Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I think im infected...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I think im infected...

Unread postby Johannesgyr » May 19th, 2012, 3:56 am

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Johannes at 9:48:17 on 2012-05-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.12279.9909 [GMT 2:00]
.
AV: McAfee Antivirus och antispionprogram *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Antivirus och antispionprogram *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Wondershare\1-Click PC Care\CareMon.exe
E:\Program Files (x86)\hamachi-2.exe
E:\Program Files (x86)\Hi-Res Studios\HiPatchService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
E:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Johannes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Johannes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Johannes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Johannes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Johannes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Johannes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Johannes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Johannes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Johannes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Johannes\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\Johannes\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "C:\Users\Johannes\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google] C:\Users\Johannes\AppData\Roaming\googleoez.exe
uRun: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "E:\Program Files (x86)\hamachi-2-ui.exe" --auto-start
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Ski&cka till OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwar ... TSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwar ... /CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7A7F6BE2-E2B9-40DB-8C7D-02BC76260A30} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{687578b9-7132-4a7a-80e4-30ee31099e03}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
BHO-X64: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{687578b9-7132-4a7a-80e4-30ee31099e03}
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [LogMeIn Hamachi Ui] "E:\Program Files (x86)\hamachi-2-ui.exe" --auto-start
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "E:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\uo7hz1s3.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Johannes\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
FF - plugin: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 CareMon;CareMon;C:\Program Files (x86)\Wondershare\1-Click PC Care\CareMon.exe [2012-1-23 146792]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys --> C:\Windows\system32\DRIVERS\mv91cons.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 mvs91xx;mvs91xx;C:\Windows\system32\DRIVERS\mvs91xx.sys --> C:\Windows\system32\DRIVERS\mvs91xx.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;E:\Program Files (x86)\hamachi-2.exe [2012-2-28 2343816]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;E:\Program Files (x86)\Hi-Res Studios\HiPatchService.exe [2012-1-9 8704]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-15 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-27 2348352]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 WRfiltv;WRfiltv;C:\Windows\system32\drivers\WRfiltv.sys --> C:\Windows\system32\drivers\WRfiltv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 257696]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-12-20 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-20 79360]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-29 112568]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTCore64;RTCore64;E:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2012-4-10 15176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 USBPNPA;USB PnP Sound Device Interface;C:\Windows\system32\drivers\CM10864.sys --> C:\Windows\system32\drivers\CM10864.sys [?]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-15 04:03:50 -------- d-----w- C:\Program Files (x86)\Diablo III
2012-05-13 13:03:08 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-05-12 12:27:44 -------- d-----w- C:\Users\Johannes\AppData\Local\Insanely Twisted Shadow Planet
2012-05-12 06:27:55 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-05-11 12:22:05 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 12:22:04 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 12:22:02 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 12:22:01 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 12:22:01 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 12:22:00 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 12:21:35 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 12:21:29 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 12:21:27 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 12:21:27 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 12:21:27 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 12:21:27 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-11 12:21:27 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-07 19:16:05 -------- d-----w- C:\Users\Johannes\AppData\Local\Funcom
2012-05-07 19:16:04 -------- d-----w- C:\ProgramData\media center programs
2012-05-06 15:56:56 -------- d-----w- C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2012-05-04 20:44:18 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2012-05-01 09:31:13 29272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
2012-04-30 23:01:02 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-04-29 13:02:25 -------- d-----w- C:\Users\Johannes\AppData\Local\Opera
2012-04-28 12:55:26 -------- d-----w- C:\Users\Johannes\AppData\Local\Risen2
2012-04-21 09:37:36 -------- d-----w- C:\Program Files (x86)\Heroes of Newerth
2012-04-20 19:24:21 -------- d-----w- C:\Users\Johannes\AppData\Local\SniperV2 Demo
2012-04-19 15:27:45 -------- d-----w- C:\Users\Johannes\AppData\Local\Ubisoft Game Launcher
.
==================== Find3M ====================
.
2012-05-14 20:26:22 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-14 20:26:22 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 20:34:18 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-05 20:34:18 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-05 20:33:54 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-04 19:51:10 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 13:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-13 20:06:41 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2012-03-13 20:06:41 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2012-03-13 20:06:41 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2012-03-13 20:02:54 94208 ----a-w- C:\Windows\DIIUnin.exe
2012-03-13 20:02:54 2829 ----a-w- C:\Windows\DIIUnin.pif
2012-03-09 12:38:57 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-07 14:43:31 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-29 20:59:29 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-02-29 11:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 9:48:27,64 ===============

Attach:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2011-10-07 16:02:34
System Uptime: 2012-05-19 09:25:53 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | SABERTOOTH X58
Processor: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz | LGA1366 | 3201/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 107 GiB total, 31,388 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 718,823 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP221: 2012-05-19 04:22:28 - Schemalagd kontrollpunkt
.
==== Installed Programs ======================
.
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
Adobe AIR
Adobe Reader X (10.1.3) - Svenska
Amnesia - The Dark Descent
Apple Application Support
Apple Software Update
ASIO4ALL
µTorrent
Bandisoft MPEG-1 Decoder
Battlefield 3™
Battlelog Web Plugins
Borderlands
Brawl Busters
Counter-Strike
Counter-Strike: Global Offensive Beta
Counter-Strike: Source
Creation Kit
Creative System Information
D3DX10
DAEMON Tools Lite
Definition update for Microsoft Office 2010 (KB982726)
Diablo II
Diablo III
Diablo III Beta
Dota 2
ESN Sonar
EVGA Precision X 3.0.2
Garry's Mod
Ghost Recon Online
Google Chrome
Gothic 3
Gothic II: Gold Edition
Heroes of Newerth
Hi-Rez Studios Authenticate and Update Service
ImageBooster
Java Auto Updater
Java(TM) 6 Update 31
JMicron JMB36X Driver
Junk Mail filter update
League of Legends
Left 4 Dead 2
LogMeIn Hamachi
Machinarium
Magicka
Malwarebytes Anti-Malware version 1.61.0.1400
marvell 91xx driver
Mesh Runtime
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Swedish) 2010
Microsoft Office Excel MUI (Swedish) 2010
Microsoft Office Hem och Småföretag 2010
Microsoft Office Klicka-och-kör 2010
Microsoft Office OneNote MUI (Swedish) 2010
Microsoft Office Outlook MUI (Swedish) 2010
Microsoft Office PowerPoint MUI (Swedish) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Finnish) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Swedish) 2010
Microsoft Office Proofing (Swedish) 2010
Microsoft Office Publisher MUI (Swedish) 2010
Microsoft Office Shared MUI (Swedish) 2010
Microsoft Office Single Image 2010
Microsoft Office Starter 2010 - svenska
Microsoft Office Word MUI (Swedish) 2010
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Might and Magic: Clash of Heroes
Mozilla Firefox 13.0 (x86 sv-SE)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Opera 11.62
Origin
Pando Media Booster
PAYDAY: The Heist
Portal 2
Premiumplay Codec-C
PunkBuster Services
RaiderZ
Realistic Colors and Real Nights 2.0 - HDR Edition -
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
RIFT
Risen 2 Dark Waters
Safari
Saints Row: The Third
Seal Hunter
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.8
Sound Blaster World of Warcraft Headset
Spotify
Steam
Super Monday Night Combat
Synergy
TERA
The Elder Scrolls V: Skyrim
The Secret World
Thief: Deadly Shadows
Tribes Ascend Closed Beta
Trine 2
Ubisoft Game Launcher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
uTorrentControl2 Toolbar
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
VLC media player 2.0.1
Wondershare 1-Click PC Care (Version 7.5.0)
World of Warcraft
.
==== End Of File ===========================

The main system issue is that I can not activate my firewall, when i try to, nothing happens. I had McAfee installed, that's where I first noticed the issue, that the firewall could not be activated, when i clicked "activate" basically nothing happened. Then I tried with the windows firewall, which did not work either. I uninstalled McAfee, windows firewall still did not work. I am in dire need of help!

Thanks in advance,

Johannesgyr
Johannesgyr
Regular Member
 
Posts: 18
Joined: May 19th, 2012, 3:44 am
Advertisement
Register to Remove

Re: I think im infected...

Unread postby askey127 » May 22nd, 2012, 8:41 am

Hi Johannesgyr,
-----------------------------------------------------------
There are Serious Issues with PunkBuster:
Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only very limited respect for retaining the overall security and integrity of your machine.
These programs are changed/updated often, and it is not possible to predict what effects they actually have on the Operating System.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this could result in not being able to play the associated games, or corruption of your system.
If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.
(The built-in Image Backup could also be used in a Win7 system).

If you really want to clean this machine, I will help, but if you so choose, understand there is NO assurance that the Punkbuster games or your PC system will be trouble-free afterwards.

You should read this entire thread, as just one example of what is going on, then let me know what you want to do.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I think im infected...

Unread postby Johannesgyr » May 22nd, 2012, 12:02 pm

Okay, so I have read the thread, I have a hunch of what is going on.

I believe that the only program that is linked to Punkbuster is Battlefield 3, which I played for a long while, I wouldnt mind removing it to ensure my safety. I want to clean my PC, I will do everything I can using your guidance.

I much appreciate you helping me!

Johannesgyr
Johannesgyr
Regular Member
 
Posts: 18
Joined: May 19th, 2012, 3:44 am

Re: I think im infected...

Unread postby askey127 » May 22nd, 2012, 12:50 pm

Johannesgyr,
OK. let's get started.

I realize that uTorrent is often used in connection with downloading, But it's unfortunately a near-certain method to get your computer infected.
We require removal of P2P programs as a condition of receiving our help.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

uTorrentControl2 Toolbar
µTorrent
Battlefield 3™
Pando Media Booster
PunkBuster Services

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator" to run it.
  • Check the box at the top, labeled Include 64 bit scans
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.
---------------------------------------------------
So, In Your Reply, we will be looking for the contents of the following :
  • OTL.txt
  • Extras.txt
  • TDSSKiller log
Please feel free to use separate replies.
The Extras.txt file will only show up the very first time you run OTL.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I think im infected...

Unread postby Johannesgyr » May 22nd, 2012, 1:02 pm

Hi, I am sorry for the inconvinience, but there is no "PunkBuster Services" listed in the Programs and Features list, is there something else I can do?
Johannesgyr
Regular Member
 
Posts: 18
Joined: May 19th, 2012, 3:44 am

Re: I think im infected...

Unread postby Johannesgyr » May 22nd, 2012, 1:04 pm

Johannesgyr wrote:Hi, I am sorry for the inconvinience, but there is no "PunkBuster Services" listed in the Programs and Features list, is there something else I can do?


Nevermind, looked again and i found it...
Johannesgyr
Regular Member
 
Posts: 18
Joined: May 19th, 2012, 3:44 am

Re: I think im infected...

Unread postby Johannesgyr » May 22nd, 2012, 1:12 pm

OTL logfile created on: 2012-05-22 19:09:04 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Johannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

11,99 Gb Total Physical Memory | 10,11 Gb Available Physical Memory | 84,29% Memory free
23,98 Gb Paging File | 21,93 Gb Available in Paging File | 91,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,13 Gb Total Space | 30,36 Gb Free Space | 28,34% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 770,97 Gb Free Space | 82,77% Space Free | Partition Type: NTFS

Computer Name: JOHANNES-DATOR | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-05-22 19:07:43 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
PRC - [2012-05-19 08:38:15 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012-05-05 15:44:42 | 000,932,528 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-03-10 15:26:10 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Program Files (x86)\Steam\Steam.exe
PRC - [2012-03-07 16:43:31 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012-03-01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-02-29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011-04-14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009-12-02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009-12-02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


========== Modules (No Company Name) ==========

MOD - [2012-05-19 08:38:12 | 020,313,384 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012-05-19 08:38:10 | 000,895,312 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012-05-19 08:38:07 | 000,123,192 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012-05-19 08:38:05 | 000,190,776 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012-05-19 08:38:03 | 001,099,576 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012-05-09 05:04:52 | 000,441,840 | ---- | M] () -- C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
MOD - [2012-05-09 05:04:51 | 003,921,904 | ---- | M] () -- C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
MOD - [2012-05-09 05:03:36 | 000,553,456 | ---- | M] () -- C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\libglesv2.dll
MOD - [2012-05-09 05:03:35 | 000,117,744 | ---- | M] () -- C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\libegl.dll
MOD - [2012-05-09 05:03:25 | 000,134,656 | ---- | M] () -- C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\avutil-51.dll
MOD - [2012-05-09 05:03:24 | 000,250,368 | ---- | M] () -- C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\avformat-54.dll
MOD - [2012-05-09 05:03:23 | 002,375,680 | ---- | M] () -- C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll
MOD - [2012-05-05 15:44:42 | 000,932,528 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe


========== Win32 Services (SafeList) ==========

SRV - [2012-05-19 08:38:15 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-05-14 22:26:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-03-07 16:43:31 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012-03-01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-02-29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-02-29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-12-20 19:21:21 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011-12-20 19:21:12 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011-03-28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-01-09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009-12-02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009-12-02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009-08-28 20:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-05-12 08:27:55 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012-01-17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011-11-24 00:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-09-08 16:40:24 | 000,508,520 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011-06-10 17:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011-06-10 17:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011-05-20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011-05-19 16:55:36 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011-04-08 19:00:06 | 000,312,624 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011-03-14 11:29:46 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-10-01 12:35:06 | 000,302,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009-12-22 02:54:00 | 001,308,160 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA)
DRV:64bit: - [2009-12-02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009-12-02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009-12-02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009-12-02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009-07-31 12:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WRfiltv.sys -- (WRfiltv)
DRV:64bit: - [2009-07-16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008-01-17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV - [2010-08-04 11:05:12 | 000,016,384 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGI2CDriver.sys -- (LGDDCDevice)
DRV - [2010-08-04 11:05:00 | 000,019,968 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGPII2CDriver.sys -- (LGII2CDevice)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-554517835-2887831909-526785192-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-554517835-2887831909-526785192-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
IE - HKU\S-1-5-21-554517835-2887831909-526785192-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 FF 48 8D 85 2B CD 01 [binary data]
IE - HKU\S-1-5-21-554517835-2887831909-526785192-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-554517835-2887831909-526785192-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\InprocServer32 File not found
IE - HKU\S-1-5-21-554517835-2887831909-526785192-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-554517835-2887831909-526785192-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-554517835-2887831909-526785192-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-554517835-2887831909-526785192-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore

[2012-03-08 15:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
[2012-02-28 03:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\extensions
[2012-02-28 03:58:14 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011-12-09 21:32:45 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012-04-29 14:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\uo7hz1s3.default\extensions
[2012-04-29 14:38:19 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UO7HZ1S3.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Johannes\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: S\u00F6k p\u00E5 Google = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Click 2 Save = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmnjncblbopofbigibekembijeajahe\1.1_0\
CHR - Extension: ICE Quick Stream = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\5.2_0\
CHR - Extension: Gmail = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll File not found
O3 - HKU\S-1-5-21-554517835-2887831909-526785192-1001\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll File not found
O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-554517835-2887831909-526785192-1001..\Run: [DAEMON Tools Lite] E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-554517835-2887831909-526785192-1001..\Run: [Google] C:\Users\Johannes\AppData\Roaming\googleoez.exe File not found
O4 - HKU\S-1-5-21-554517835-2887831909-526785192-1001..\Run: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKU\S-1-5-21-554517835-2887831909-526785192-1001..\Run: [Spotify Web Helper] C:\Users\Johannes\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-554517835-2887831909-526785192-1001..\Run: [Steam] E:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-554517835-2887831909-526785192-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-554517835-2887831909-526785192-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Ski&cka till OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Ski&cka till OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Länkade &anteckningar - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Länkade &anteckningar - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.67.199.18 195.67.199.19 195.67.199.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A7F6BE2-E2B9-40DB-8C7D-02BC76260A30}: DhcpNameServer = 195.67.199.18 195.67.199.19 195.67.199.20
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fc916e0d-8883-11e1-bba6-14dae93e092d}\Shell - "" = AutoRun
O33 - MountPoints2\{fc916e0d-8883-11e1-bba6-14dae93e092d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-05-22 19:07:42 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2012-05-22 18:17:33 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\RemoveMalware
[2012-05-15 06:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012-05-15 06:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012-05-13 15:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012-05-13 15:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012-05-13 15:02:54 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012-05-12 17:23:55 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Skolgrejer
[2012-05-12 14:27:44 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Insanely Twisted Shadow Planet
[2012-05-12 14:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Game Studios
[2012-05-12 08:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012-05-12 08:27:55 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012-05-12 08:18:47 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Google
[2012-05-11 14:22:05 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012-05-11 14:22:02 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012-05-11 14:22:01 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012-05-11 14:22:00 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012-05-07 21:16:05 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Funcom
[2012-05-07 21:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\media center programs
[2012-05-07 21:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
[2012-05-04 23:13:26 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terraria
[2012-05-04 22:44:18 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012-05-01 01:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012-05-01 00:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
[2012-04-29 15:02:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Opera
[2012-04-29 15:02:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Opera
[2012-04-29 14:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012-04-28 14:55:26 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Risen2
[2012-04-26 14:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012-04-26 14:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012-04-26 13:57:33 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\vlc
[2012-04-23 17:07:34 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\gothic3
[2010-11-19 06:27:00 | 000,587,776 | ---- | C] (Igor Pavlov) -- C:\Users\Johannes\AppData\Roaming\7za.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-05-22 19:07:43 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2012-05-22 19:06:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-05-22 19:06:34 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys
[2012-05-22 18:54:00 | 000,001,016 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-554517835-2887831909-526785192-1001UA.job
[2012-05-22 18:51:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-05-22 18:00:00 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2012-05-22 12:31:44 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-05-22 12:31:44 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-05-22 12:28:47 | 001,575,584 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-05-22 12:28:47 | 000,662,158 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2012-05-22 12:28:47 | 000,652,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-05-22 12:28:47 | 000,141,702 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2012-05-22 12:28:47 | 000,121,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-05-21 19:54:00 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-554517835-2887831909-526785192-1001Core.job
[2012-05-19 03:46:58 | 000,332,019 | ---- | M] () -- C:\Users\Johannes\Desktop\csgo.png
[2012-05-18 15:03:51 | 000,002,374 | ---- | M] () -- C:\Users\Johannes\Desktop\Google Chrome.lnk
[2012-05-15 20:41:33 | 000,162,123 | ---- | M] () -- C:\Users\Johannes\Documents\hey..wma
[2012-05-15 19:02:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-05-15 06:10:41 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012-05-14 22:26:22 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-05-14 22:26:22 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-05-13 22:02:28 | 000,341,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-05-12 08:27:55 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012-05-11 16:02:45 | 000,123,823 | ---- | M] () -- C:\Users\Johannes\Desktop\123asd.jpg
[2012-05-05 22:34:18 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012-05-05 22:34:18 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-05-05 22:33:54 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012-05-05 15:18:48 | 000,000,000 | -H-- | M] () -- C:\Users\Johannes\Documents\Default.rdp
[2012-05-04 23:23:52 | 001,553,434 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-05-04 21:51:10 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012-04-30 00:52:02 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012-04-26 16:24:27 | 000,001,943 | ---- | M] () -- C:\Users\Johannes\Desktop\Heroes of Newerth.lnk
[2012-04-26 14:05:28 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012-04-26 14:05:28 | 000,000,027 | ---- | M] () -- C:\Program Files\plugins.dat
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-05-19 03:46:58 | 000,332,019 | ---- | C] () -- C:\Users\Johannes\Desktop\csgo.png
[2012-05-15 20:41:33 | 000,162,123 | ---- | C] () -- C:\Users\Johannes\Documents\hey..wma
[2012-05-15 19:02:27 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-05-15 06:03:50 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012-05-11 16:02:50 | 000,123,823 | ---- | C] () -- C:\Users\Johannes\Desktop\123asd.jpg
[2012-05-05 15:18:48 | 000,000,000 | -H-- | C] () -- C:\Users\Johannes\Documents\Default.rdp
[2012-04-26 16:24:27 | 000,001,943 | ---- | C] () -- C:\Users\Johannes\Desktop\Heroes of Newerth.lnk
[2012-04-26 14:05:28 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012-04-26 14:02:57 | 000,000,027 | ---- | C] () -- C:\Program Files\plugins.dat
[2012-04-02 22:17:38 | 000,040,985 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\a.7z
[2012-03-13 22:06:09 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012-03-13 22:06:09 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012-03-13 22:06:09 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012-02-29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012-01-23 22:44:51 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012-01-22 18:57:53 | 000,000,206 | ---- | C] () -- C:\Windows\ulead32.ini
[2011-12-26 23:43:39 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\LGErrorHandler.dll
[2011-12-26 23:43:38 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\LGUmdl.dll
[2011-12-20 19:21:23 | 000,001,801 | ---- | C] () -- C:\Windows\WRcfg.ini
[2011-12-20 19:21:23 | 000,000,388 | ---- | C] () -- C:\Windows\WRMCcfg.ini
[2011-12-20 19:21:22 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011-12-20 19:21:22 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011-12-15 00:26:10 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll
[2011-12-15 00:26:10 | 000,000,518 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2011-12-15 00:26:05 | 000,008,031 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2011-12-15 00:26:05 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2011-12-15 00:26:04 | 000,001,320 | ---- | C] () -- C:\Windows\cm108.ini
[2011-11-02 04:10:24 | 000,088,280 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011-10-16 00:40:43 | 000,000,032 | ---- | C] () -- C:\Program Files\plugins-04041e-fe8.dat
[2011-10-07 17:35:59 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-10-07 17:35:58 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-09-01 15:06:17 | 001,553,434 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-05-31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011-05-31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

========== LOP Check ==========

[2011-10-08 17:28:27 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2012-01-21 23:29:27 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\BigHugeEngine
[2012-01-22 18:55:56 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012-03-13 21:59:05 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAEMON Tools Lite
[2012-02-05 20:38:57 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DarknessIIDemo
[2012-01-16 15:40:10 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DriverCure
[2012-02-01 16:29:15 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\fltk.org
[2011-12-09 21:59:16 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Image-Line
[2011-10-07 17:08:59 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\LolClient
[2012-05-19 10:15:09 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Opera
[2011-10-25 19:04:25 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Origin
[2012-01-16 15:40:10 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\ParetoLogic
[2012-01-23 22:22:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\PCCleaner
[2012-02-05 23:49:38 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\RIFT
[2012-03-01 03:50:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\RotMG.Production
[2012-05-19 00:23:00 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SoftGrid Client
[2012-05-22 18:56:59 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Spotify
[2012-01-23 22:25:18 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\spotmau
[2011-12-09 22:08:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SynthMaker
[2011-10-22 18:33:53 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TP
[2012-03-30 18:47:02 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Trine2
[2012-02-16 00:19:58 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TuneUp Software
[2012-01-23 22:22:52 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Uniblue
[2012-03-10 15:29:42 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Unity
[2012-01-01 14:14:25 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\VOIPlay
[2012-05-22 18:00:00 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2012-04-30 00:52:02 | 000,000,448 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2012-03-08 14:55:14 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Johannesgyr
Regular Member
 
Posts: 18
Joined: May 19th, 2012, 3:44 am

Re: I think im infected...

Unread postby Johannesgyr » May 22nd, 2012, 1:13 pm

OTL Extras logfile created on: 2012-05-22 19:09:04 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Johannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

11,99 Gb Total Physical Memory | 10,11 Gb Available Physical Memory | 84,29% Memory free
23,98 Gb Paging File | 21,93 Gb Available in Paging File | 91,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,13 Gb Total Space | 30,36 Gb Free Space | 28,34% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 770,97 Gb Free Space | 82,77% Space Free | Partition Type: NTFS

Computer Name: JOHANNES-DATOR | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-041D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Swedish) 2010
"{90140000-006D-041D-1000-0000000FF1CE}" = Microsoft Office Klicka-och-kör 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision drivrutin 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIAs kontrollpanel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafikdrivrutin 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision drivrutin för styrenhet 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX systemprogramvara 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA-uppdatering 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD audiodrivrutin 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0CA7189BDF03FE9EFA6911458ECB1F37C74E4CFD" = Windows-drivrutinspaket - ATK (MTsensor) System (10/19/2006 1043.4.0.0)
"1BBB2801E15B636D8668235AA0720582A661E314" = Windows-drivrutinspaket - Intel (iaStor) hdc (04/15/2008 8.0.0.1039)
"21311A0A11C8830542D76A85FFF531B8F800D67D" = Windows-drivrutinspaket - Marvell Inc. (mvs91xx) SCSIAdapter (04/08/2011 1.2.0.1003)
"505F021F1B23359ACC152FEFEB18B3C2C5FF82EA" = Windows-drivrutinspaket - ATK (MTsensor) System (01/21/2008 1043.5.0.0)
"55AAC8B3C1559D5D378114A88513466A7ECEC7BD" = Windows-drivrutinspaket - ATK (MTsensor) System (07/16/2009 1043.6.0.0)
"5D342BF18A8C8421D11AAE57CF63E14C0D640382" = Windows-drivrutinspaket - Intel (iaStor) hdc (05/20/2011 10.6.0.1002)
"6D190FFA805902C5DE06F9924857E65073FB53F5" = Windows-drivrutinspaket - Marvell Semiconductor Inc. (mv91cons) System (04/08/2011 1.2.0.1003)
"6F868FFC0AF3C6B73A49DBA979EC2FCF5B19A8E1" = Windows-drivrutinspaket - Marvell Inc. (mv91xx) SCSIAdapter (09/30/2010 1.0.00.1047)
"7A975CADB61C6AB8385AC0A2A178C7C56BD45CF4" = Windows-drivrutinspaket - Intel System (01/21/2009 9.1.0.1013)
"860B83D2CB29D444DBBA34644016D4A9D939D6BC" = Windows-drivrutinspaket - Realtek (RTL8169) Net (09/08/2011 6.250.0908.2011)
"9201E5BD02AE4540AF31E8A23F8E4A0A8FEFB31C" = ENE CIR Receiver Driver
"9211BB4F3B42621F5ACA608E4FD9736D7D66A7E3" = Windows-drivrutinspaket - Intel System (06/08/2010 1.0.0.0002)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"B7C07CAD54947588D1B39652CAF2B9DAAEBE1983" = Windows-drivrutinspaket - JMicron Technology Corp. (JRAID) SCSIAdapter (11/25/2010 1.17.62.0)
"CC5C8C4418FDD07D3A38D2534A1DDBC04F4DB934" = Windows-drivrutinspaket - Marvell Inc. System (04/08/2011 1.2.0.1003)
"CE8CE21C068F20F9395BCE36F04703D739A2811D" = Windows-drivrutinspaket - Intel System (02/08/2010 9.1.1.1026)
"C-Media CM108 Like Sound Driver" = SteelSeries USB Soundcard v1.20
"E70B1661E54E59884BC54626477CA78197B3AEEC" = Windows-drivrutinspaket - Marvell Semiconductor Inc. (mv91cons) System (09/30/2010 1.0.00.1047)
"E855F98789D51B470CD6AA7B23BC1768738E0811" = Windows-drivrutinspaket - Realtek Semiconductor Corp. HD Audio Driver (08/30/2011 6.0.1.6449)
"F07FDF9D6C619BD893206A7241CDD497066D31F9" = Windows-drivrutinspaket - Intel USB (02/25/2008 9.0.0.1005)
"FF1953CFE4B2D49E4631CEBB994B797CD6869771" = Windows-drivrutinspaket - Intel hdc (06/08/2010 7.0.0.1013)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0429B343-D023-4524-89BC-0478E0D9E3C3}" = Sound Blaster World of Warcraft Headset
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-041D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Swedish) 2010
"{90140000-0015-041D-0000-0000000FF1CE}_Office14.SingleImage_{09222FB7-1C4F-4CC3-9464-1BC63E79F01F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-041D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Swedish) 2010
"{90140000-0016-041D-0000-0000000FF1CE}_Office14.SingleImage_{09222FB7-1C4F-4CC3-9464-1BC63E79F01F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Swedish) 2010
"{90140000-0018-041D-0000-0000000FF1CE}_Office14.SingleImage_{09222FB7-1C4F-4CC3-9464-1BC63E79F01F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-041D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Swedish) 2010
"{90140000-0019-041D-0000-0000000FF1CE}_Office14.SingleImage_{09222FB7-1C4F-4CC3-9464-1BC63E79F01F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-041D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Swedish) 2010
"{90140000-001A-041D-0000-0000000FF1CE}_Office14.SingleImage_{09222FB7-1C4F-4CC3-9464-1BC63E79F01F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-041D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Swedish) 2010
"{90140000-001B-041D-0000-0000000FF1CE}_Office14.SingleImage_{09222FB7-1C4F-4CC3-9464-1BC63E79F01F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2010
"{90140000-001F-040B-0000-0000000FF1CE}_Office14.SingleImage_{0EF937D0-95B1-42E3-9643-9D49E4323DF9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
"{90140000-001F-041D-0000-0000000FF1CE}_Office14.SingleImage_{D00E944F-5ECB-42FF-B58E-8FDCF2219DE8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-041D-1000-0000000FF1CE}_Office14.SingleImage_{B70F5BBB-B7EB-490C-A2AE-53F0DDE945BE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-041D-0000-0000000FF1CE}" = Microsoft Office Proofing (Swedish) 2010
"{90140000-002C-041D-0000-0000000FF1CE}_Office14.SingleImage_{5FFBFB83-ACC9-4D2C-94D9-90924868A9AF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-041D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Swedish) 2010
"{90140000-006E-041D-0000-0000000FF1CE}_Office14.SingleImage_{2A9D691D-436D-4377-9CF8-152F78E952BF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-041D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Swedish) 2010
"{90140000-00A1-041D-0000-0000000FF1CE}_Office14.SingleImage_{09222FB7-1C4F-4CC3-9464-1BC63E79F01F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-041D-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - svenska
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-041D-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1053-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Svenska
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5EEE07-5512-4A8D-967C-849329804A9C}" = ImageBooster
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"ASIO4ALL" = ASIO4ALL
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"hon" = Heroes of Newerth
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klicka-och-kör 2010
"Office14.SingleImage" = Microsoft Office Hem och Småföretag 2010
"Origin" = Origin
"PrecisionX" = EVGA Precision X 3.0.2
"Premiumplay Codec-C" = Premiumplay Codec-C
"Realistic Colors and Real Nights 2.0 - HDR Edition -" = Realistic Colors and Real Nights 2.0 - HDR Edition -
"Risen 2 Dark Waters_is1" = Risen 2 Dark Waters
"Steam App 10" = Counter-Strike
"Steam App 104700" = Super Monday Night Combat
"Steam App 202480" = Creation Kit
"Steam App 240" = Counter-Strike: Source
"Steam App 35720" = Trine 2
"Steam App 39500" = Gothic 3
"Steam App 39510" = Gothic II: Gold Edition
"Steam App 4000" = Garry's Mod
"Steam App 40700" = Machinarium
"Steam App 42910" = Magicka
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 570" = Dota 2
"Steam App 620" = Portal 2
"Steam App 6980" = Thief: Deadly Shadows
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive Beta
"Steam App 8980" = Borderlands
"SysInfo" = Creative System Information
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VLC media player 2.0.1
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-554517835-2887831909-526785192-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Seal Hunter" = Seal Hunter
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2012-05-11 21:19:36 | Computer Name = Johannes-Dator | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Den lokala profilen kan inte hittas, så du loggas in med en temporär
profil. Ändringar du gör i profilen kommer inte att sparas när du loggar ut.

Error - 2012-05-11 21:19:37 | Computer Name = Johannes-Dator | Source = VSS | ID = 8194
Description =

Error - 2012-05-11 21:19:37 | Computer Name = Johannes-Dator | Source = VSS | ID = 8193
Description =

Error - 2012-05-11 21:46:11 | Computer Name = Johannes-Dator | Source = VSS | ID = 8193
Description =

Error - 2012-05-12 02:27:56 | Computer Name = Johannes-Dator | Source = VSS | ID = 8193
Description =

Error - 2012-05-12 08:25:45 | Computer Name = Johannes-Dator | Source = VSS | ID = 8193
Description =

Error - 2012-05-13 03:42:46 | Computer Name = Johannes-Dator | Source = WinMgmt | ID = 10
Description =

Error - 2012-05-13 03:44:22 | Computer Name = Johannes-Dator | Source = VSS | ID = 8194
Description =

Error - 2012-05-13 06:46:36 | Computer Name = Johannes-Dator | Source = SideBySide | ID = 16842827
Description = Det gick inte att skapa aktiveringskontext för e:\program files (x86)\Skype\Toolbars\internet
explorer\SkypeIEPluginBroker.exe. Det finns ett fel i manifest- eller principfilen
e:\program files (x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe
på rad 2. Flera element av typen requestedPrivileges stöds inte i manifestet.

Error - 2012-05-13 09:04:53 | Computer Name = Johannes-Dator | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2012-02-24 11:09:08 | Computer Name = Johannes-Dator | Source = Ntfs | ID = 262199
Description = Filsystemstrukturen på disken är skadad och oanvändbar. Kör verktyget
CHKDSK på volymen \Device\HarddiskVolume1.

Error - 2012-02-24 11:09:08 | Computer Name = Johannes-Dator | Source = Ntfs | ID = 262199
Description = Filsystemstrukturen på disken är skadad och oanvändbar. Kör verktyget
CHKDSK på volymen \Device\HarddiskVolume1.

Error - 2012-02-24 11:10:04 | Computer Name = Johannes-Dator | Source = Ntfs | ID = 262199
Description = Filsystemstrukturen på disken är skadad och oanvändbar. Kör verktyget
CHKDSK på volymen \Device\HarddiskVolume1.

Error - 2012-02-24 11:10:04 | Computer Name = Johannes-Dator | Source = Ntfs | ID = 262199
Description = Filsystemstrukturen på disken är skadad och oanvändbar. Kör verktyget
CHKDSK på volymen \Device\HarddiskVolume1.

Error - 2012-02-24 11:11:04 | Computer Name = Johannes-Dator | Source = Ntfs | ID = 262199
Description = Filsystemstrukturen på disken är skadad och oanvändbar. Kör verktyget
CHKDSK på volymen \Device\HarddiskVolume1.

Error - 2012-02-24 11:11:04 | Computer Name = Johannes-Dator | Source = Ntfs | ID = 262199
Description = Filsystemstrukturen på disken är skadad och oanvändbar. Kör verktyget
CHKDSK på volymen \Device\HarddiskVolume1.

Error - 2012-02-24 11:12:04 | Computer Name = Johannes-Dator | Source = Ntfs | ID = 262199
Description = Filsystemstrukturen på disken är skadad och oanvändbar. Kör verktyget
CHKDSK på volymen \Device\HarddiskVolume1.

Error - 2012-02-24 11:12:04 | Computer Name = Johannes-Dator | Source = Ntfs | ID = 262199
Description = Filsystemstrukturen på disken är skadad och oanvändbar. Kör verktyget
CHKDSK på volymen \Device\HarddiskVolume1.

Error - 2012-02-24 11:13:04 | Computer Name = Johannes-Dator | Source = Ntfs | ID = 262199
Description = Filsystemstrukturen på disken är skadad och oanvändbar. Kör verktyget
CHKDSK på volymen \Device\HarddiskVolume1.

Error - 2012-02-24 11:13:04 | Computer Name = Johannes-Dator | Source = Ntfs | ID = 262199
Description = Filsystemstrukturen på disken är skadad och oanvändbar. Kör verktyget
CHKDSK på volymen \Device\HarddiskVolume1.


< End of report >
Johannesgyr
Regular Member
 
Posts: 18
Joined: May 19th, 2012, 3:44 am

Re: I think im infected...

Unread postby Johannesgyr » May 22nd, 2012, 1:16 pm

tdsskiller did not find any malicous objects.
Johannesgyr
Regular Member
 
Posts: 18
Joined: May 19th, 2012, 3:44 am

Re: I think im infected...

Unread postby askey127 » May 22nd, 2012, 1:57 pm

Johannesgyr,
First, would you please translate this line to English for me? Thanks.
"Description = Filsystemstrukturen på disken är skadad och oanvändbar. Kör verktyget"

------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

Java(TM) 6 Update 26 (64-bit)

Take extra care in answering questions posed by any Uninstaller.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
Scroll down to the section on the page, labeled Java SE 7 Update 4, click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform Windows x64, and click it.
Download it, choose Save, and save it to your desktop.
Then right click it on your desktop, run as adinistrator, and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
When it finishes, you can remove the Installer from your desktop.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator")
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    O3 - HKU\S-1-5-21-554517835-2887831909-526785192-1001\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll File not found
    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll File not found
    O3 - HKU\S-1-5-21-554517835-2887831909-526785192-1001\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll File not found
    O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll File not found
    O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    [2012-02-28 03:58:14 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2011-12-09 21:32:45 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    IE - HKU\S-1-5-21-554517835-2887831909-526785192-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    IE - HKU\S-1-5-21-554517835-2887831909-526785192-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    
    :Files
    C:\Users\Johannes\AppData\Roaming\Uniblue
    C:\Users\Johannes\AppData\Roaming\ParetoLogic
    C:\Windows\SysWow64\PnkBstrA.exe
    C:\Windows\SysWow64\PnkBstrB.exe
    C:\Windows\SysWow64\PnkBstrB.ex0
    C:\Windows\SysWow64\PnkBstrB.xtr
    C:\Windows\tasks\ParetoLogic Registration3.job
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Let me know the translation of that line from CHKDSK, and post the contents of the new OTL.txt
Tell me if everything proceeded as you expected.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I think im infected...

Unread postby Johannesgyr » May 22nd, 2012, 2:19 pm

"Description = Filsystemstrukturen på disken är skadad och oanvändbar. Kör verktyget" means "The system file structure of the drive is damaged and unusable. Run the tool."

Here's the new OTL,

OTL logfile created on: 2012-05-22 20:16:29 - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Johannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

11,99 Gb Total Physical Memory | 10,31 Gb Available Physical Memory | 85,94% Memory free
23,98 Gb Paging File | 22,17 Gb Available in Paging File | 92,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,13 Gb Total Space | 30,34 Gb Free Space | 28,32% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 770,98 Gb Free Space | 82,77% Space Free | Partition Type: NTFS

Computer Name: JOHANNES-DATOR | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-05-22 20:12:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
PRC - [2012-05-19 08:38:15 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-05-05 15:44:42 | 000,932,528 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012-04-04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-03-10 15:26:10 | 001,242,448 | ---- | M] (Valve Corporation) -- E:\Program Files (x86)\Steam\Steam.exe
PRC - [2011-04-14 18:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009-12-02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009-12-02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


========== Modules (No Company Name) ==========

MOD - [2012-05-19 08:38:12 | 020,313,384 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012-05-19 08:38:10 | 000,895,312 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012-05-19 08:38:07 | 000,123,192 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012-05-19 08:38:05 | 000,190,776 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012-05-19 08:38:03 | 001,099,576 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012-05-09 05:04:52 | 000,441,840 | ---- | M] () -- C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
MOD - [2012-05-09 05:04:51 | 003,921,904 | ---- | M] () -- C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
MOD - [2012-05-09 05:03:36 | 000,553,456 | ---- | M] () -- C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\libglesv2.dll
MOD - [2012-05-09 05:03:35 | 000,117,744 | ---- | M] () -- C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\libegl.dll
MOD - [2012-05-09 05:03:25 | 000,134,656 | ---- | M] () -- C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\avutil-51.dll
MOD - [2012-05-09 05:03:24 | 000,250,368 | ---- | M] () -- C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\avformat-54.dll
MOD - [2012-05-09 05:03:23 | 002,375,680 | ---- | M] () -- C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll
MOD - [2012-05-05 15:44:42 | 000,932,528 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe


========== Win32 Services (SafeList) ==========

SRV - [2012-05-19 08:38:15 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-05-15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-05-14 22:26:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-02-29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-12-20 19:21:21 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011-12-20 19:21:12 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2011-03-28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-01-09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009-12-02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009-12-02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009-08-28 20:45:56 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-05-12 08:27:55 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-04-18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-11-24 00:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-09-08 16:40:24 | 000,508,520 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011-06-10 17:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011-06-10 17:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011-05-20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011-05-19 16:55:36 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011-04-08 19:00:06 | 000,312,624 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011-03-14 11:29:46 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-10-01 12:35:06 | 000,302,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009-12-22 02:54:00 | 001,308,160 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA)
DRV:64bit: - [2009-12-02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009-12-02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009-12-02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009-12-02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009-07-31 12:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WRfiltv.sys -- (WRfiltv)
DRV:64bit: - [2009-07-16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-03-18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008-01-17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV - [2010-08-04 11:05:12 | 000,016,384 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGI2CDriver.sys -- (LGDDCDevice)
DRV - [2010-08-04 11:05:00 | 000,019,968 | ---- | M] (LG Soft India) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\LGPII2CDriver.sys -- (LGII2CDevice)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 FF 48 8D 85 2B CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore

[2012-03-08 15:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
[2012-05-22 20:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\extensions
[2012-04-29 14:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\uo7hz1s3.default\extensions
[2012-04-29 14:38:19 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UO7HZ1S3.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Johannes\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Johannes\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: S\u00F6k p\u00E5 Google = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Click 2 Save = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmnjncblbopofbigibekembijeajahe\1.1_0\
CHR - Extension: ICE Quick Stream = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\5.2_0\
CHR - Extension: Gmail = C:\Users\Johannes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google] C:\Users\Johannes\AppData\Roaming\googleoez.exe File not found
O4 - HKCU..\Run: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Johannes\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [Steam] E:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Ski&cka till OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Ski&cka till OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Länkade &anteckningar - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Länkade &anteckningar - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.67.199.18 195.67.199.19 195.67.199.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A7F6BE2-E2B9-40DB-8C7D-02BC76260A30}: DhcpNameServer = 195.67.199.18 195.67.199.19 195.67.199.20
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fc916e0d-8883-11e1-bba6-14dae93e092d}\Shell - "" = AutoRun
O33 - MountPoints2\{fc916e0d-8883-11e1-bba6-14dae93e092d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-05-22 20:12:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-05-22 20:12:01 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2012-05-22 19:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012-05-22 18:17:33 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\RemoveMalware
[2012-05-15 06:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012-05-15 06:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012-05-13 15:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012-05-13 15:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012-05-13 15:02:54 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012-05-12 17:23:55 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\Skolgrejer
[2012-05-12 14:27:44 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Insanely Twisted Shadow Planet
[2012-05-12 14:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Game Studios
[2012-05-12 08:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012-05-12 08:27:55 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012-05-12 08:18:47 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Google
[2012-05-07 21:16:05 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Funcom
[2012-05-07 21:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\media center programs
[2012-05-07 21:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
[2012-05-04 23:13:26 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terraria
[2012-05-04 22:44:18 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012-05-01 01:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012-05-01 00:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
[2012-04-29 15:02:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Opera
[2012-04-29 15:02:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Opera
[2012-04-29 14:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012-04-28 14:55:26 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Risen2
[2012-04-26 14:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012-04-26 14:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012-04-26 13:57:33 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\vlc
[2012-04-23 17:07:34 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\gothic3
[2010-11-19 06:27:00 | 000,587,776 | ---- | C] (Igor Pavlov) -- C:\Users\Johannes\AppData\Roaming\7za.exe

========== Files - Modified Within 30 Days ==========

[2012-05-22 20:14:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-05-22 20:14:33 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys
[2012-05-22 20:13:48 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-05-22 20:13:48 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-05-22 20:12:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2012-05-22 19:54:00 | 000,001,016 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-554517835-2887831909-526785192-1001UA.job
[2012-05-22 19:54:00 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-554517835-2887831909-526785192-1001Core.job
[2012-05-22 19:51:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-05-22 19:13:22 | 001,575,584 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-05-22 19:13:22 | 000,662,158 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2012-05-22 19:13:22 | 000,652,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-05-22 19:13:22 | 000,141,702 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2012-05-22 19:13:22 | 000,121,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-05-19 03:46:58 | 000,332,019 | ---- | M] () -- C:\Users\Johannes\Desktop\csgo.png
[2012-05-18 15:03:51 | 000,002,374 | ---- | M] () -- C:\Users\Johannes\Desktop\Google Chrome.lnk
[2012-05-15 20:41:33 | 000,162,123 | ---- | M] () -- C:\Users\Johannes\Documents\hey..wma
[2012-05-15 19:02:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-05-15 12:48:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012-05-15 12:48:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012-05-15 12:48:00 | 000,014,324 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012-05-15 11:29:45 | 002,621,723 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012-05-15 06:10:41 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012-05-15 02:21:50 | 000,423,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012-05-13 22:02:28 | 000,341,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-05-12 08:27:55 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012-05-11 16:02:45 | 000,123,823 | ---- | M] () -- C:\Users\Johannes\Desktop\123asd.jpg
[2012-05-05 15:18:48 | 000,000,000 | -H-- | M] () -- C:\Users\Johannes\Documents\Default.rdp
[2012-05-04 23:23:52 | 001,553,434 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-04-30 00:52:02 | 000,000,448 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2012-04-26 16:24:27 | 000,001,943 | ---- | M] () -- C:\Users\Johannes\Desktop\Heroes of Newerth.lnk
[2012-04-26 14:05:28 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012-04-26 14:05:28 | 000,000,027 | ---- | M] () -- C:\Program Files\plugins.dat

========== Files Created - No Company Name ==========

[2012-05-19 03:46:58 | 000,332,019 | ---- | C] () -- C:\Users\Johannes\Desktop\csgo.png
[2012-05-15 20:41:33 | 000,162,123 | ---- | C] () -- C:\Users\Johannes\Documents\hey..wma
[2012-05-15 19:02:27 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-05-15 06:03:50 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012-05-15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012-05-11 16:02:50 | 000,123,823 | ---- | C] () -- C:\Users\Johannes\Desktop\123asd.jpg
[2012-05-05 15:18:48 | 000,000,000 | -H-- | C] () -- C:\Users\Johannes\Documents\Default.rdp
[2012-04-26 16:24:27 | 000,001,943 | ---- | C] () -- C:\Users\Johannes\Desktop\Heroes of Newerth.lnk
[2012-04-26 14:05:28 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012-04-26 14:02:57 | 000,000,027 | ---- | C] () -- C:\Program Files\plugins.dat
[2012-04-02 22:17:38 | 000,040,985 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\a.7z
[2012-03-13 22:06:09 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012-03-13 22:06:09 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012-03-13 22:06:09 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012-01-23 22:44:51 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012-01-22 18:57:53 | 000,000,206 | ---- | C] () -- C:\Windows\ulead32.ini
[2011-12-26 23:43:39 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\LGErrorHandler.dll
[2011-12-26 23:43:38 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\LGUmdl.dll
[2011-12-20 19:21:23 | 000,001,801 | ---- | C] () -- C:\Windows\WRcfg.ini
[2011-12-20 19:21:23 | 000,000,388 | ---- | C] () -- C:\Windows\WRMCcfg.ini
[2011-12-20 19:21:22 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011-12-20 19:21:22 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011-12-15 00:26:10 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll
[2011-12-15 00:26:10 | 000,000,518 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2011-12-15 00:26:05 | 000,008,031 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2011-12-15 00:26:05 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2011-12-15 00:26:04 | 000,001,320 | ---- | C] () -- C:\Windows\cm108.ini
[2011-11-02 04:10:24 | 000,088,280 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011-10-16 00:40:43 | 000,000,032 | ---- | C] () -- C:\Program Files\plugins-04041e-fe8.dat
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-09-01 15:06:17 | 001,553,434 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-05-31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011-05-31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

========== LOP Check ==========

[2011-10-08 17:28:27 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\.minecraft
[2012-01-21 23:29:27 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\BigHugeEngine
[2012-01-22 18:55:56 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012-03-13 21:59:05 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAEMON Tools Lite
[2012-02-05 20:38:57 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DarknessIIDemo
[2012-01-16 15:40:10 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DriverCure
[2012-02-01 16:29:15 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\fltk.org
[2011-12-09 21:59:16 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Image-Line
[2011-10-07 17:08:59 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\LolClient
[2012-05-19 10:15:09 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Opera
[2011-10-25 19:04:25 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Origin
[2012-01-23 22:22:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\PCCleaner
[2012-02-05 23:49:38 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\RIFT
[2012-03-01 03:50:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\RotMG.Production
[2012-05-19 00:23:00 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SoftGrid Client
[2012-05-22 18:56:59 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Spotify
[2012-01-23 22:25:18 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\spotmau
[2011-12-09 22:08:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\SynthMaker
[2011-10-22 18:33:53 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TP
[2012-03-30 18:47:02 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Trine2
[2012-02-16 00:19:58 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TuneUp Software
[2012-03-10 15:29:42 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Unity
[2012-01-01 14:14:25 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\VOIPlay
[2012-04-30 00:52:02 | 000,000,448 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2012-03-08 14:55:14 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Johannesgyr
Regular Member
 
Posts: 18
Joined: May 19th, 2012, 3:44 am

Re: I think im infected...

Unread postby askey127 » May 22nd, 2012, 2:52 pm

Johannesgyr,
Thanks for the translation.
-----------------------------------------
Check hard Drive for Errors
Open Notepad... then copy and paste the following line into Notepad:
(Notepad is in Start, Programs, Accessories)
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"

Now Save the NotePad file like this:
  • Click on File from the top menu bar.
  • Select Save As, use Filename: testhd.bat and Save As Type: All Files.
  • Choose Desktop as the location
  • Click Save.
Right click on testhd.bat on your desktop and select Run As Administrator to run it. OK the UAC.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the checkhd.txt file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.

-----------------------------------------
Follow this instruction to turn Windows Defender OFF
http://windows.microsoft.com/en-US/wind ... -on-or-off

Tell me if you are able to turn ON the McAfee Firewall, or what results you are seeing.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: I think im infected...

Unread postby Johannesgyr » May 22nd, 2012, 3:02 pm

Filsystemet „r av typen NTFS.

Varning! Parametern /F har inte angetts.
CHKDSK k”rs i skrivskyddat l„ge.

CHKDSK verifierar filer (steg 1 av 3)...
0 procent klart. (0 av 188160 filposter har behandlats)
1 procent klart. (18816 av 188160 filposter har behandlats)
2 procent klart. (37632 av 188160 filposter har behandlats)
3 procent klart. (56448 av 188160 filposter har behandlats)
4 procent klart. (75264 av 188160 filposter har behandlats)
5 procent klart. (94080 av 188160 filposter har behandlats)
6 procent klart. (112896 av 188160 filposter har behandlats)
7 procent klart. (131712 av 188160 filposter har behandlats)
8 procent klart. (150528 av 188160 filposter har behandlats)
9 procent klart. (169344 av 188160 filposter har behandlats)
188160 filposter har behandlats.

Filverifieringen „r klar.
346 stora filposter har behandlats.

0 skadade filposter har behandlats.

14 EA-poster har behandlats.

119 referensposter har behandlats.

CHKDSK verifierar index (steg 2 av 3)...
11 procent klart. (6675 av 233362 indexposter har behandlats)
12 procent klart. (13509 av 233362 indexposter har behandlats)
13 procent klart. (20343 av 233362 indexposter har behandlats)
14 procent klart. (27177 av 233362 indexposter har behandlats)
15 procent klart. (34011 av 233362 indexposter har behandlats)
16 procent klart. (40845 av 233362 indexposter har behandlats)
17 procent klart. (47679 av 233362 indexposter har behandlats)
18 procent klart. (54513 av 233362 indexposter har behandlats)
19 procent klart. (61347 av 233362 indexposter har behandlats)
20 procent klart. (68181 av 233362 indexposter har behandlats)
21 procent klart. (75015 av 233362 indexposter har behandlats)
22 procent klart. (81849 av 233362 indexposter har behandlats)
23 procent klart. (88683 av 233362 indexposter har behandlats)
24 procent klart. (95517 av 233362 indexposter har behandlats)
25 procent klart. (102351 av 233362 indexposter har behandlats)
26 procent klart. (109185 av 233362 indexposter har behandlats)
27 procent klart. (116019 av 233362 indexposter har behandlats)
28 procent klart. (122853 av 233362 indexposter har behandlats)
29 procent klart. (129688 av 233362 indexposter har behandlats)
30 procent klart. (136522 av 233362 indexposter har behandlats)
31 procent klart. (143356 av 233362 indexposter har behandlats)
32 procent klart. (150190 av 233362 indexposter har behandlats)
33 procent klart. (157024 av 233362 indexposter har behandlats)
34 procent klart. (163858 av 233362 indexposter har behandlats)
35 procent klart. (170692 av 233362 indexposter har behandlats)
36 procent klart. (177526 av 233362 indexposter har behandlats)
37 procent klart. (184360 av 233362 indexposter har behandlats)
38 procent klart. (191194 av 233362 indexposter har behandlats)
39 procent klart. (198028 av 233362 indexposter har behandlats)
40 procent klart. (204862 av 233362 indexposter har behandlats)
233362 indexposter har behandlats.

Indexverifieringen „r klar.
0 oindexerade filer har genoms”kts.

0 oindexerade filer har †terst„llts.

CHKDSK verifierar s„kerhetsbeskrivare (steg 3 av 3)...
45 procent klart. (17009 av 188160 fil-SD/SID-poster har behandlats)
46 procent klart. (37511 av 188160 fil-SD/SID-poster har behandlats)
47 procent klart. (58014 av 188160 fil-SD/SID-poster har behandlats)
48 procent klart. (78516 av 188160 fil-SD/SID-poster har behandlats)
49 procent klart. (99018 av 188160 fil-SD/SID-poster har behandlats)
50 procent klart. (119520 av 188160 fil-SD/SID-poster har behandlats)
51 procent klart. (140022 av 188160 fil-SD/SID-poster har behandlats)
52 procent klart. (160524 av 188160 fil-SD/SID-poster har behandlats)
53 procent klart. (181026 av 188160 fil-SD/SID-poster har behandlats)
188160 fil-SD/SID-poster har behandlats.

Verifieringen av s„kerhetsbeskrivare „r klar.
22602 datafiler har behandlats.

CHKDSK verifierar USN-journalen...
99 procent klart. (0 av 35971288 USN-byte har behandlats)
100 procent klart. (35971072 av 35971288 USN-byte har behandlats)
35971288 USN-byte har behandlats.

Verifieringen av USN-journalen „r klar.
Filsystemet har kontrollerats. Inga problem p†tr„ffades.

112334847 kB diskutrymme totalt.
80741116 kB i 91807 filer.
60392 kB i 22603 index.
0 kB i skadade sektorer.
294359 kB anv„nds av operativsystemet.
65536 kB h†rddisksutrymme anv„nds av loggfilen.
31238980 kB ledigt utrymme.

4096 byte i varje allokeringsenhet.
28083711 allokeringsenheter finns totalt p† disken.
7809745 allokeringsenheter „r tillg„ngliga p† disken.
Most parts of the file are in swedish, sadly.
Johannesgyr
Regular Member
 
Posts: 18
Joined: May 19th, 2012, 3:44 am

Re: I think im infected...

Unread postby Johannesgyr » May 22nd, 2012, 3:24 pm

Oh and when I followed the off or on windows defender guide, it says that the service is not installed (error code: 0x80070424)

According to McAfee the firewall is off, but it does not warn me or anything.
Johannesgyr
Regular Member
 
Posts: 18
Joined: May 19th, 2012, 3:44 am

Re: I think im infected...

Unread postby askey127 » May 22nd, 2012, 3:40 pm

Johannesgyr,
If McAfee firewall is OFF, do this:
From Control panel, click on Windows Firewall. See what it reports.
You can Reset to Defaults or look at Advanced Settings on the Left side.

(That CHKDSK report on the C: drive looks OK. Let's check E:)
-----------------------------------------
Check hard Drive for Errors
Open Notepad... then copy and paste the following line into Notepad:
(Notepad is in Start, Programs, Accessories)
Code: Select all
cmd  /c  chkdsk  e:  |find  /v  "percent"  >> "%userprofile%\desktop\Edrv.txt"

Now Save the NotePad file like this:
  • Click on File from the top menu bar.
  • Select Save As, use Filename: testE.bat and Save As Type: All Files.
  • Choose Desktop as the location
  • Click Save.
Right click on testE.bat on your desktop and select Run As Administrator to run it. OK the UAC.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the Edrv.txt file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware