F-588B93420BFC}" = TimeShift
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{161B3AC6-593F-4AC7-BBBF-88B72012A94E}" = OpenOffice.org 3.0
"{17b5ad57-bc5b-4293-92d7-0a15bcd554c0}" = Nero 9
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 23
"{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 5.009.00
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{350C97BC-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3EC91FDF-FE9A-43D5-96C4-8A9C24372500}" = Maxtor OneTouch
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{520CD4F0-9DAC-4C5C-8CA1-D0210CFF6062}" = Media Go
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A70922D-9365-43CC-ADA9-CB84E4A54E4E}" = Windows Live Essentials
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6515FE5E-9F36-448F-934E-10CD94821807}" = AMD OverDrive
"{675DD1E6-637A-4F0E-B6DE-26F45CC26092}_is1" = AC2 server emulator 0.41 by Dormine
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6B30FB1E-9F4A-49BA-9D74-174F1ECEB59D}" = Windows Live inloggningsassistenten
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{74C8BF56-6618-49AA-98BA-862223900CBF}" = Norman Virus Control
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.2.100
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{790F6156-B231-F7D6-BAE4-741E7CB0ACB1}" = ccc-utility
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8014763A-94BD-4CC3-8F86-35BD73C127B9}" = Promise FastTrak PDC42819 RAID Controller Windows Driver
"{810AD6B3-C830-A74C-300E-D14820CE1850}" = Catalyst Control Center InstallProxy
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36579B4-313E-DC6B-D817-41824D46EF5D}" = CCC Help English
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1053-7B44-A94000000001}" = Adobe Reader 9.4.1 - Svenska
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9060398-FB64-2A4C-C4E6-D1236447E026}" = ATI Catalyst Install Manager
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BFF892FB-23DC-4992-9DBA-019B46F90006}" = Empire Download Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}" = LightScribe System Software 1.17.90.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D3BA6488-5C3E-A4EF-BA64-74C54ABCEE03}" = ccc-core-static
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D4F8C273-468F-4491-AEA1-A6811B0E2780}" = AMD OverDrive
"{DD8F005A-26EF-4259-8D82-A805BC48B618}" = Tele2 Självhjälp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9E3EE81-6E7F-47A3-8D38-3470256704DB}_is1" = Tortun 0.8
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EC928237-A3BD-4640-ABD0-E49E758F2315}" = Windows Live Messenger
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EDD654B3-6FE9-67AC-CE7D-5FE3698439DB}" = Catalyst Control Center Graphics Previews Common
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"396FD00A58F61D595A7B26211A4715A3E27622E0" = Windows-drivrutinspaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"AviSynth" = AviSynth 2.5
"BS.Player ControlBar" = BS.Player ControlBar
"BSPlayerp" = BS.Player PRO
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"D.I.K.O. Free_is1" = DIKO 0.77
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DualCoreCenter_is1" = DualCoreCenter
"EAX Unified" = EAX Unified
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"Final Codecs" = FinalCodecs 2008 Olympic Edition
"Fraps" = Fraps (remove only)
"Frets on Fire" = Frets On Fire
"HaaliMkx" = Haali Media Splitter
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"ImTOO iPhone Transfer" = ImTOO iPhone Transfer
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{3EC91FDF-FE9A-43D5-96C4-8A9C24372500}" = Maxtor OneTouch
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"iPod PC Transfer_is1" = iPod PC Transfer 5.1
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Mafia" = Mafia
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Measurement Services Client" = Futuremark Measurement Services Client
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 2.9.8
"Mozilla (1.7.13)" = Mozilla (1.7.13)
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI Live Update 3" = MSI Live Update 3
"MXOFX" = USB Storage Adapter FX (MXO)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Personal" = Personal 4.10.4
"PunkBusterSvc" = PunkBuster Services
"Spotify" = Spotify
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Tele2 Självhjälp" = Tele2 Självhjälp
"The KMPlayer" = The KMPlayer (remove only)
"Tiberian Sun" = Command & Conquer Tiberian Sun
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"Update Service" = Update Service
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"VideoMach" = VideoMach
"VideoMach 4.0.4" = VideoMach 4.0.4
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"VLC media player" = VLC media player 1.0.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"VOIPlay" = VOIPlay
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-12-21 07:13:48 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 12:13:48] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------

Error
message: Running scheduled - shall not start LicWiz

Error - 2010-12-21 08:13:50 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 13:13:50] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------

Error
message: Running scheduled - shall not start LicWiz

Error - 2010-12-21 09:13:58 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 14:13:58] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------

Error
message: Running scheduled - shall not start LicWiz

Error - 2010-12-21 10:14:13 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 15:14:13] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------

Error
message: Running scheduled - shall not start LicWiz

Error - 2010-12-21 11:14:16 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 16:14:16] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------

Error
message: Running scheduled - shall not start LicWiz

Error - 2010-12-21 12:14:18 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 17:14:18] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------

Error
message: Running scheduled - shall not start LicWiz

Error - 2010-12-21 13:14:20 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 18:14:20] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------

Error
message: Running scheduled - shall not start LicWiz

Error - 2010-12-21 14:15:05 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 19:15:05] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------

Error
message: Running scheduled - shall not start LicWiz

Error - 2010-12-21 15:14:54 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 20:14:54] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------

Error
message: Running scheduled - shall not start LicWiz

Error - 2010-12-21 16:15:19 | Computer Name = JAKE | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/12/21 21:15:19] --------------------------------------------------------
Application:
Norman Internet Update Node address: 192.168.1.3 --------------------------------------------------------

Error
message: Running scheduled - shall not start LicWiz

[ System Events ]
Error - 2010-12-14 17:28:38 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten RIS avslutades oväntat. Detta har skett 1 gånger.

Error - 2010-12-14 17:28:40 | Computer Name = JAKE | Source = Service Control Manager | ID = 7031
Description = Tjänsten Norman Resource Provider avslutades oväntat. Den har gjort
detta 2 gång(er). Följande åtgärd kommer att utföras om 1000 millisekunder: Starta
om tjänsten.

Error - 2010-12-14 17:28:47 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten Norman Virus Control on-access component avslutades oväntat.
Detta har skett 1 gånger.

Error - 2010-12-14 17:28:50 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten Norman NJeeves avslutades oväntat. Detta har skett 1 gånger.

Error - 2010-12-14 17:28:55 | Computer Name = JAKE | Source = Service Control Manager | ID = 7031
Description = Tjänsten Norman Resource Provider avslutades oväntat. Den har gjort
detta 3 gång(er). Följande åtgärd kommer att utföras om 5000 millisekunder: Starta
om tjänsten.

Error - 2010-12-14 17:29:18 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten iPod Service avslutades oväntat. Detta har skett 1 gånger.

Error - 2010-12-15 05:06:51 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten LightScribeService Direct Disc Labeling Service avslutades
oväntat. Detta har skett 1 gånger.

Error - 2010-12-17 22:55:27 | Computer Name = JAKE | Source = Disk | ID = 262155
Description = Drivrutinen hittade ett styrenhetsfel på \Device\Harddisk2\D.

Error - 2010-12-18 11:33:57 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten Windows Installer avslutades oväntat. Detta har skett 1 gånger.

Error - 2010-12-18 11:34:06 | Computer Name = JAKE | Source = Service Control Manager | ID = 7034
Description = Tjänsten RIS avslutades oväntat. Detta har skett 1 gånger.


< End of report >


Gmer:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-21 21:45:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD5000AAKS-00YGA0 rev.12.01C02
Running: 1mqzeelt.exe; Driver: C:\DOCUME~1\Jacob\LOKALA~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT spba.sys ZwEnumerateKey [0xB7EC9E4C]
SSDT spba.sys ZwEnumerateValueKey [0xB7ECA1DA]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\aawm57tw \Device\Scsi\aawm57tw1 8A3CC470
Device \Driver\aawm57tw \Device\Scsi\aawm57tw1Port4Path0Target0Lun0 8A3CC470
Device \FileSystem\Ntfs \Ntfs 8A8DF1F8
Device \FileSystem\Fastfat \Fat 8A53D470

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



Over and out!
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 21st, 2010, 5:19 pm

Hi Jacob A,

Drive C: | 127,99 Gb Total Space | 12,51 Gb Free Space | 9,77% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 6,70 Gb Free Space | 1,12% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 8,05 Gb Free Space | 0,86% Space Free | Partition Type: NTFS
Drive G: | 337,77 Gb Total Space | 5,52 Gb Free Space | 1,63% Space Free | Partition Type: NTFS


Those disks are all very full, you need to free up some space on them.

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\Documents and Settings\All Users\Dokument\bjihvp.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 21st, 2010, 7:57 pm

Hi again took some time to transfer files from C: the virus immediately sort of woke up so it took like an hour to transfer a few gigabytes :)

Here is VirusTotal Scan:


Antivirus Version Last Update Result
AhnLab-V3 2010.12.22.00 2010.12.21 -
AntiVir 7.11.0.138 2010.12.21 -
Antiy-AVL 2.0.3.7 2010.12.21 -
Avast 4.8.1351.0 2010.12.21 -
Avast5 5.0.677.0 2010.12.21 -
AVG 9.0.0.851 2010.12.21 -
BitDefender 7.2 2010.12.22 -
CAT-QuickHeal 11.00 2010.12.21 Trojan.AutoIt.gen
ClamAV 0.96.4.0 2010.12.21 -
Command 5.2.11.5 2010.12.21 W32/AutoIt.M.gen!Eldorado
Comodo 7141 2010.12.21 Packed.Win32.MUPX.Gen
DrWeb 5.0.2.03300 2010.12.22 -
eSafe 7.0.17.0 2010.12.21 -
eTrust-Vet 36.1.8053 2010.12.21 -
F-Prot 4.6.2.117 2010.12.21 W32/AutoIt.M.gen!Eldorado
F-Secure 9.0.16160.0 2010.12.21 -
Fortinet 4.2.254.0 2010.12.21 -
GData 21 2010.12.21 -
Ikarus T3.1.1.90.0 2010.12.21 Worm.Win32.AutoIt
Jiangmin 13.0.900 2010.12.21 -
K7AntiVirus 9.74.3308 2010.12.21 Riskware
McAfee 5.400.0.1158 2010.12.22 -
McAfee-GW-Edition 2010.1C 2010.12.21 -
Microsoft 1.6402 2010.12.21 -
NOD32 5723 2010.12.21 -
Norman 6.06.12 2010.12.21 -
nProtect 2010-12-21.01 2010.12.21 -
Panda 10.0.2.7 2010.12.21 -
PCTools 7.0.3.5 2010.12.21 -
Prevx 3.0 2010.12.22 -
Rising 22.79.00.04 2010.12.21 -
Sophos 4.60.0 2010.12.21 -
SUPERAntiSpyware 4.40.0.1006 2010.12.22 -
Symantec 20101.3.0.103 2010.12.21 -
TheHacker 6.7.0.1.104 2010.12.21 -
TrendMicro 9.120.0.1004 2010.12.21 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.22 -
VBA32 3.12.14.2 2010.12.21 -
VIPRE 7751 2010.12.21 -
ViRobot 2010.12.20.4210 2010.12.21 -
VirusBuster 13.6.106.0 2010.12.21 -

TDSSKiller Scan:

2010/12/22 00:48:51.0390 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/22 00:48:51.0390 ================================================================================
2010/12/22 00:48:51.0390 SystemInfo:
2010/12/22 00:48:51.0390
2010/12/22 00:48:51.0390 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/22 00:48:51.0390 Product type: Workstation
2010/12/22 00:48:51.0390 ComputerName: JAKE
2010/12/22 00:48:51.0390 UserName: Jacob
2010/12/22 00:48:51.0390 Windows directory: C:\WINDOWS
2010/12/22 00:48:51.0390 System windows directory: C:\WINDOWS
2010/12/22 00:48:51.0390 Processor architecture: Intel x86
2010/12/22 00:48:51.0390 Number of processors: 2
2010/12/22 00:48:51.0390 Page size: 0x1000
2010/12/22 00:48:51.0390 Boot type: Normal boot
2010/12/22 00:48:51.0390 ================================================================================
2010/12/22 00:48:53.0796 Initialize success
2010/12/22 00:49:00.0515 ================================================================================
2010/12/22 00:49:00.0515 Scan started
2010/12/22 00:49:00.0515 Mode: Manual;
2010/12/22 00:49:00.0515 ================================================================================
2010/12/22 00:49:03.0046 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/22 00:49:03.0671 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/22 00:49:04.0750 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/22 00:49:05.0421 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/22 00:49:09.0890 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2010/12/22 00:49:13.0406 amdide (6e58654cb25730b2579e45e1fd116a47) C:\WINDOWS\system32\DRIVERS\amdide.sys
2010/12/22 00:49:14.0687 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/12/22 00:49:15.0562 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
2010/12/22 00:49:16.0640 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/22 00:49:18.0640 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/12/22 00:49:18.0765 ASUDriver (494cb40f67c50c88a505b3a31b2ebc2a) C:\Program\AMD\AMD OverDrive\i386\AODDriver.sys
2010/12/22 00:49:19.0296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/22 00:49:19.0890 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/22 00:49:24.0234 ati2mtag (3fff73a29663eda8ec7169a7cfde29f4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/22 00:49:28.0531 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/22 00:49:29.0093 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/22 00:49:29.0609 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/22 00:49:30.0593 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/22 00:49:31.0578 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/22 00:49:32.0125 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/22 00:49:32.0703 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/22 00:49:35.0687 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/22 00:49:36.0687 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/22 00:49:37.0750 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/22 00:49:38.0328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/22 00:49:38.0859 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/22 00:49:39.0890 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/22 00:49:40.0000 DualCoreCenter (1e733dabb0d3aad7ef28c0246813f321) C:\Program\MSI\DualCoreCenter\NTGLM7X.sys
2010/12/22 00:49:40.0562 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
2010/12/22 00:49:41.0156 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/22 00:49:41.0750 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/22 00:49:42.0281 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/22 00:49:42.0812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/22 00:49:43.0390 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/22 00:49:43.0968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/22 00:49:44.0562 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/22 00:49:45.0234 FTT3 (9c7b3e04aa6feb563ab30f0b3c646821) C:\WINDOWS\system32\DRIVERS\FTT3.sys
2010/12/22 00:49:45.0765 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/22 00:49:46.0281 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
2010/12/22 00:49:46.0812 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
2010/12/22 00:49:47.0343 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/22 00:49:47.0875 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/12/22 00:49:48.0468 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/22 00:49:49.0046 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/22 00:49:50.0687 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/22 00:49:52.0312 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/22 00:49:52.0890 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/22 00:49:56.0968 IntcAzAudAddService (a44c02a9a231dcd776bf55e2a142aa71) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/22 00:50:01.0765 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/22 00:50:02.0296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/22 00:50:02.0875 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/22 00:50:03.0468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/22 00:50:04.0109 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/22 00:50:04.0656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/22 00:50:05.0218 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/22 00:50:05.0734 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/22 00:50:06.0265 kbdhid (e1e28876fe7602b0a1d040354de35c06) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/22 00:50:06.0953 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/22 00:50:07.0781 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/22 00:50:08.0953 M2500 (aa976b567c3a04ea29a7f3e93920af59) C:\WINDOWS\system32\DRIVERS\M2500.sys
2010/12/22 00:50:09.0671 m4cxwxp (034dab73c9e6c6f861375814fb34390b) C:\WINDOWS\system32\DRIVERS\m4cxwxp.sys
2010/12/22 00:50:10.0375 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/22 00:50:11.0062 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/22 00:50:12.0437 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2010/12/22 00:50:13.0750 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/22 00:50:14.0265 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/22 00:50:14.0796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/22 00:50:15.0937 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/22 00:50:16.0843 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/22 00:50:17.0656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/22 00:50:18.0187 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/22 00:50:18.0703 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/22 00:50:19.0187 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/22 00:50:19.0703 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/22 00:50:20.0265 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/22 00:50:20.0890 MXOFX (799a99d21e72023ee5adb28ae424efc8) C:\WINDOWS\system32\DRIVERS\MXOFX.SYS
2010/12/22 00:50:21.0515 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/22 00:50:21.0687 Ndiskio (ed5a8017bd77020c536173c981b147ed) C:\Norman\Nse\bin\NDISKIO.SYS
2010/12/22 00:50:22.0187 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/22 00:50:22.0703 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/22 00:50:23.0250 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/22 00:50:23.0828 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/22 00:50:24.0359 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/22 00:50:24.0968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/22 00:50:25.0140 NGS (7b3238743de29edbd48f7524bae0d60e) c:\norman\ngs\bin\ngs.sys
2010/12/22 00:50:25.0812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/22 00:50:26.0468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/22 00:50:26.0750 NPROSEC (d963e9883f32f97f4f1d59956b7b17ce) C:\Norman\Ngs\Bin\nprosec.sys
2010/12/22 00:50:27.0625 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/22 00:50:28.0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/22 00:50:29.0000 NvcMFlt (f6b783c00b30adb332754ba42f058c5f) C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys
2010/12/22 00:50:29.0171 NVR0Dev (8cc5a4045a80a822cbc1e9eadff8e533) C:\WINDOWS\nvoclock.sys
2010/12/22 00:50:30.0109 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/22 00:50:30.0656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/22 00:50:31.0218 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/22 00:50:31.0781 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/22 00:50:32.0421 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/22 00:50:32.0984 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/22 00:50:33.0546 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/22 00:50:34.0562 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/22 00:50:35.0140 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/22 00:50:35.0781 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/12/22 00:50:39.0375 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/22 00:50:39.0906 Processor (992e4b2a91e6a2f3d21de89b9273353a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/22 00:50:40.0453 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/22 00:50:41.0031 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/22 00:50:41.0562 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/22 00:50:44.0578 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/22 00:50:45.0109 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/22 00:50:45.0687 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/22 00:50:46.0203 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/22 00:50:46.0843 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/22 00:50:47.0421 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/22 00:50:48.0109 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/22 00:50:48.0796 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/22 00:50:49.0437 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/22 00:50:50.0140 RTLE8023xp (e511d68f1ba6170a7178b7c4267c26cb) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/12/22 00:50:50.0421 RushTopDevice2 (18c22236aaf9902583ba6fffe5cebe56) C:\Program\MSI\DualCoreCenter\RushTop.sys
2010/12/22 00:50:51.0062 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\WINDOWS\system32\DRIVERS\s0017bus.sys
2010/12/22 00:50:51.0625 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys
2010/12/22 00:50:52.0203 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\WINDOWS\system32\DRIVERS\s0017mdm.sys
2010/12/22 00:50:52.0812 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys
2010/12/22 00:50:53.0390 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\WINDOWS\system32\DRIVERS\s0017nd5.sys
2010/12/22 00:50:53.0953 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\WINDOWS\system32\DRIVERS\s0017obex.sys
2010/12/22 00:50:54.0562 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\WINDOWS\system32\DRIVERS\s0017unic.sys
2010/12/22 00:50:55.0140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/22 00:50:55.0671 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
2010/12/22 00:50:56.0234 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/22 00:50:56.0781 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/22 00:50:57.0328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/22 00:50:58.0812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/22 00:50:59.0750 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/22 00:50:59.0750 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
2010/12/22 00:50:59.0750 sptd - detected Locked file (1)
2010/12/22 00:51:00.0281 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/22 00:51:01.0062 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/22 00:51:01.0828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/22 00:51:02.0359 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/22 00:51:04.0828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/22 00:51:05.0593 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/22 00:51:06.0375 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/22 00:51:06.0937 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/22 00:51:07.0468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/22 00:51:08.0515 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/22 00:51:09.0765 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/22 00:51:10.0515 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/22 00:51:11.0093 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/22 00:51:11.0671 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/22 00:51:12.0203 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/22 00:51:12.0765 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/22 00:51:13.0296 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/22 00:51:13.0812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/22 00:51:14.0343 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/22 00:51:14.0875 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/22 00:51:15.0906 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/22 00:51:16.0468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/22 00:51:17.0078 wceusbsh (a666c03cecb95f4e5b86d967672bab78) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/12/22 00:51:17.0906 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/22 00:51:19.0218 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/22 00:51:19.0796 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/22 00:51:20.0328 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/22 00:51:20.0890 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/22 00:51:21.0484 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/22 00:51:21.0687 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program\CyberLink\PowerDVD8\000.fcl
2010/12/22 00:51:22.0093 ================================================================================
2010/12/22 00:51:22.0093 Scan finished
2010/12/22 00:51:22.0093 ================================================================================
2010/12/22 00:51:22.0109 Detected object count: 1
2010/12/22 00:52:04.0796 Locked file(sptd) - User select action: Skip
2010/12/22 00:52:21.0453 Deinitialize success

Over and out!
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 22nd, 2010, 4:07 am

Hi Jacob A,

Did you manage to make some space on those disks?

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\..\Toolbar\WebBrowser: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll (Ask)
    :files
    C:\Documents and Settings\All Users\Dokument\bjihvp.exe
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

ESET online scannner

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 22nd, 2010, 3:56 pm

Hello deltalima! I did it just took a very long time to transfer files from my c: harddrive probably cause of the malware... for example a 300mb file took 4 minutes and it usually takes maybe 10 seconds or so.
My symptoms are still here after the reboot otl did, took like 4 minutes to load the windows logo and when I could choose a user everything lags, now in windows it works ok if im not playing movies or games etc. then its the same!

OTL Scan:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1454471165-796845957-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program\Ask.com\GenericAskToolbar.dll not found.
========== FILES ==========
C:\Documents and Settings\All Users\Dokument\bjihvp.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Jacob
->Temp folder emptied: 177070477 bytes
->Temporary Internet Files folder emptied: 52098057 bytes
->Java cache emptied: 53095405 bytes
->FireFox cache emptied: 112761871 bytes
->Flash cache emptied: 764303 bytes

User: LocalService
->Temp folder emptied: 261489404 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 190302005 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19911704 bytes
%systemroot%\System32 .tmp files removed: 20634898 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38272730 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 884,00 mb


OTL by OldTimer - Version 3.2.18.0 log created on 12222010_112210

Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Lokala inställningar\Temp\nvcbin.def.dac1c1b4.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...


ESET Online Scanner:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=aa35dbab8847534b9b149609dd689383
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-22 03:48:54
# local_time=2010-12-22 04:48:54 (+0100, Västeuropa, normaltid)
# country="Sweden"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=50712
# found=28
# cleaned=0
# scan_time=16519
C:\Documents and Settings\Jacob\Mina dokument\Virus fix\VirtumundoBeGone.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ayixtoye.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\bcrlxwmy.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ceypkiev.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drnxtdbe.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\erehhslp.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\FhPVDcfe.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\FhPVDcfe.ini2.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ganurcxy.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxxcfads.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\iscpranv.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\jausrsnb.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\kjcmubsn.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mtwovscy.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\npqgnflf.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\nrvlgmqm.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\nylnxpav.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\phancduf.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qknbcoyx.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qmmbtgyq.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qsfykdmr.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\quemeisl.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rkgadxhf.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rsorookf.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sclyfkgs.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\shvpsxkx.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\uvxotrpl.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\visnuokf.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 00000000000000000000000000000000 I


Over and out!
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 22nd, 2010, 4:24 pm

Hi Jacob A,

Run Combofix

Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix.

Download ComboFix from here to your Desktop.

For more information about Combofix please see here.

Close all programs.

Double click combofix.exe and follow the prompts.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures, if not, then follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once installed, you should see the following message:

The recovery console was successfuly installed.
Click ‘YES’ to continue scanning for malware
Click ‘NO’ for exit

Click the YES button.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your “drive access” light. If it is flashing, Combofix is still at work.

When finished ComboFix will produce a log file. Please post the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 22nd, 2010, 5:12 pm

Hello deltalima :)


Here is my ComboFix log:




ComboFix 10-12-22.01 - Jacob 2010-12-22 21:55:19.3.2 - x86
Körs från: c:\documents and settings\Jacob\Skrivbord\ComboFix.exe
* Skapade en ny återställningspunkt
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hpe51.dll
c:\documents and settings\All Users\Microsoft
c:\documents and settings\All Users\Microsoft\SL\DL\b54f6770-7d4d-424c-b93e-a729a4517fc9\2f739a1f-5707-4fff-a1ac-341a00a1e2f5
c:\documents and settings\Jacob\Application Data\inst.exe
c:\documents and settings\Jacob\Application Data\Local
c:\documents and settings\Jacob\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Jacob\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\documents and settings\Jacob\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp

.
(((((((((((((((((((((((( Filer Skapade från 2010-11-22 till 2010-12-22 ))))))))))))))))))))))))))))))
.

2010-12-22 11:08 . 2010-12-22 11:08 -------- d-----w- c:\program\ESET
2010-12-22 10:22 . 2010-12-22 10:22 -------- d-----w- C:\_OTL
2010-12-19 04:36 . 2010-12-19 04:36 388096 ----a-r- c:\documents and settings\Jacob\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-18 18:01 . 2010-12-18 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-12-18 16:45 . 2010-12-18 16:51 -------- d-----w- c:\program\ATI Technologies
2010-12-16 17:32 . 2010-12-16 17:33 -------- d-----w- c:\program\TweakNow RegCleaner
2010-12-16 17:32 . 2010-12-16 17:32 -------- d-----w- c:\documents and settings\Jacob\Application Data\TweakNow RegCleaner
2010-12-16 17:27 . 2010-12-16 17:29 -------- d-----w- c:\documents and settings\Jacob\Application Data\GetRightToGo
2010-12-16 17:25 . 2010-09-23 14:46 81936 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-12-16 17:25 . 2010-09-23 14:46 102416 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-12-16 16:39 . 2010-12-16 16:39 -------- d-----w- c:\program\Western Digital Corporation
2010-12-15 09:03 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 09:01 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-14 12:42 . 2010-12-14 12:42 -------- d-----w- c:\documents and settings\NetworkService\Lokala inställningar\Application Data\Google
2010-12-14 12:37 . 2010-12-14 12:42 -------- d-----w- c:\documents and settings\Jacob\Lokala inställningar\Application Data\Temp
2010-12-14 12:37 . 2010-12-14 12:37 -------- d-----w- c:\documents and settings\LocalService\Lokala inställningar\Application Data\Google
2010-12-14 12:37 . 2010-12-14 12:37 -------- d-----w- c:\documents and settings\Jacob\Lokala inställningar\Application Data\Google
2010-12-14 12:36 . 2010-12-14 12:45 -------- d-----w- c:\program\Google
2010-11-30 14:27 . 2010-11-30 15:42 -------- d-----w- c:\documents and settings\Jacob\Lokala inställningar\Application Data\AskToolbar
2010-11-30 01:36 . 2008-04-13 23:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-11-30 01:36 . 2008-04-13 23:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-11-29 01:36 . 2010-11-29 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ImTOO
2010-11-29 01:08 . 2010-11-29 01:08 -------- d-----w- c:\program\iPod
2010-11-29 01:08 . 2010-11-29 01:10 -------- d-----w- c:\program\iTunes
2010-11-29 01:02 . 2010-11-29 01:02 -------- d-----w- c:\program\Apple Software Update
2010-11-29 01:02 . 2010-11-29 01:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-11-29 01:01 . 2010-11-29 01:01 -------- d-----w- c:\program\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 16:42 . 2008-12-12 23:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 16:42 . 2008-12-12 23:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-26 04:17 . 2008-01-09 01:10 5555712 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-11-26 03:57 . 2010-02-16 23:54 16748544 ----a-w- c:\windows\system32\atioglxx.dll
2010-11-26 03:23 . 2010-02-16 23:54 471040 ----a-w- c:\windows\system32\atiok3x2.dll
2010-11-26 03:12 . 2010-02-16 23:54 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-11-26 03:07 . 2010-02-16 23:54 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-11-26 03:07 . 2010-02-16 23:54 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-11-26 03:06 . 2010-02-16 23:54 4489216 ----a-w- c:\windows\system32\aticaldd.dll
2010-11-26 02:55 . 2010-02-16 23:54 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-11-26 02:54 . 2008-01-09 01:10 302080 ----a-w- c:\windows\system32\ati2dvag.dll
2010-11-26 02:48 . 2008-01-09 01:10 3984864 ----a-w- c:\windows\system32\ati3duag.dll
2010-11-26 02:39 . 2010-02-16 23:54 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-11-26 02:34 . 2010-02-16 23:54 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2010-11-26 02:34 . 2010-02-16 23:54 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-11-26 02:34 . 2010-02-16 23:54 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-11-26 02:34 . 2010-02-16 23:54 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-11-26 02:34 . 2010-02-16 23:54 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-11-26 02:32 . 2010-02-16 23:54 614400 ----a-w- c:\windows\system32\ati2evxx.exe
2010-11-26 02:32 . 2008-01-09 01:10 2669696 ----a-w- c:\windows\system32\ativvaxx.dll
2010-11-26 02:31 . 2010-02-16 23:54 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-11-26 02:30 . 2010-02-19 14:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-11-26 02:26 . 2010-02-16 23:54 651264 ----a-w- c:\windows\system32\atikvmag.dll
2010-11-26 02:24 . 2010-02-16 23:54 196608 ----a-w- c:\windows\system32\atiadlxx.dll
2010-11-26 02:24 . 2010-02-16 23:54 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-11-26 02:18 . 2008-01-09 01:10 765952 ----a-w- c:\windows\system32\ati2cqag.dll
2010-11-26 02:16 . 2010-02-16 23:54 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-11-26 02:16 . 2010-02-16 23:54 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-11-18 18:15 . 2008-01-09 00:42 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-05-11 11:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2008-11-24 10:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-12 12:40 . 2008-01-09 00:52 273512 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-06 00:22 . 2001-09-07 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:22 . 2001-09-07 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:22 . 2001-09-07 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:27 . 2008-01-09 01:10 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-09-07 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2001-09-07 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:00 . 2001-09-07 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-07 11:23 . 2010-10-07 11:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 11:23 . 2010-10-07 11:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 14:44 . 2009-11-16 12:13 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 14:44 . 2009-11-16 12:13 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.

------- Sigcheck -------

[-] 2010-09-15 12:32 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2010-09-15 12:32 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-04 . FEBE82A289A6645E26B27F3A0A4D2B84 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7EE14D1-9317-4a59-9EE6-EE64F22B5B10}]
2005-12-02 12:06 61440 ----a-w- c:\program\Right Ascension, Inc\Empire Download Manager\ieedm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MaxtorOneTouch"="c:\program\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056]
"AODAssist.exe"="c:\program\AMD\AMD OverDrive\AODAssist.exe" [2007-11-06 69632]
"Norman ZANDA"="c:\norman\Npm\Bin\ZLH.EXE" [2009-02-11 187504]
"DelReg"="c:\program\MSI\DualCoreCenter\DelReg.exe" [2008-05-13 196608]
"amd_dc_opt"="c:\program\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-02 17530368]
"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-05-14 248552]
"StartCCC"="c:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2010-09-15 24064]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
DualCoreCenter.lnk - c:\program\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2008-11-24 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Personal.lnk]
path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Personal.lnk
backup=c:\windows\pss\Personal.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2008-10-07 18:31 75048 ----a-w- c:\program\CyberLink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-17 19:59 421160 ----a-w- c:\program\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 10:36 50472 ------w- c:\program\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 19:23 83240 ------w- c:\program\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Spel\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Spel\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Spel\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Spel\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Spel\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Spel\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Spel\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program\\Messenger\\msmsgs.exe"=
"c:\\Program\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Spel\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Spel\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Spel\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Spel\\World of Warcraft\\Launcher.exe"=
"c:\\Program\\Octoshape Streaming Services\\Jacob\\OctoshapeClient.exe"=
"c:\\Program\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program\\Spotify\\spotify.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Java\\jre6\\bin\\java.exe"=
"c:\\Spel\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"g:\\Spel\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"g:\\Spel\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"g:\\Spel\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Spel\\Valve\\Steam\\SteamApps\\lamlas@msn.com\\counter-strike\\hl.exe"=
"c:\\Spel\\Valve\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Spel\\Valve\\Steam\\SteamApps\\robin_corner\\counter-strike\\hl.exe"=
"c:\\Program\\Tele2\\Tele2 Sjaelvhjaelp\\Selfrepair.exe"=
"g:\\Spel\\Split Second\\SplitSecond.exe"=
"c:\\Spel\\Valve\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"c:\\Program\\iTunes\\iTunes.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:warcraft
"6112:UDP"= 6112:UDP:warcraft2

R2 AODService;AODService;c:\program\AMD\OverDrive\AODAssist.exe [2009-02-22 69632]
R2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-12-14 135664]
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
R3 ASUDriver;ASUDriver;c:\program\AMD\AMD OverDrive\i386\AODDriver.sys [2007-10-24 6144]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-04-27 13224]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\norman\Nvc\BIN\NVCSCHED.EXE [x]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
S0 FTT3;FTT3;c:\windows\System32\DRIVERS\FTT3.sys [2008-02-20 162824]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-16 697328]
S1 NGS;Norman General Security Driver;c:\norman\ngs\bin\ngs.sys [2009-02-11 22712]
S1 NPROSEC;Norman Security driver;c:\norman\Ngs\Bin\nprosec.sys [2009-04-21 53816]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program\CyberLink\PowerDVD8\000.fcl [2008-10-07 61424]
S2 Ndiskio;Ndiskio;c:\norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448]
S2 NPROSECSVC;Norman Security service;c:\norman\Ngs\Bin\Nprosec.exe [2009-02-25 121912]
S2 NVOY;Norman Resource Provider;c:\norman\npm\bin\nvoy.exe [2009-01-20 126008]
S3 DualCoreCenter;DualCoreCenter;c:\program\MSI\DualCoreCenter\NTGLM7X.sys [2010-02-08 36152]
S3 m4cxwxp;NDIS5.1 Miniport Driver for D-Link DGE-530T Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\m4cxwxp.sys [2003-08-26 171264]
S3 nsesvc;Norman Scanner Engine Service;c:\norman\nse\bin\NSESVC.EXE [2009-05-19 310328]
S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2009-01-22 19512]
S3 nvcoas;Norman Virus Control on-access component;c:\norman\Nvc\bin\nvcoas.exe [2009-04-28 195640]
S3 RushTopDevice2;RushTopDevice2;c:\program\MSI\DualCoreCenter\RushTop.sys [2008-11-11 55296]
S3 Scheduler;Norman Scheduler Service;c:\norman\Npm\Bin\scheduler.exe [2009-03-17 130104]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-04-27 27632]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-06 22:18 451872 ----a-w- c:\program\Delade filer\LightScribe\LSRunOnce.exe
.
Innehållet i mappen 'Schemalagda aktiviteter':

2010-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program\Google\Update\GoogleUpdate.exe [2010-12-14 12:36]

2010-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program\Google\Update\GoogleUpdate.exe [2010-12-14 12:36]

2010-12-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program\Ask.com\UpdateTask.exe [2010-09-28 21:44]

2010-12-22 c:\windows\Tasks\User_Feed_Synchronization-{72AB9688-47B1-4843-8370-414A8B59F059}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.se/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: telenor.se\www
DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} - hxxp://www.octoshape.com/test/ax/octoshape.cab
FF - ProfilePath - c:\documents and settings\Jacob\Application Data\Mozilla\Firefox\Profiles\c7wpk6xc.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Svensk ordlista: sv@dictionaries.addons.mozilla.org - %profile%\extensions\sv@dictionaries.addons.mozilla.org
FF - Ext: PandoraTV Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-Wdf01000.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program\Delade filer\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-NBKeyScan - c:\program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program\Delade filer\Ahead\Lib\NeroCheck.exe
AddRemove-Fraps - c:\fraps\uninstall.exe
AddRemove-Frets on Fire - e:\spel\Frets on Fire\Uninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Jacob\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 22:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_USERS\S-1-5-21-1454471165-796845957-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:43,a8,e7,6d,63,91,20,c5,09,94,ca,c8,1f,80,68,aa,f7,d0,c4,8a,97,bb,4a,
39,f9,43,db,86,63,88,be,d4,9c,5e,a0,99,58,d5,85,71,b4,39,da,9f,b6,4c,5e,33,\
"??"=hex:a9,bd,c4,98,55,a6,8b,02,17,96,54,1a,b4,55,99,04

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="?u?\11???\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=multi:"d:\\ati\\atidrv\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Sluttid: 2010-12-22 22:08:22
ComboFix-quarantined-files.txt 2010-12-22 21:08
ComboFix2.txt 2008-12-12 23:09
ComboFix3.txt 2008-12-08 20:15

Före genomsökningen: 23 796 248 576 byte ledigt
Efter genomsökningen: 23 769 182 208 byte ledigt

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 31E957F7CFA1A06D2CF19737CF2A8402


Over and out!
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 22nd, 2010, 5:24 pm

Hi Jacob A,

Please reboot the computer and run a new scan with OTL then post just the the OTL.txt log in your next reply.

How is the computer running now?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 22nd, 2010, 6:02 pm

Hello deltalima! Its pretty much the same... windows logo screen loading takes 4 min and welcome screen lags... it feels a bit like smaller lags now though. Movies lags like before but windows seems to be more stable.

edit: Ive tried some more games/movies now and it definately feels like smaller lags then before!

Thanks alot for all the help so far!

OTL Scan:

OTL logfile created on: 2010-12-22 22:41:57 - Run 3
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Jacob\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 127,99 Gb Total Space | 22,15 Gb Free Space | 17,31% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 18,86 Gb Free Space | 3,16% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 18,97 Gb Free Space | 2,04% Space Free | Partition Type: NTFS
Drive G: | 337,77 Gb Total Space | 17,57 Gb Free Space | 5,20% Space Free | Partition Type: NTFS
Drive I: | 1863,01 Gb Total Space | 695,91 Gb Free Space | 37,35% Space Free | Partition Type: NTFS

Computer Name: JAKE | User Name: Jacob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jacob\Skrivbord\OTL.exe (OldTimer Tools)
PRC - C:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program\Tele2\Tele2 Sjaelvhjaelp\m2Service.exe ()
PRC - C:\Norman\Nse\Bin\Nsesvc.exe (Norman ASA)
PRC - C:\Norman\NVC\Bin\Nvcoas.exe (Norman ASA)
PRC - C:\Norman\NVC\Bin\CClaw.exe (Norman ASA)
PRC - C:\Norman\npm\bin\Njeeves.exe (Norman ASA)
PRC - C:\Norman\npm\bin\scheduler.exe (Norman ASA)
PRC - C:\Norman\Ngs\Bin\nprosec.exe (Norman ASA)
PRC - C:\Norman\npm\bin\Zanda.exe (Norman ASA)
PRC - C:\Norman\npm\bin\Zlh.exe (Norman ASA)
PRC - C:\Norman\npm\bin\nvoy.exe (Norman ASA)
PRC - C:\Program\Delade filer\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Norman\npm\bin\elogsvc.exe (Norman ASA)
PRC - C:\Program\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\Program\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jacob\Skrivbord\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (PnkBstrA) -- C:\WINDOWS\System32\PnkBstrA.exe File not found
SRV - (NVCScheduler) -- C:\Norman\Nvc\BIN\NVCSCHED.EXE File not found
SRV - (Apple Mobile Device) -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (RIS) -- C:\Program\Tele2\Tele2 Sjaelvhjaelp\m2Service.exe ()
SRV - (nsesvc) -- C:\Norman\nse\bin\NSESVC.EXE (Norman ASA)
SRV - (nvcoas) -- C:\Norman\Nvc\bin\nvcoas.exe (Norman ASA)
SRV - (Adobe LM Service) -- C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Norman NJeeves) -- C:\Norman\Npm\Bin\Njeeves.exe (Norman ASA)
SRV - (Scheduler) -- C:\Norman\Npm\Bin\scheduler.exe (Norman ASA)
SRV - (NPROSECSVC) -- C:\Norman\Ngs\Bin\Nprosec.exe (Norman ASA)
SRV - (Norman ZANDA) -- C:\Norman\Npm\Bin\Zanda.exe (Norman ASA)
SRV - (AODService) -- C:\Program\AMD\OverDrive\AODAssist.exe ()
SRV - (NVOY) -- C:\Norman\npm\bin\nvoy.exe (Norman ASA)
SRV - (LightScribeService) -- C:\Program\Delade filer\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (aawservice) -- C:\Program\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (eLoggerSvc6) -- C:\Norman\Npm\bin\ELOGSVC.EXE (Norman ASA)
SRV - (nTuneService) -- C:\Program\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)


========== Driver Services (SafeList) ==========

DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (catchme) -- C:\DOCUME~1\Jacob\LOKALA~1\Temp\catchme.sys File not found
DRV - (Cardex) -- C:\WINDOWS\System32\drivers\TBPANEL.SYS File not found
DRV - (AtiHdmiService) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys File not found
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (DualCoreCenter) -- C:\Program\MSI\DualCoreCenter\NTGLM7X.sys (MICRO-STAR INT'L CO., LTD.)
DRV - (NPROSEC) -- C:\Norman\Ngs\Bin\nprosec.sys (Norman ASA)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (NGS) -- c:\Norman\Ngs\Bin\ngs.sys (Norman ASA)
DRV - (NvcMFlt) -- C:\WINDOWS\system32\drivers\nvcw32mf.sys (Norman ASA)
DRV - (RushTopDevice2) -- C:\Program\MSI\DualCoreCenter\RushTop.sys (Your Corporation)
DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program\CyberLink\PowerDVD8\000.fcl (Cyberlink Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (usbaudio) USB-ljuddrivrutiner (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (FTT3) -- C:\WINDOWS\System32\DRIVERS\FTT3.sys (Promise Technology, Inc.)
DRV - (ASUDriver) -- C:\Program\AMD\AMD OverDrive\i386\AODDriver.sys ()
DRV - (amdide) -- C:\WINDOWS\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (Ndiskio) -- C:\Norman\Nse\Bin\Ndiskio.sys (Norman ASA)
DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (M2500) -- C:\WINDOWS\system32\drivers\M2500.sys (Ralink Technology Inc.)
DRV - (m4cxwxp) -- C:\WINDOWS\system32\drivers\m4cxwxp.sys (D-Link Corporation)
DRV - (MXOFX) USB Storage Adapter FX (MXO) -- C:\WINDOWS\system32\drivers\MXOFX.SYS (Cypress Semiconductor)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKU\S-1-5-21-1454471165-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1454471165-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: sv@dictionaries.addons.mozilla.org:1.44
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program\DivX\DivX Plus Web Player\firefox\html5video [2010-12-14 13:43:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program\DivX\DivX Plus Web Player\firefox\wpa [2010-12-14 13:43:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.13\Extensions\\Components: C:\Program\mozilla.org\Mozilla\Components [2010-11-29 02:05:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla 1.7.13\Extensions\\Plugins: C:\Program\mozilla.org\Mozilla\Plugins [2010-11-30 15:04:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program\Mozilla Firefox\components [2010-12-11 17:42:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2010-12-11 17:42:00 | 000,000,000 | ---D | M]

[2008-08-29 17:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacob\Application Data\Mozilla\Extensions
[2010-12-22 16:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\c7wpk6xc.default\extensions
[2010-07-24 14:43:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\c7wpk6xc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-12-07 11:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\c7wpk6xc.default\extensions\sv@dictionaries.addons.mozilla.org
[2010-11-26 19:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\c7wpk6xc.default\extensions\toolbar@ask.com
[2010-12-22 16:55:50 | 000,000,000 | ---D | M] -- C:\Program\Mozilla Firefox\extensions
[2010-05-11 12:37:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010-08-11 14:19:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-10-20 15:52:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-12-19 05:28:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010-11-12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010-12-22 22:03:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (WgEDmBHO Class) - {D7EE14D1-9317-4a59-9EE6-EE64F22B5B10} - C:\Program\Right Ascension, Inc\Empire Download Manager\ieedm.dll ()
O3 - HKLM\..\Toolbar: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program\BS.Player ControlBar\BSToolbar.dll ()
O3 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\..\Toolbar\WebBrowser: (BS.Player ControlBar) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program\BS.Player ControlBar\BSToolbar.dll ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AODAssist.exe] C:\Program\AMD\AMD OverDrive\AODAssist.exe ()
O4 - HKLM..\Run: [DelReg] C:\Program\MSI\DualCoreCenter\DelReg.exe ()
O4 - HKLM..\Run: [MaxtorOneTouch] C:\Program\Maxtor\OneTouch\Utils\OneTouch.exe (Maxtor)
O4 - HKLM..\Run: [Norman ZANDA] C:\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Gerhard Schlager)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\DualCoreCenter.lnk = C:\Program\MSI\DualCoreCenter\StartUpDualCoreCenter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1454471165-796845957-839522115-1003\..Trusted Domains: telenor.se ([www] https in Trusted sites)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/eng/partne ... nicode.cab (CKAVWebScan Object)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDow ... eqlab3.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (DLM Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDow ... eqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7D4733C0-C43B-4A81-AF43-F9B20D1F8348} http://www.octoshape.com/test/ax/octoshape.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers.com/systeminfo/MSC3.cab (Measurement Services Client v.3.12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-01-09 02:17:54 | 000,000,049 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-12-22 21:50:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-12-22 12:08:17 | 000,000,000 | ---D | C] -- C:\Program\ESET
[2010-12-22 11:22:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-12-22 00:47:25 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jacob\Skrivbord\TDSSKiller.exe
[2010-12-22 00:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Skrivbord\TDSSKiller
[2010-12-21 21:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Skrivbord\Virus
[2010-12-21 21:03:58 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jacob\Skrivbord\OTL.exe
[2010-12-19 05:28:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-12-19 05:28:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-12-19 05:28:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-12-18 19:01:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010-12-18 17:45:46 | 000,000,000 | ---D | C] -- C:\Program\ATI Technologies
[2010-12-16 18:32:21 | 000,000,000 | ---D | C] -- C:\Program\TweakNow RegCleaner
[2010-12-16 18:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Application Data\TweakNow RegCleaner
[2010-12-16 18:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Application Data\GetRightToGo
[2010-12-16 18:25:17 | 000,102,416 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\RTNUninst32.dll
[2010-12-16 17:39:27 | 000,000,000 | ---D | C] -- C:\Program\Western Digital Corporation
[2010-12-15 10:03:00 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010-12-15 10:01:46 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010-12-14 13:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Google
[2010-12-14 13:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\Temp
[2010-12-14 13:37:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Google
[2010-12-14 13:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\Google
[2010-12-14 13:36:44 | 000,000,000 | ---D | C] -- C:\Program\Google
[2010-11-30 15:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\AskToolbar
[2010-11-30 02:36:09 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010-11-30 02:36:09 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010-11-29 02:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ImTOO
[2010-11-29 02:08:57 | 000,000,000 | ---D | C] -- C:\Program\iPod
[2010-11-29 02:08:23 | 000,000,000 | ---D | C] -- C:\Program\iTunes
[2010-11-29 02:04:08 | 000,000,000 | ---D | C] -- C:\Program\QuickTime
[2010-11-29 02:02:54 | 000,000,000 | ---D | C] -- C:\Program\Apple Software Update
[2010-11-29 02:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010-11-29 02:01:20 | 000,000,000 | ---D | C] -- C:\Program\Bonjour
[2008-12-21 19:25:42 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jacob\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010-12-22 22:42:28 | 000,000,410 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{72AB9688-47B1-4843-8370-414A8B59F059}.job
[2010-12-22 22:34:56 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-12-22 22:33:31 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-12-22 22:32:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-12-22 22:03:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-12-22 21:51:12 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2010-12-22 21:43:49 | 003,996,586 | R--- | M] () -- C:\Documents and Settings\Jacob\Skrivbord\ComboFix.exe
[2010-12-22 21:01:00 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010-12-22 20:50:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-12-22 19:56:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-12-22 03:02:37 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-12-21 21:38:17 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Jacob\Skrivbord\1mqzeelt.exe
[2010-12-21 21:04:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jacob\Skrivbord\OTL.exe
[2010-12-19 05:36:05 | 000,001,972 | ---- | M] () -- C:\Documents and Settings\Jacob\Skrivbord\HiJackThis.lnk
[2010-12-18 18:57:41 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-12-18 18:16:14 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-12-16 18:22:32 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\DualCoreCenter.lnk
[2010-12-16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jacob\Skrivbord\TDSSKiller.exe
[2010-11-29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-11-29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-11-26 05:17:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010-11-26 05:17:40 | 005,555,712 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2010-11-26 04:57:20 | 016,748,544 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2010-11-26 04:23:36 | 000,471,040 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiok3x2.dll
[2010-11-26 04:12:42 | 000,311,296 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2010-11-26 04:07:34 | 000,057,344 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalrt.dll
[2010-11-26 04:07:24 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticalcl.dll
[2010-11-26 04:06:14 | 004,489,216 | ---- | M] (Advanced Micro Devices Inc.) -- C:\WINDOWS\System32\aticaldd.dll
[2010-11-26 03:55:42 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\ATIDEMGX.dll
[2010-11-26 03:54:36 | 000,302,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010-11-26 03:48:02 | 003,984,864 | ---- | M] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010-11-26 03:39:40 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2010-11-26 03:34:50 | 000,212,992 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010-11-26 03:34:38 | 000,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010-11-26 03:34:28 | 000,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010-11-26 03:34:22 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010-11-26 03:34:10 | 000,159,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2010-11-26 03:32:24 | 002,669,696 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010-11-26 03:32:04 | 000,539,392 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010-11-26 03:31:54 | 000,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-11-26 03:31:54 | 000,000,003 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-11-26 03:31:16 | 000,053,248 | ---- | M] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2010-11-26 03:30:34 | 000,121,776 | ---- | M] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010-11-26 03:30:30 | 000,143,360 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiapfxx.exe
[2010-11-26 03:26:38 | 000,651,264 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2010-11-26 03:24:46 | 000,196,608 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\atiadlxx.dll
[2010-11-26 03:24:22 | 000,017,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2010-11-26 03:18:16 | 000,765,952 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010-11-26 03:16:32 | 000,064,512 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\atimpc32.dll
[2010-11-26 03:16:32 | 000,064,512 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\WINDOWS\System32\amdpcom32.dll
[2010-11-23 03:06:30 | 000,022,305 | ---- | M] () -- C:\WINDOWS\atiogl.xml

========== Files Created - No Company Name ==========

[2010-12-22 21:46:43 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-12-22 21:46:43 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-12-22 21:43:42 | 003,996,586 | R--- | C] () -- C:\Documents and Settings\Jacob\Skrivbord\ComboFix.exe
[2010-12-21 21:38:17 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Jacob\Skrivbord\1mqzeelt.exe
[2010-12-19 05:36:05 | 000,001,972 | ---- | C] () -- C:\Documents and Settings\Jacob\Skrivbord\HiJackThis.lnk
[2010-12-18 17:48:12 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-12-18 17:47:48 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-12-16 18:25:17 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010-12-14 13:37:35 | 000,000,924 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-12-14 13:37:34 | 000,000,920 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-11-29 02:02:56 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-07-14 18:11:50 | 001,184,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\FontCache3.0.0.0.dat
[2010-03-18 22:49:47 | 000,524,400 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2
[2009-07-14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-04-22 21:44:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009-04-22 21:16:38 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\default.pls
[2009-04-22 20:28:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\downloads.m3u
[2009-03-30 18:04:26 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2009-02-19 00:51:57 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-02-05 18:01:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MF.dll
[2008-12-24 01:35:20 | 000,000,199 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\default.rss
[2008-12-23 03:31:05 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-12-23 02:28:16 | 000,000,367 | ---- | C] () -- C:\WINDOWS\COVERE~1.INI
[2008-12-21 19:26:08 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\vso_ts_preview.xml
[2008-12-21 19:25:49 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\pcouffin.log
[2008-12-21 19:25:42 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\pcouffin.cat
[2008-12-21 19:25:42 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\pcouffin.inf
[2008-09-18 01:41:22 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008-07-01 00:38:36 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\sav950231.sys
[2008-07-01 00:37:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\sav970451.sys
[2008-07-01 00:36:19 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\sav80231.sys
[2008-06-22 22:49:01 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\coreavc.ini
[2008-02-05 16:49:46 | 000,697,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-02-05 16:30:18 | 000,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008-01-10 13:16:20 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-01-10 13:15:30 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-01-09 20:33:49 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008-01-09 15:33:18 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008-01-09 15:33:18 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Jacob\Application Data\PnkBstrK.sys
[2008-01-09 09:30:55 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-01-09 02:29:27 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\Jacob\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-01-09 02:21:14 | 000,000,559 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2005-09-15 15:40:22 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\Unrar.dll
[2005-04-21 19:51:26 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GraphEdit.INI
[2002-05-15 05:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll
[2001-11-19 20:05:18 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys

< End of report >


Over and out!
Last edited by Jacob A on December 23rd, 2010, 8:04 pm, edited 4 times in total.
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 22nd, 2010, 6:36 pm

Hi Jacob A,

edit: Ive tried some more games/movies now and it definately feels like smaller lags then before!


Good.

Drive C: | 127,99 Gb Total Space | 22,15 Gb Free Space | 17,31% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 18,86 Gb Free Space | 3,16% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 18,97 Gb Free Space | 2,04% Space Free | Partition Type: NTFS
Drive G: | 337,77 Gb Total Space | 17,57 Gb Free Space | 5,20% Space Free | Partition Type: NTFS


Those other disks are still very full, could you free up some space on those (at least 10 – 15 % free) and check performance?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 22nd, 2010, 6:46 pm

Hello deltalima! I can do that but I mean 10% of my 1tb harddrive is 100gig is it really necessary to have that much space free on harddrives thats only for storage?
Also I've had that little space on my harddrives for some time without my computer acting up thats the strange thing that it just started to act slow and lag like this so suddenly which is why I thought it was some sort of malware! :)

edit: As soon as I try to transfer files from c: or g: (they are the same harddrive) cpu usage goes up to 50% without any process using it in task manager and it takes alot more time then it should like 1 min 30 sec for each 100mb... while transfering from say e: I took a 8gig file and it takes like 4-3 min...
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 22nd, 2010, 7:07 pm

Hi Jacob A,

I can do that but I mean 10% of my 1tb harddrive is 100gig is it really necessary to have that much space free on harddrives thats only for storage?


It is not absolutely necessary but as there are no obvious signs of malware causing the problem we need to eliminate as many possible causes for the slowness as we can.

the strange thing that it just started to act slow and lag like this so suddenly which is why I thought it was some sort of malware!


Please run Malwarebytes, update then run a quick scan and post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware