Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problem with redirects and anoying popup ad in bottom corner

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Problem with redirects and anoying popup ad in bottom corner

Unread postby herrober » June 4th, 2012, 5:46 pm

First of all, thanks for this great service.

I have two problems.

1. I get redirected to all kinds of bogus sites when pressing links. Not always, say one out of ten clicked links.
2. I have this annoying popud ad in the bottom right corner, exactly as others have posted the same problems with. I cant get rid of it. Have tried all kinds of antispyware and antimalware software.

Many thanks in advance! Best regards, Peter

Below is the DDS result:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Peter at 23:43:23 on 2012-06-04
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.46.1033.18.4094.2342 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Välja bort annonscookies: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} - hxxp://www.fujidirekt.se/asp/_upload/ac ... oader7.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5} - hxxp://www.fujidirekt.se/asp/_upload/ac ... ctivex.cab
TCP: DhcpNameServer = 84.246.88.10 84.246.88.20 192.168.1.1
TCP: Interfaces\{D9CD8E72-C71D-4FBF-9788-E5446EE13572} : DhcpNameServer = 84.246.88.10 84.246.88.20 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: V„lja bort annonscookies: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
BHO-X64: V„lja bort annonscookies - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
Hosts: 67.215.245.19 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\pzknk0mj.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl64.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-18 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 257696]
S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-18 136176]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 TdsNordecr;Nordea NCR1 SmartCard Reader;C:\Windows\system32\DRIVERS\nordecr.sys --> C:\Windows\system32\DRIVERS\nordecr.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-06-04 19:12:24 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE16B3FF-9E4A-4F6D-9C03-A5ACCBC9C20F}\mpengine.dll
2012-06-03 21:10:15 -------- d-----w- C:\Users\Peter\AppData\Local\{0428DEE5-99F4-4D4B-B63C-38F2F31D1631}
2012-06-03 21:10:05 -------- d-----w- C:\Users\Peter\AppData\Local\{DDC699A6-975D-4C94-9F52-7DDD2768DF36}
2012-06-03 13:57:30 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-01 15:45:01 -------- d-----w- C:\Users\Peter\AppData\Local\{34B6C8C3-7ED5-46BC-B802-227AF9B12801}
2012-06-01 15:44:51 -------- d-----w- C:\Users\Peter\AppData\Local\{1626817F-CB5A-4933-937F-C5755C95BDB9}
2012-05-31 18:41:46 -------- d-----w- C:\Users\Peter\AppData\Local\{3E3F6537-7DF2-4617-95F7-F150103B18BC}
2012-05-31 18:41:35 -------- d-----w- C:\Users\Peter\AppData\Local\{875AEE7F-4B4D-43EC-8FCC-6B4FBDACB590}
2012-05-22 09:43:26 -------- d-----w- C:\Users\Peter\AppData\Local\{9FB537B3-6F7A-44B5-B4DB-58D27C09DFA0}
2012-05-22 09:43:16 -------- d-----w- C:\Users\Peter\AppData\Local\{00B891C9-E4A2-4796-AC11-202DB1C8027F}
2012-05-18 09:58:07 -------- d-----w- C:\Users\Peter\AppData\Local\{7E076D5D-1B65-4362-99D9-726887C91733}
2012-05-18 09:57:57 -------- d-----w- C:\Users\Peter\AppData\Local\{46B25A88-C0E5-46FB-93D9-762ABEC0F614}
2012-05-17 12:50:55 877912 ----a-w- C:\Windows\System32\gpprefcl.dll
2012-05-17 12:50:55 675152 ----a-w- C:\Windows\SysWow64\gpprefcl.dll
2012-05-17 12:38:42 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-05-17 12:38:42 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-05-17 11:57:34 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-17 11:42:21 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-17 11:42:21 2766848 ----a-w- C:\Windows\System32\win32k.sys
2012-05-17 11:38:51 -------- d-----w- C:\ProgramData\GFI Software
2012-05-10 16:23:58 -------- d-----w- C:\Users\Peter\AppData\Local\{014DC2DE-D9F9-4658-8B64-741513633156}
2012-05-10 16:23:47 -------- d-----w- C:\Users\Peter\AppData\Local\{6AF471D9-77C1-426A-AEDB-C7186AA1D1B5}
2012-05-10 05:43:44 -------- d-----w- C:\Program Files\iPod
2012-05-10 05:43:41 -------- d-----w- C:\Program Files\iTunes
2012-05-10 05:43:41 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-08 19:05:29 -------- d-----w- C:\Users\Peter\AppData\Local\{0FB58E45-F018-43E8-937C-905A919AF9D1}
2012-05-08 19:05:18 -------- d-----w- C:\Users\Peter\AppData\Local\{459CB2E1-3628-4785-9C9C-B902984A629E}
.
==================== Find3M ====================
.
2012-05-05 12:26:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 12:26:21 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 12:26:07 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 12:45:03 1422720 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-29 14:22:51 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-03-20 23:34:30 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-20 18:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 18:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-08 16:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 16:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 23:43:38,91 ===============
herrober
Regular Member
 
Posts: 15
Joined: June 4th, 2012, 5:34 pm
Advertisement
Register to Remove

Re: Problem with redirects and anoying popup ad in bottom co

Unread postby maxi » June 5th, 2012, 11:44 am

Hello herrober and welcome to the forums :)

I am maxi, and will be assisting you with your log.
If you still need assistance, please do the following:

*Print all instructions or Copy to Notepad for reference.
*Please note, unless I'm notified ahead of time, this topic will close if there is not a response in 3 Days.
*Place a link to this thread in your Favorites/Bookmarks for easily returning here.
*Please respond until I give the all clear, as absence of symptoms does NOT always mean Clean.
*Please do not run any other tools/scans unless requested* Do not install/uninstall anything unless requested
**Please be sure you have read Malware Removal Forum Guidelines and Rules especially P2P Policy
*If you can do the above all should go well.
*If you do not understand a step, please STOP and ASK before proceeding*

**All fixes are for this computer and the current issues on it. Please Do Not use these instructions on another issue or computer.**


Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please post the second log (attach.txt) that was produced by DDS. You may need to run the program again to get it.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Problem with redirects and anoying popup ad in bottom co

Unread postby herrober » June 5th, 2012, 12:04 pm

Hello Maxi,

Many thanks for reply. Please find the attach.txt posted below.

Thanks again for this excellent service! Regards, Peter

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume1
Install Date: 2009-02-21 18:41:48
System Uptime: 2012-06-05 11:34:10 (7 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5Q-PRO
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | LGA 775 | 3003/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 80 GiB total, 24,891 GiB free.
D: is FIXED (NTFS) - 516 GiB total, 258,45 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 1863 GiB total, 1385,081 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1475: 2012-05-29 17:56:11 - Windows Update
RP1476: 2012-05-30 17:56:07 - Windows Update
RP1477: 2012-05-31 17:56:42 - Windows Update
RP1478: 2012-06-01 16:20:28 - Scheduled Checkpoint
RP1479: 2012-06-02 15:58:36 - Windows Update
RP1480: 2012-06-03 15:56:49 - Windows Update
RP1481: 2012-06-04 11:06:48 - Scheduled Checkpoint
RP1482: 2012-06-04 21:11:53 - Windows Update
RP1483: 2012-06-04 23:08:39 - Windows Update
RP1484: 2012-06-05 12:14:10 - Scheduled Checkpoint
.
==== Hosts File Hijack ======================
.
Hosts: 67.215.245.19 www.google-analytics.com.
Hosts: 67.215.245.19 ad-emea.doubleclick.net.
Hosts: 67.215.245.19 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Reader 9.1.3
Apple Application Support
Apple Software Update
Argos Mini II
Ashampoo Burning Studio 2009
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
BankID säkerhetsprogram
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
CCleaner (remove only)
Cisco Connect
Combined Community Codec Pack 2009-09-09
Compatibility Pack for the 2007 Office system
D3DX10
EPU-6 Engine
FLAC 1.2.1b (remove only)
Google Chrome
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
Google Välja bort annonscookies
HandBrake 0.9.6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
MKVtoolnix 3.0.0
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
Picasa 3
PrimoPDF
PS3 Media Server
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Segoe UI
Skins
Skype Click to Call
Skype™ 5.8
SpeedFan (remove only)
Spotify
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
VLC media player 0.9.9
World of Warcraft FREE Trial
.
==== Event Viewer Messages From Past Week ========
.
2012-06-05 11:36:10, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
.
==== End Of File ===========================
herrober
Regular Member
 
Posts: 15
Joined: June 4th, 2012, 5:34 pm

Re: Problem with redirects and anoying popup ad in bottom co

Unread postby maxi » June 5th, 2012, 5:51 pm

Hi herrober, and thanks for that log :)

Do you use this computer for any business purposes ? I need to know to give the appropriate advice.

regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Problem with redirects and anoying popup ad in bottom co

Unread postby herrober » June 6th, 2012, 3:13 am

Hi Maxi,

The computer is only for private use.

Regards, Peter
herrober
Regular Member
 
Posts: 15
Joined: June 4th, 2012, 5:34 pm

Re: Problem with redirects and anoying popup ad in bottom co

Unread postby maxi » June 6th, 2012, 7:47 am

Hi herrober,

Step 1
Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Step 2
Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

Step 3
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

In your next reply please include:
Both logs from OTL.
The log from aswMBR.
The eset log.
Any problems you had with my instructions.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Problem with redirects and anoying popup ad in bottom co

Unread postby herrober » June 6th, 2012, 12:13 pm

Hi Maxi,

OTL.txt:

OTL logfile created on: 2012-06-06 18:04:45 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Peter\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 55,65% Memory free
8,21 Gb Paging File | 6,30 Gb Available in Paging File | 76,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80,00 Gb Total Space | 25,92 Gb Free Space | 32,40% Space Free | Partition Type: NTFS
Drive D: | 516,17 Gb Total Space | 258,45 Gb Free Space | 50,07% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1385,08 Gb Free Space | 74,35% Space Free | Partition Type: NTFS

Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-06-06 17:58:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
PRC - [2012-04-17 14:44:12 | 001,333,144 | ---- | M] (Technology Nexus AB) -- C:\Program Files (x86)\Personal\bin\Personal.exe
PRC - [2012-02-25 15:33:57 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009-11-13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008-06-03 02:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2008-04-15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008-04-15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2008-06-03 02:06:34 | 005,964,800 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
MOD - [2008-04-15 11:07:34 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll
MOD - [2006-01-10 10:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005-05-11 17:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\pngio.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012-03-26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012-03-26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011-04-20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008-01-21 04:49:41 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008-01-21 04:46:43 | 000,088,064 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2008-01-21 04:45:48 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-05-05 14:26:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-02-29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-11-13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009-03-30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-03-30 06:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008-04-15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008-01-21 04:47:28 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-03-20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012-02-29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-04-20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011-04-20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-04-20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009-10-01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-05-09 10:45:02 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009-04-11 06:54:21 | 000,299,008 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\udfs.sys -- (udfs)
DRV:64bit: - [2008-06-30 19:28:00 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2008-04-15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008-01-21 04:47:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2008-01-21 04:45:42 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ipmidrv.sys -- (IPMIDRV)
DRV:64bit: - [2008-01-21 04:45:42 | 000,035,896 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\i2omp.sys -- (i2omp)
DRV:64bit: - [2008-01-21 04:45:41 | 000,185,912 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320)
DRV:64bit: - [2008-01-21 04:45:41 | 000,128,056 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio)
DRV:64bit: - [2008-01-21 04:45:41 | 000,078,392 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2008-01-21 04:45:41 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\i8042prt.sys -- (i8042prt)
DRV:64bit: - [2008-01-21 04:45:41 | 000,024,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd)
DRV:64bit: - [2008-01-21 04:45:39 | 000,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2008-01-21 04:45:39 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\fdc.sys -- (fdc)
DRV:64bit: - [2008-01-21 04:45:19 | 000,113,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm)
DRV:64bit: - [2008-01-21 04:45:19 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive)
DRV:64bit: - [2008-01-21 04:45:18 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass)
DRV:64bit: - [2008-01-21 04:45:15 | 000,113,720 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2008-01-21 04:45:14 | 000,091,192 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas)
DRV:64bit: - [2008-01-21 04:45:14 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse)
DRV:64bit: - [2008-01-21 04:45:14 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk)
DRV:64bit: - [2008-01-21 04:45:13 | 000,397,368 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor)
DRV:64bit: - [2008-01-21 04:45:13 | 000,290,872 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastorv.sys -- (iaStorV)
DRV:64bit: - [2008-01-21 04:45:13 | 000,047,672 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hpcisss.sys -- (HpCISSs)
DRV:64bit: - [2008-01-21 04:45:13 | 000,035,896 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas)
DRV:64bit: - [2008-01-21 04:45:10 | 000,438,328 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\megasr.sys -- (MegaSR)
DRV:64bit: - [2008-01-21 04:45:10 | 000,284,728 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\uliahci.sys -- (uliahci)
DRV:64bit: - [2008-01-21 04:45:10 | 000,105,016 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2008-01-21 04:45:10 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2)
DRV:64bit: - [2008-01-21 04:45:09 | 000,342,584 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci)
DRV:64bit: - [2008-01-21 04:45:09 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\flpydisk.sys -- (flpydisk)
DRV:64bit: - [2008-01-21 04:45:08 | 000,128,056 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid)
DRV:64bit: - [2008-01-21 04:45:08 | 000,126,520 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpu160m.sys -- (adpu160m)
DRV:64bit: - [2008-01-21 04:45:08 | 000,054,328 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor)
DRV:64bit: - [2008-01-21 04:45:07 | 000,486,456 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2008-01-21 04:45:06 | 001,221,176 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300)
DRV:64bit: - [2008-01-21 04:45:06 | 000,174,696 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ulsata2.sys -- (ulsata2)
DRV:64bit: - [2008-01-21 04:45:06 | 000,090,680 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc)
DRV:64bit: - [2008-01-21 04:45:05 | 000,113,720 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2008-01-21 04:45:05 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8)
DRV:64bit: - [2008-01-21 04:45:05 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor)
DRV:64bit: - [2008-01-21 04:45:05 | 000,023,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp)
DRV:64bit: - [2008-01-21 04:45:04 | 000,023,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt)
DRV:64bit: - [2008-01-21 04:45:04 | 000,019,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\intelide.sys -- (intelide)
DRV:64bit: - [2008-01-21 04:45:04 | 000,018,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide)
DRV:64bit: - [2008-01-21 04:45:04 | 000,018,024 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide)
DRV:64bit: - [2008-01-21 04:45:04 | 000,015,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide)
DRV:64bit: - [2008-01-21 04:45:04 | 000,015,976 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide)
DRV:64bit: - [2008-01-21 04:45:04 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:64bit: - [2008-01-21 04:45:04 | 000,013,416 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide)
DRV:64bit: - [2008-01-21 04:45:04 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev)
DRV:64bit: - [2007-10-30 08:59:30 | 000,028,672 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nordecr.sys -- (TdsNordecr)
DRV:64bit: - [2006-11-02 14:03:03 | 000,051,816 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2006-11-02 14:02:52 | 000,049,256 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\symc8xx.sys -- (Symc8xx)
DRV:64bit: - [2006-11-02 14:02:47 | 000,048,232 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sym_u3.sys -- (Sym_u3)
DRV:64bit: - [2006-11-02 14:02:39 | 000,044,648 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp)
DRV:64bit: - [2006-11-02 14:02:37 | 000,044,648 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sym_hi.sys -- (Sym_hi)
DRV:64bit: - [2006-11-02 14:02:24 | 000,039,016 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mraid35x.sys -- (Mraid35x)
DRV:64bit: - [2006-11-02 14:02:09 | 000,037,480 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iteraid.sys -- (iteraid)
DRV:64bit: - [2006-11-02 14:02:09 | 000,037,480 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iteatapi.sys -- (iteatapi)
DRV:64bit: - [2006-11-02 13:51:30 | 000,203,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia)
DRV:64bit: - [2006-11-02 13:50:54 | 000,148,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ulsata.sys -- (UlSata)
DRV:64bit: - [2006-11-02 13:50:27 | 000,124,008 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2006-11-02 13:50:06 | 000,090,216 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port)
DRV:64bit: - [2006-11-02 13:50:06 | 000,088,168 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\djsvs.sys -- (aic78xx)
DRV:64bit: - [2006-11-02 12:27:53 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbprint.sys -- (usbprint)
DRV:64bit: - [2006-11-02 11:44:02 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM)
DRV:64bit: - [2006-11-02 11:44:01 | 000,034,304 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth)
DRV:64bit: - [2006-11-02 11:43:51 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\usbccgp.sys -- (usbccgp)
DRV:64bit: - [2006-11-02 11:43:46 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV:64bit: - [2006-11-02 11:43:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci)
DRV:64bit: - [2006-11-02 11:43:36 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr)
DRV:64bit: - [2006-11-02 11:40:24 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen)
DRV:64bit: - [2006-11-02 11:38:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy)
DRV:64bit: - [2006-11-02 11:38:02 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\serial.sys -- (Serial)
DRV:64bit: - [2006-11-02 11:37:57 | 000,096,768 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport)
DRV:64bit: - [2006-11-02 10:43:25 | 000,086,528 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV:64bit: - [2006-11-01 01:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006-09-18 23:30:18 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brserwdm.sys -- (BrSerWdm)
DRV:64bit: - [2006-09-18 23:30:18 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brusbmdm.sys -- (BrUsbMdm)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4132941712-4001711240-1955874638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4132941712-4001711240-1955874638-1000\..\SearchScopes,DefaultScope = {49856D26-DE96-4A25-962D-5D3E46DA8507}
IE - HKU\S-1-5-21-4132941712-4001711240-1955874638-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4132941712-4001711240-1955874638-1000\..\SearchScopes\{49856D26-DE96-4A25-962D-5D3E46DA8507}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7ADRA_enSE441
IE - HKU\S-1-5-21-4132941712-4001711240-1955874638-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4132941712-4001711240-1955874638-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:2.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-05-10 07:41:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-05-10 07:41:37 | 000,000,000 | ---D | M]

[2010-02-07 19:53:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Extensions
[2010-02-07 19:53:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011-05-10 09:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\pzknk0mj.default\extensions
[2010-06-06 23:01:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\pzknk0mj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-04-12 07:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-04-03 18:56:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-02-21 22:08:40 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-02-18 23:49:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012-02-21 22:08:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-02-21 22:08:37 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program Files (x86)\Personal\bin\np_prsnl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Peter\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Skype Click to Call = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Gmail = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-02-29 13:10:13 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Välja bort annonscookies) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-4132941712-4001711240-1955874638-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} http://www.fujidirekt.se/asp/_upload/ac ... oader7.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5} http://www.fujidirekt.se/asp/_upload/ac ... ctivex.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.246.88.10 84.246.88.20 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9CD8E72-C71D-4FBF-9788-E5446EE13572}: DhcpNameServer = 84.246.88.10 84.246.88.20 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{568cea6a-a5ba-11de-a066-002354317ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{568cea6a-a5ba-11de-a066-002354317ba0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{89d9861a-003e-11de-a635-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{89d9861a-003e-11de-a635-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{93366242-01d2-11de-987b-002354317ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{93366242-01d2-11de-987b-002354317ba0}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{93366242-01d2-11de-987b-002354317ba0}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{93366242-01d2-11de-987b-002354317ba0}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{dbbc70fb-12fe-11df-b092-002354317ba0}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-06-06 17:58:04 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2012-06-05 20:31:55 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{9CA03233-1281-4BD4-86CA-62E85A550342}
[2012-06-05 20:31:44 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{D3CB28D9-A70D-4CA6-ADC2-2BA1543AF01F}
[2012-06-04 23:13:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Peter\Desktop\dds.scr
[2012-06-03 23:10:15 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{0428DEE5-99F4-4D4B-B63C-38F2F31D1631}
[2012-06-03 23:10:05 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{DDC699A6-975D-4C94-9F52-7DDD2768DF36}
[2012-06-01 17:45:01 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{34B6C8C3-7ED5-46BC-B802-227AF9B12801}
[2012-06-01 17:44:51 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{1626817F-CB5A-4933-937F-C5755C95BDB9}
[2012-05-31 20:41:46 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{3E3F6537-7DF2-4617-95F7-F150103B18BC}
[2012-05-31 20:41:35 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{875AEE7F-4B4D-43EC-8FCC-6B4FBDACB590}
[2012-05-22 12:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012-05-22 12:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012-05-22 11:43:26 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{9FB537B3-6F7A-44B5-B4DB-58D27C09DFA0}
[2012-05-22 11:43:16 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{00B891C9-E4A2-4796-AC11-202DB1C8027F}
[2012-05-22 11:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BankID säkerhetsprogram
[2012-05-19 23:13:11 | 055,656,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012-05-18 11:58:07 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{7E076D5D-1B65-4362-99D9-726887C91733}
[2012-05-18 11:57:57 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{46B25A88-C0E5-46FB-93D9-762ABEC0F614}
[2012-05-17 15:44:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2012-05-17 15:44:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2012-05-17 14:50:55 | 000,877,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcl.dll
[2012-05-17 14:50:55 | 000,675,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcl.dll
[2012-05-17 14:49:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2012-05-17 14:49:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll
[2012-05-17 14:49:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2012-05-17 14:49:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll
[2012-05-17 14:49:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2012-05-17 14:49:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2012-05-17 14:49:35 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll
[2012-05-17 14:49:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe
[2012-05-17 14:49:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2012-05-17 14:49:35 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe
[2012-05-17 14:49:35 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2012-05-17 14:49:30 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll
[2012-05-17 14:49:30 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe
[2012-05-17 14:49:30 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll
[2012-05-17 14:49:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2012-05-17 14:49:30 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2012-05-17 14:49:30 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2012-05-17 14:49:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2012-05-17 14:49:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2012-05-17 14:49:30 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2012-05-17 14:49:30 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2012-05-17 14:49:30 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2012-05-17 14:49:24 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll
[2012-05-17 14:49:24 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2012-05-17 14:49:24 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2012-05-17 14:49:24 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2012-05-17 14:49:24 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2012-05-17 14:49:24 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2012-05-17 14:49:24 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2012-05-17 14:49:24 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2012-05-17 14:49:24 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2012-05-17 14:49:24 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2012-05-17 14:39:46 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012-05-17 14:39:44 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012-05-17 14:39:44 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012-05-17 14:39:40 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012-05-17 14:39:38 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2012-05-17 14:39:38 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2012-05-17 14:39:37 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2012-05-17 14:39:37 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2012-05-17 14:39:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2012-05-17 14:39:36 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2012-05-17 14:38:42 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012-05-17 14:38:42 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012-05-17 13:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012-05-17 13:43:33 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll
[2012-05-17 13:43:32 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012-05-17 13:43:31 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012-05-17 13:43:31 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012-05-17 13:43:31 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012-05-17 13:43:31 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012-05-17 13:42:21 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012-05-17 13:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012-05-10 18:23:58 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{014DC2DE-D9F9-4658-8B64-741513633156}
[2012-05-10 18:23:47 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{6AF471D9-77C1-426A-AEDB-C7186AA1D1B5}
[2012-05-10 07:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012-05-10 07:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012-05-10 07:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012-05-10 07:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012-05-10 07:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012-05-10 07:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012-05-08 21:05:29 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{0FB58E45-F018-43E8-937C-905A919AF9D1}
[2012-05-08 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{459CB2E1-3628-4785-9C9C-B902984A629E}
[2012-05-08 20:39:16 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\till syster
[2 C:\Users\Peter\AppData\Roaming\*.tmp files -> C:\Users\Peter\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-06-06 17:58:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2012-06-06 17:38:00 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-06 17:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-06-06 17:10:47 | 000,004,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-06-06 17:10:47 | 000,004,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-06-06 09:15:56 | 000,711,040 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-06-06 09:15:56 | 000,601,106 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-06-06 09:15:56 | 000,106,020 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-06-06 09:10:58 | 000,000,988 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-06 09:10:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-06-04 23:13:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Peter\Desktop\dds.scr
[2012-06-03 12:00:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012-06-01 20:05:07 | 000,209,920 | ---- | M] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-05-23 21:41:39 | 000,183,102 | ---- | M] () -- C:\Users\Peter\Desktop\Receipt Peter.pdf
[2012-05-23 21:41:39 | 000,006,397 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\PrimoPDFSet.xml
[2012-05-22 11:06:07 | 000,001,078 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk
[2012-05-17 20:33:54 | 000,716,678 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-05-17 15:46:57 | 000,382,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-05-17 13:57:47 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-05-15 23:32:11 | 000,971,299 | ---- | M] () -- C:\Users\Peter\Desktop\brochure_en.pdf
[2012-05-10 07:44:06 | 000,001,700 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\Users\Peter\AppData\Roaming\*.tmp files -> C:\Users\Peter\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-05-23 21:41:34 | 000,183,102 | ---- | C] () -- C:\Users\Peter\Desktop\Receipt Peter.pdf
[2012-05-17 14:49:26 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2012-05-17 14:49:26 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2012-05-17 14:49:25 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2012-05-17 14:49:25 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2012-05-17 14:49:25 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012-05-17 14:49:25 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012-05-15 23:31:41 | 000,971,299 | ---- | C] () -- C:\Users\Peter\Desktop\brochure_en.pdf
[2012-05-10 07:44:06 | 000,001,700 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-03-17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010-09-27 09:55:37 | 000,716,678 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-06-28 07:36:26 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\imon1.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Users\Peter\Desktop\20071210 TATWEER DUBAI PRESENTATION.mov:SummaryInformation

< End of report >
herrober
Regular Member
 
Posts: 15
Joined: June 4th, 2012, 5:34 pm

Re: Problem with redirects and anoying popup ad in bottom co

Unread postby herrober » June 6th, 2012, 12:14 pm

Extras.txt:

OTL Extras logfile created on: 2012-06-06 18:04:45 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Peter\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 55,65% Memory free
8,21 Gb Paging File | 6,30 Gb Available in Paging File | 76,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80,00 Gb Total Space | 25,92 Gb Free Space | 32,40% Space Free | Partition Type: NTFS
Drive D: | 516,17 Gb Total Space | 258,45 Gb Free Space | 50,07% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1385,08 Gb Free Space | 74,35% Space Free | Partition Type: NTFS

Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4132941712-4001711240-1955874638-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 62 71 2D 74 DC 5B C8 01 [binary data]
"VistaSp2" = 46 60 94 99 18 7B CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4132941712-4001711240-1955874638-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0189143D-B13E-40F4-B662-FC8163C5FBB5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0490F566-79FB-4D73-8A04-287EE6488038}" = rport=137 | protocol=17 | dir=out | app=system |
"{120BEC6F-9FC7-4492-8C1E-748949C5AAC4}" = rport=445 | protocol=6 | dir=out | app=system |
"{12B7D333-0BD4-4300-91F4-C339FAD7D098}" = lport=137 | protocol=17 | dir=in | app=system |
"{2D9369DE-30CB-47E4-A2EF-A5B9F716F63C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3C1957AD-C42D-4E9F-8FB9-15587EFA2D77}" = rport=10243 | protocol=6 | dir=out | app=system |
"{56E05532-867A-4087-B701-A8C2B17C6BDE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{599463B0-E2D1-4353-BED6-55B9A7B597F3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{684F717D-4235-47D3-836D-45A8928DB698}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7ADF6919-474A-431F-82ED-72E72BAD42E0}" = rport=138 | protocol=17 | dir=out | app=system |
"{7B08F26C-8E1B-4017-BC20-8F4A2436F8F0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{80D74B72-C2B6-4FD0-99B4-2FA77AB935D7}" = lport=445 | protocol=6 | dir=in | app=system |
"{8C9DD4C4-5A97-4481-871C-5593F8D8F006}" = rport=139 | protocol=6 | dir=out | app=system |
"{902DE457-C24D-4FA1-8EC9-F67C825F5480}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98A21A78-2588-4A13-B4D5-B5B06AE1FE73}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C1A39EF-8309-4108-84D6-0682E70A3B0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A3F99478-D3AA-4FC6-8ED0-1ACC3DCF1C3E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A45461F2-DEEA-4E9B-B646-0EAD6E42ECAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD540CCF-F93E-4507-888F-BCA1E7CCE2A6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C3951188-2657-4612-8A47-81AFAE104663}" = lport=139 | protocol=6 | dir=in | app=system |
"{C923B376-BF8E-491A-9838-F0B084E3B30A}" = lport=138 | protocol=17 | dir=in | app=system |
"{D33D8F82-3B6D-4EA2-BE41-598D0B5A3F26}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE0559D9-3550-41B8-A302-2979800D41B7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0523C689-DBC9-4490-8DC3-451521086B25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{08B37552-0337-46A7-9C33-92A03280BD1C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B9ED1D2-0BBA-46D6-8863-02C31D14B074}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{124DE51B-8D7B-4F95-A76D-8D4A59DF4870}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{137AB934-78F2-4F01-B39B-68EDE5122E55}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{13D2630E-E1B2-4835-8120-EDF13CE3368F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{17CA3138-0D6B-478B-9589-B5E5EA8284C5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1E236426-2563-428C-B60B-714230E8227E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1ED59427-18C8-43C8-84A5-138FECCEE27A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1F2034B6-69DD-4520-A30F-7191C10BE0DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{202F1217-0D3B-415C-8979-C8AF0AEF7553}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2054D483-A590-4663-95B9-B8731CA2A72F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{23D7248E-55D1-46A9-AB5C-631DBF523A29}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{248E9B0F-0056-4174-9515-7CB8CABA5E9F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{270D6F8A-0241-41A1-AE6B-A9C1FEAF509A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2756267C-5AE5-401D-8E70-BFE6EEE84E70}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{27E4AA5A-3494-401C-A067-F4E984D1F999}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2BAC5734-6315-427B-8564-208EE6DB7F25}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2E934758-BDBC-42F8-9688-9C89BC5FC3EA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2FC0BAB2-C14D-494D-AAE1-B93C560BE12F}" = protocol=17 | dir=in | app=c:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe |
"{38CE9885-56A8-4769-93D1-6CD631F11004}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{38E9DDE8-D96B-4D68-A2A5-C39607BF12DA}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{3DD545A4-FB35-4184-9532-02A05F3BFB29}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{439254DB-FAAD-4CB3-A12A-2CBA9AFEDA60}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{43934244-DA04-4142-B8D0-067422F5D44B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{43E30B25-59DE-40D3-A032-7C9D51F0411E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{477A547E-5BAE-4089-80F7-25C569AF55F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{47A6ED8C-4A31-4757-AE03-91AB8D41BBE7}" = protocol=6 | dir=in | app=c:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe |
"{47E05DD1-DBB7-4016-A710-304720DF2049}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B3F4CBE-4BD3-4686-BBAF-E9FB38DC39A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B4E88C8-8B44-4D07-B78D-8995F6715F6F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4CEAAC54-6D3F-4C4D-87A8-B7515A26FE94}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{4D9A49E7-94CF-4175-9455-123646253082}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EF5A095-1662-4ADE-B325-4148501690C0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5124D29D-218B-46A2-B011-330E73A76CF3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{533D699E-F9E7-4631-808B-65D70357A6FA}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{5B03CF21-5E25-4C51-879A-6C924A924448}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5DEEA08D-726C-4E9D-837B-2BC2E52751EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5EDDE902-C163-4795-86ED-FE5FA74000A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F56AE27-E45F-40F8-90AE-B62525E90596}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{62445E96-4D00-4B50-AFB6-8218B344E5ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{651B4317-C80C-4622-B493-EFFE01BD5607}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{655607ED-74AB-4A44-8FB8-2E6BF7F5F57A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{65B5BD32-2C04-43AF-B4A9-DD7A171D43CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{666341AA-2606-4825-AA75-A40B507D13AE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{67776CCA-5EA2-416F-91B0-98B808C299BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6F708D8A-AB20-4FEF-860C-C1485FA71E24}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6FB32FA8-0B3D-4F9F-B2FC-1EEB64C28FFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{71D50374-EA6E-4B4A-8D42-F9D0ADA869C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{739B1DDE-CCCB-41F9-9A53-1C52C5A4053E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74690919-3970-4F86-AC13-668B431D008B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7475DF4A-98C6-4425-8A2C-A7B33062FED1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{75476073-2C8D-4D21-85EC-37DAF5B900A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{75668501-FCBF-4D74-A1DB-539A60D64F5D}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |
"{809ADB98-5015-434E-A6C1-56653554D4DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{811DE89D-61F2-4D84-8DBA-7B168415ADE2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83EA0954-B708-4217-8A29-418CCCEFEE78}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8717E25A-FD1B-453F-B36E-6B5334C24CA1}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |
"{8996260F-E25F-496F-BB47-631AF4FBAD36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8C376316-7D87-4D62-AFBE-376A72A69E4F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8D752AB5-BABF-4330-9F25-2F917DB89B5E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8E4D3E67-4AF7-4ADA-8AED-ED04B4674ADB}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe |
"{8F0108FE-DBF7-4FAD-87A1-09AA95311FC2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8F06A65C-C44A-4098-B615-3717ADF34BF9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{929E2E8F-B915-4D81-92B4-3DF323B2C357}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{932E92C0-7915-4AE3-8D08-121A0C67E43D}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe |
"{95A10B06-1F51-457B-AA2C-37345FF66847}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A8F49ED-77D7-41A8-BD2A-79131EB795AB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9B04A6AB-14FF-4D62-B58F-47AD176D6F2B}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"{9F99EE86-AE8E-4FE6-A034-755BED83B3B3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A46D89A9-67C9-4098-B1C5-C91721BEB26A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A49D6378-ED65-4067-AB24-291E4E304CEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A5D8C5E4-8D79-4FC0-8E3E-7630A2905E43}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A670C6E9-B5B1-419A-9FCA-44FFAA9B13A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6E15D9C-1434-4394-904E-5D5011F39E6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A77321AD-058A-4DA2-AA3D-28B4DB733519}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8C93A80-DCDB-4D7C-8E99-7DB7414CD401}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9D79A20-93AE-4E82-BF6F-E96DDACC0684}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA9E032C-8403-43BC-9736-6B7BE7C66EDD}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{ABC0DC76-E02E-4653-A21D-88463112AF61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ACEFDFB0-C15C-4733-8553-29E7D9118E54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE8BA95B-AE6A-458C-8215-05462C0F306D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B0325086-2292-4CF5-864A-02093AF5BF5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B0C784AB-78D4-402E-B3FE-7431ADF9159E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B576E611-E6A6-4D5D-80F5-7E4478083095}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B71B0EFD-9149-498A-8825-3C8561C3C591}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BAC739E6-CF54-42C9-9D61-0A56DB180C34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BD0C774F-A007-42F2-9EFB-7AB21589A251}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2A3B57B-CFBE-47D3-A76D-A468A7ED6BEA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2D3C82F-CF04-47E4-8B60-B090AE5C6895}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C5231CB8-692B-4957-8E0D-268D6C85B4C2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C57C5070-2822-4DD0-A924-A31D660E14FB}" = protocol=6 | dir=out | app=system |
"{C5846504-DEA5-4993-AC28-BA41C347302B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C839CF04-85B2-4F08-B18A-F072E753E58B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C8E8A092-00D1-4E2D-B768-EB7C6463C597}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA356B8E-F9CB-4A6C-BE2E-3D904E09D40F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CEA1B3C4-EC4A-4D37-BE86-4A80EAFED40F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D193EE4E-2845-4FA0-AB90-AF13EC0C1410}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D3664E45-6BC8-498D-9F64-F72C4931D7B3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D4F23347-19CC-41CA-93E9-722FA1815E36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D67FC30B-8C61-47AA-8AEC-8DC407E9B383}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DA3658BC-6345-4CAF-9A4C-ED7318BC4B10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DAC847CA-FC78-4A34-9D32-CDED1F3079C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DEC09E8A-3F93-4CB9-A61B-E4B696B32435}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DF0CA766-58B4-47B7-B4BF-94983BEB0B5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DFA08073-5A6D-440E-BDE3-533280AADE89}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E04C5EAB-0DF8-4DEC-AF47-FD9033EDC037}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E293F3B6-D881-42AC-9B03-3089ED6C80E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E43C4BBD-8E60-4A83-8826-9461E78787FC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E4A60BB8-3834-44C4-8DF5-C9EFEACD182D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E66F8092-B1E8-429D-8B8F-1A3FEA1C413E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7016B53-BEDF-461F-A134-8E183767EDA1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E7649BBB-BD1D-4945-80F2-ACBC35598AD9}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe |
"{E9185AB0-FCA8-4C3E-B10A-7D2A0B3F08A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E923B0FF-764B-4024-A700-880C597C7397}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA375BEF-4C00-488F-A8EF-06C2C027FC01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EBC0B5F5-76C1-4E8E-B7F3-8C077DB7E5C7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EE39BAB8-51CD-4959-BDA0-42E0804FCBD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF656D4D-FF48-40AA-8627-7AE36344B928}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F12F73E4-F8D6-460D-8790-A4CB953C4903}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F1D4DDEC-BA56-4CA4-A5A3-A3390C8CCB47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2E58F7B-6832-4E14-81CA-8419A66FBB7D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F32DF143-AA82-4F84-94EA-E532A5E2E5AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F47187FA-A91F-4D44-90F5-E3DC2CFC2C60}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"{F77E6C72-D368-4214-9977-8752C05BD792}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{FAAE2603-3A7E-4830-AC41-659AF576E94F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FAD8DC4B-4869-4EAC-916F-59302A3AB786}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FB05A2A8-0CF4-43FD-8BBD-D4E2AE29A217}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB3219E3-F2E3-4762-B759-2AD2D0280B46}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FCAEC91D-3643-47E3-8A2D-4504DD70EBE5}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe |
"TCP Query User{24DA08FB-6CE1-4D55-B304-C2DE4497495C}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"TCP Query User{4A5CFFDA-3DE5-493D-ACA5-321ED353D1B7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{6264A28A-1E6D-4A8E-864B-6352779C0FC0}C:\program files (x86)\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |
"TCP Query User{7E33A24C-8B39-4ACB-962A-1453D37CD3AD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{8457252D-03B7-487A-8441-C3CF2D2FEF60}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{FD349562-84B9-4311-9E49-0C8CF08F317E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{20322779-A4B6-4666-8A1C-55B884E5DA85}C:\program files (x86)\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |
"UDP Query User{61D26737-910F-4097-97CB-FEA546226631}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"UDP Query User{A003B0BA-36D7-481E-BA10-EF634D69167B}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{CEA54C1C-503D-407B-B6F5-7FAD0DDB176A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{E7DCCB1A-F9FE-41D2-A660-877875191569}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E94F0B87-C392-4D60-A8DF-6283D03D25B1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{43A79282-8566-671D-A9CC-A82F54497F0A}" = ATI Catalyst Install Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBF8FCB-046D-7688-FB4A-53DD34BB7648}" = ccc-utility64
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12CEE8C7-8983-4FEC-A046-3FB4AE3A691C}" = Windows Live Sync
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{15B8C1EF-CA1B-1050-FDF6-92BFF1AB7C42}" = Catalyst Control Center Graphics Previews Common
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C9FE53E-5922-9982-26C2-29C75F34D5DC}" = Catalyst Control Center InstallProxy
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2992C8AC-B9B4-45FD-B9D9-B43D7465F702}" = Google Välja bort annonscookies
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A7248FE-53C6-6838-C092-6E5AE0C01169}" = Catalyst Control Center Graphics Previews Vista
"{5CDE2F17-B82C-F25A-EE97-A0F84B1B5B96}" = Catalyst Control Center HydraVision Full
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C06969-09DE-5DEE-EC30-254168715100}" = Catalyst Control Center Graphics Full Existing
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{852BD922-520E-209D-0AEC-2A8886693B36}" = Catalyst Control Center Core Implementation
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A39CAD8-D852-E57C-C9EC-66B24A81EC8B}" = CCC Help English
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9749B943-7D5D-09E3-16EE-6F8BEC7A474F}" = Skins
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1F9909D-B829-41E4-EDDA-6CD5A69AB706}" = Catalyst Control Center Graphics Light
"{A49C7C20-F82D-0185-47B4-8A8A38AEBD3E}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{B2AE1185-18AA-9DE2-6E09-29A91D5A8F17}" = Catalyst Control Center Graphics Full New
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D84CB492-A248-49BA-8BBF-805A67C38A4E}" = Argos Mini II
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA7F689F-88EB-4946-B105-4C434CF5B07A}" = BankID säkerhetsprogram
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"CCleaner" = CCleaner (remove only)
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"FLAC" = FLAC 1.2.1b (remove only)
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.6
"MKVtoolnix" = MKVtoolnix 3.0.0
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Picasa 3" = Picasa 3
"PrimoPDF4.1.0.9" = PrimoPDF
"PS3 Media Server" = PS3 Media Server
"SpeedFan" = SpeedFan (remove only)
"Spotify" = Spotify
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"VLC media player" = VLC media player 0.9.9

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4132941712-4001711240-1955874638-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-04-15 10:43:45 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-04-16 05:57:26 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-04-16 05:57:27 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-04-17 05:12:27 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-04-17 05:12:27 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-04-17 06:43:16 | Computer Name = Peter-PC | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 9.0.8112.16421, time
stamp 0x4d7622de, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x0000000000000000, process id 0xa98, application
start time 0x01cbfcec38760589.

Error - 2011-04-17 15:00:03 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-04-17 15:00:38 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-04-18 08:07:18 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-04-18 08:07:23 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 2012-06-03 18:13:46 | Computer Name = Peter-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-04 04:16:01 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2012-06-04 14:58:52 | Computer Name = Peter-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-04 15:01:38 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2012-06-04 17:16:20 | Computer Name = Peter-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-04 17:18:44 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2012-06-04 18:06:16 | Computer Name = Peter-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-05 05:36:10 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2012-06-05 17:37:33 | Computer Name = Peter-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-06 03:12:26 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
herrober
Regular Member
 
Posts: 15
Joined: June 4th, 2012, 5:34 pm

Re: Problem with redirects and anoying popup ad in bottom co

Unread postby herrober » June 6th, 2012, 12:32 pm

aswMBR.txt:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-06 18:16:12
-----------------------------
18:16:12.142 OS Version: Windows x64 6.0.6002 Service Pack 2
18:16:12.142 Number of processors: 2 586 0x170A
18:16:12.142 ComputerName: PETER-PC UserName: Peter
18:16:12.763 Initialize success
18:16:57.771 AVAST engine defs: 12060601
18:17:45.612 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:17:45.614 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
18:17:45.617 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
18:17:45.619 Disk 1 Vendor: WDC_WD20 05.0 Size: 1907729MB BusType: 3
18:17:45.622 Disk 0 MBR read successfully
18:17:45.624 Disk 0 MBR scan
18:17:45.630 Disk 0 Windows VISTA default MBR code
18:17:45.633 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 81920 MB offset 2048
18:17:45.660 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 528557 MB offset 167774208
18:17:45.702 Disk 0 scanning C:\Windows\system32\drivers
18:17:54.083 Service scanning
18:18:13.512 Modules scanning
18:18:13.520 Disk 0 trace - called modules:
18:18:13.533 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spjx.sys hal.dll
18:18:13.537 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b81790]
18:18:13.542 3 CLASSPNP.SYS[fffffa600140ac33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004974050]
18:18:15.054 AVAST engine scan C:\Windows
18:18:17.330 AVAST engine scan C:\Windows\system32
18:20:52.268 AVAST engine scan C:\Windows\system32\drivers
18:21:00.765 AVAST engine scan C:\Users\Peter
18:28:09.049 AVAST engine scan C:\ProgramData
18:29:25.330 Scan finished successfully
18:30:33.624 Disk 0 MBR has been saved successfully to "C:\Users\Peter\Desktop\MBR.dat"
18:30:33.630 The log file has been saved successfully to "C:\Users\Peter\Desktop\aswMBR.txt"
herrober
Regular Member
 
Posts: 15
Joined: June 4th, 2012, 5:34 pm

Re: Problem with redirects and anoying popup ad in bottom co

Unread postby herrober » June 6th, 2012, 2:36 pm

Hi Maxi,

I have followed your instructions and did not encounter any problems until the ESET scan. I was not able to get any log file created though I followed your guidelines exactly. The only result generated was as per below:

Scanned files: 184528
Infected files: 0
Cleaned files: 0
Total scan time: 00:51:57
Scan status: Finished

Awaiting your feedback.

Regards, Peter
herrober
Regular Member
 
Posts: 15
Joined: June 4th, 2012, 5:34 pm

Re: Problem with redirects and anoying popup ad in bottom co

Unread postby maxi » June 6th, 2012, 5:00 pm

Hi herrober,

Step 1
Create a System Restore Point
  • Right-click on the Computer icon and select Properties.
  • In the left pane under Tasks ... click on System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  • Select the System Protection tab ...then choose Create.
  • In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  • Click OK ...then close the System Restore dialog.
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.
If you have successfully created a System Restore Point...we can proceed.



Step 2
Run OTL Script

We need to run an OTL Fix

  • Right click on OTL.exe and select "Run As Administrator" to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    
    :otl
    FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:2.0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
    [2012-06-05 20:31:55 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{9CA03233-1281-4BD4-86CA-62E85A550342}
    [2012-06-05 20:31:44 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{D3CB28D9-A70D-4CA6-ADC2-2BA1543AF01F}
    [2012-06-03 23:10:15 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{0428DEE5-99F4-4D4B-B63C-38F2F31D1631}
    [2012-06-03 23:10:05 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{DDC699A6-975D-4C94-9F52-7DDD2768DF36}
    [2012-06-01 17:45:01 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{34B6C8C3-7ED5-46BC-B802-227AF9B12801}
    [2012-06-01 17:44:51 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{1626817F-CB5A-4933-937F-C5755C95BDB9}
    [2012-05-31 20:41:46 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{3E3F6537-7DF2-4617-95F7-F150103B18BC}
    [2012-05-31 20:41:35 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{875AEE7F-4B4D-43EC-8FCC-6B4FBDACB590}
    [2012-05-22 11:43:26 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{9FB537B3-6F7A-44B5-B4DB-58D27C09DFA0}
    [2012-05-22 11:43:16 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{00B891C9-E4A2-4796-AC11-202DB1C8027F}
    [2012-05-18 11:58:07 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{7E076D5D-1B65-4362-99D9-726887C91733}
    [2012-05-18 11:57:57 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{46B25A88-C0E5-46FB-93D9-762ABEC0F614}
    [2012-05-10 18:23:58 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{014DC2DE-D9F9-4658-8B64-741513633156}
    [2012-05-10 18:23:47 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{6AF471D9-77C1-426A-AEDB-C7186AA1D1B5}
    [2012-05-08 21:05:29 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{0FB58E45-F018-43E8-937C-905A919AF9D1}
    [2012-05-08 21:05:18 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\{459CB2E1-3628-4785-9C9C-B902984A629E}
    [2012-06-03 12:00:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
    @Alternate Data Stream - 88 bytes -> C:\Users\Peter\Desktop\20071210 TATWEER DUBAI PRESENTATION.mov:SummaryInformation
    
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [resethosts]
    [createrestorepoint]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.



Step 3
Please download SystemLook from the link below and save it to your Desktop.

Download Mirror (64-bit)
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *eoengine*
    *eobho*
    *EoRezo*
    
    :Regfind
    AFBB7970-789A-4264-BA70-E8127DECE400
    18AF7201-4F14-4BCF-93FE-45617CF259FF
    DF76E9B7-35EC-46FC-AF56-5B79DED9D64F
    C10DC1F4-CCDF-4224-A24D-B23AFC3573C8
    EoRezo
    eobho
    ieobho
    eoengine
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

In your next reply please include:
The OTL logfile.
The SystemLook log.
Any problems you had with my instructions.
How your computer is running now.
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Problem with redirects and anoying popup ad in bottom co

Unread postby herrober » June 7th, 2012, 11:14 am

Hi Maxi,

System restore point set without problems. But in point 2. I got an error message from OTL saying "Cannot create file C:\windows\system32\drivers\etc\Hosts" and now it seems OTL is stuck as the status has been "Resetting HOSTS file. DO NOT INTERRUPT" for the last three hours.

Shall I try abort the operation?
herrober
Regular Member
 
Posts: 15
Joined: June 4th, 2012, 5:34 pm

Re: Problem with redirects and anoying popup ad in bottom co

Unread postby maxi » June 7th, 2012, 1:18 pm

Hi herrober,

Not to worry, we can do it another way :) If you hav'nt done so yet you can abort OTL.

Download and run hosts-perm.bat
http://download.bleepingcomputer.com/ba ... s-perm.bat
Download and unzip HostsXpert
http://www.funkytoad.com/download/HostsXpert.zip
Open the folder and double-click HostsXpert.exe to run the program.
Click "Restore MS Hosts File".
Click OK at the confirmation box.
Click "Make Read Only".
Click the X to exit the program.
-- If the Hosts file does not exist, you will be prompted to create a new one. Just press "Ok".


Then run OTL again (not the OTL fix) like you did previously and post that log along with the systemlook log in your next reply.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Problem with redirects and anoying popup ad in bottom co

Unread postby herrober » June 7th, 2012, 2:07 pm

Hi Maxi,

OTL.txt:

OTL logfile created on: 2012-06-07 19:41:43 - Run 2
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Peter\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,18% Memory free
8,21 Gb Paging File | 6,33 Gb Available in Paging File | 77,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80,00 Gb Total Space | 25,52 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
Drive D: | 516,17 Gb Total Space | 258,45 Gb Free Space | 50,07% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1385,08 Gb Free Space | 74,35% Space Free | Partition Type: NTFS

Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-06-06 17:58:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
PRC - [2012-02-25 15:33:57 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009-11-13 13:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009-04-11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008-04-15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012-03-26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012-03-26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011-04-20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008-01-21 04:49:41 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008-01-21 04:46:43 | 000,088,064 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2008-01-21 04:45:48 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-05-05 14:26:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-02-29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-11-13 13:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009-03-30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-03-30 06:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008-04-15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008-01-21 04:47:28 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-03-20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012-02-29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-04-20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011-04-20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-04-20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009-10-01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-05-09 10:45:02 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009-04-11 06:54:21 | 000,299,008 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\udfs.sys -- (udfs)
DRV:64bit: - [2008-06-30 19:28:00 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2008-04-15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008-01-21 04:47:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2008-01-21 04:45:42 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ipmidrv.sys -- (IPMIDRV)
DRV:64bit: - [2008-01-21 04:45:42 | 000,035,896 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\i2omp.sys -- (i2omp)
DRV:64bit: - [2008-01-21 04:45:41 | 000,185,912 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320)
DRV:64bit: - [2008-01-21 04:45:41 | 000,128,056 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio)
DRV:64bit: - [2008-01-21 04:45:41 | 000,078,392 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4)
DRV:64bit: - [2008-01-21 04:45:41 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\i8042prt.sys -- (i8042prt)
DRV:64bit: - [2008-01-21 04:45:41 | 000,024,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd)
DRV:64bit: - [2008-01-21 04:45:39 | 000,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)
DRV:64bit: - [2008-01-21 04:45:39 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\fdc.sys -- (fdc)
DRV:64bit: - [2008-01-21 04:45:19 | 000,113,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm)
DRV:64bit: - [2008-01-21 04:45:19 | 000,055,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive)
DRV:64bit: - [2008-01-21 04:45:18 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass)
DRV:64bit: - [2008-01-21 04:45:15 | 000,113,720 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV:64bit: - [2008-01-21 04:45:14 | 000,091,192 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas)
DRV:64bit: - [2008-01-21 04:45:14 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse)
DRV:64bit: - [2008-01-21 04:45:14 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk)
DRV:64bit: - [2008-01-21 04:45:13 | 000,397,368 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor)
DRV:64bit: - [2008-01-21 04:45:13 | 000,290,872 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastorv.sys -- (iaStorV)
DRV:64bit: - [2008-01-21 04:45:13 | 000,047,672 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hpcisss.sys -- (HpCISSs)
DRV:64bit: - [2008-01-21 04:45:13 | 000,035,896 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas)
DRV:64bit: - [2008-01-21 04:45:10 | 000,438,328 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\megasr.sys -- (MegaSR)
DRV:64bit: - [2008-01-21 04:45:10 | 000,284,728 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\uliahci.sys -- (uliahci)
DRV:64bit: - [2008-01-21 04:45:10 | 000,105,016 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS)
DRV:64bit: - [2008-01-21 04:45:10 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2)
DRV:64bit: - [2008-01-21 04:45:09 | 000,342,584 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci)
DRV:64bit: - [2008-01-21 04:45:09 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\flpydisk.sys -- (flpydisk)
DRV:64bit: - [2008-01-21 04:45:08 | 000,128,056 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid)
DRV:64bit: - [2008-01-21 04:45:08 | 000,126,520 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adpu160m.sys -- (adpu160m)
DRV:64bit: - [2008-01-21 04:45:08 | 000,054,328 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor)
DRV:64bit: - [2008-01-21 04:45:07 | 000,486,456 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx)
DRV:64bit: - [2008-01-21 04:45:06 | 001,221,176 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300)
DRV:64bit: - [2008-01-21 04:45:06 | 000,174,696 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ulsata2.sys -- (ulsata2)
DRV:64bit: - [2008-01-21 04:45:06 | 000,090,680 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc)
DRV:64bit: - [2008-01-21 04:45:05 | 000,113,720 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC)
DRV:64bit: - [2008-01-21 04:45:05 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8)
DRV:64bit: - [2008-01-21 04:45:05 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor)
DRV:64bit: - [2008-01-21 04:45:05 | 000,023,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp)
DRV:64bit: - [2008-01-21 04:45:04 | 000,023,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt)
DRV:64bit: - [2008-01-21 04:45:04 | 000,019,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\intelide.sys -- (intelide)
DRV:64bit: - [2008-01-21 04:45:04 | 000,018,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide)
DRV:64bit: - [2008-01-21 04:45:04 | 000,018,024 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide)
DRV:64bit: - [2008-01-21 04:45:04 | 000,015,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide)
DRV:64bit: - [2008-01-21 04:45:04 | 000,015,976 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide)
DRV:64bit: - [2008-01-21 04:45:04 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi)
DRV:64bit: - [2008-01-21 04:45:04 | 000,013,416 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide)
DRV:64bit: - [2008-01-21 04:45:04 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev)
DRV:64bit: - [2007-10-30 08:59:30 | 000,028,672 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nordecr.sys -- (TdsNordecr)
DRV:64bit: - [2006-11-02 14:03:03 | 000,051,816 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960)
DRV:64bit: - [2006-11-02 14:02:52 | 000,049,256 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\symc8xx.sys -- (Symc8xx)
DRV:64bit: - [2006-11-02 14:02:47 | 000,048,232 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sym_u3.sys -- (Sym_u3)
DRV:64bit: - [2006-11-02 14:02:39 | 000,044,648 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp)
DRV:64bit: - [2006-11-02 14:02:37 | 000,044,648 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sym_hi.sys -- (Sym_hi)
DRV:64bit: - [2006-11-02 14:02:24 | 000,039,016 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mraid35x.sys -- (Mraid35x)
DRV:64bit: - [2006-11-02 14:02:09 | 000,037,480 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iteraid.sys -- (iteraid)
DRV:64bit: - [2006-11-02 14:02:09 | 000,037,480 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iteatapi.sys -- (iteatapi)
DRV:64bit: - [2006-11-02 13:51:30 | 000,203,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia)
DRV:64bit: - [2006-11-02 13:50:54 | 000,148,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ulsata.sys -- (UlSata)
DRV:64bit: - [2006-11-02 13:50:27 | 000,124,008 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx)
DRV:64bit: - [2006-11-02 13:50:06 | 000,090,216 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port)
DRV:64bit: - [2006-11-02 13:50:06 | 000,088,168 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\djsvs.sys -- (aic78xx)
DRV:64bit: - [2006-11-02 12:27:53 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbprint.sys -- (usbprint)
DRV:64bit: - [2006-11-02 11:44:02 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM)
DRV:64bit: - [2006-11-02 11:44:01 | 000,034,304 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth)
DRV:64bit: - [2006-11-02 11:43:51 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\usbccgp.sys -- (usbccgp)
DRV:64bit: - [2006-11-02 11:43:46 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV:64bit: - [2006-11-02 11:43:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci)
DRV:64bit: - [2006-11-02 11:43:36 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr)
DRV:64bit: - [2006-11-02 11:40:24 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen)
DRV:64bit: - [2006-11-02 11:38:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy)
DRV:64bit: - [2006-11-02 11:38:02 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\serial.sys -- (Serial)
DRV:64bit: - [2006-11-02 11:37:57 | 000,096,768 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport)
DRV:64bit: - [2006-11-02 10:43:25 | 000,086,528 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV:64bit: - [2006-11-01 01:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2006-09-18 23:30:18 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brserwdm.sys -- (BrSerWdm)
DRV:64bit: - [2006-09-18 23:30:18 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\brusbmdm.sys -- (BrUsbMdm)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4132941712-4001711240-1955874638-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4132941712-4001711240-1955874638-1000\..\SearchScopes,DefaultScope = {49856D26-DE96-4A25-962D-5D3E46DA8507}
IE - HKU\S-1-5-21-4132941712-4001711240-1955874638-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4132941712-4001711240-1955874638-1000\..\SearchScopes\{49856D26-DE96-4A25-962D-5D3E46DA8507}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7ADRA_enSE441
IE - HKU\S-1-5-21-4132941712-4001711240-1955874638-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4132941712-4001711240-1955874638-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems:
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-05-10 07:41:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-05-10 07:41:37 | 000,000,000 | ---D | M]

[2010-02-07 19:53:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Extensions
[2010-02-07 19:53:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011-05-10 09:57:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\pzknk0mj.default\extensions
[2010-06-06 23:01:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\pzknk0mj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-04-12 07:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-04-03 18:56:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-02-21 22:08:40 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-02-18 23:49:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012-02-21 22:08:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-02-21 22:08:37 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program Files (x86)\Personal\bin\np_prsnl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Peter\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: Skype Click to Call = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Gmail = C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-06-07 19:38:19 | 000,000,698 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Välja bort annonscookies) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-4132941712-4001711240-1955874638-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} http://www.fujidirekt.se/asp/_upload/ac ... oader7.cab (Image Uploader Control)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5} http://www.fujidirekt.se/asp/_upload/ac ... ctivex.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.246.88.10 84.246.88.20 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9CD8E72-C71D-4FBF-9788-E5446EE13572}: DhcpNameServer = 84.246.88.10 84.246.88.20 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{568cea6a-a5ba-11de-a066-002354317ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{568cea6a-a5ba-11de-a066-002354317ba0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{89d9861a-003e-11de-a635-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{89d9861a-003e-11de-a635-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{93366242-01d2-11de-987b-002354317ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{93366242-01d2-11de-987b-002354317ba0}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{93366242-01d2-11de-987b-002354317ba0}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{93366242-01d2-11de-987b-002354317ba0}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{dbbc70fb-12fe-11df-b092-002354317ba0}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-06-07 19:35:41 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\HostsXpert
[2012-06-07 12:52:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-06-06 18:15:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Peter\Desktop\aswMBR.exe
[2012-06-06 17:58:04 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2012-06-04 23:13:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Peter\Desktop\dds.scr
[2012-05-22 12:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012-05-22 12:09:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012-05-22 11:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BankID säkerhetsprogram
[2012-05-19 23:13:11 | 055,656,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012-05-17 15:44:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2012-05-17 15:44:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2012-05-17 14:50:55 | 000,877,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcl.dll
[2012-05-17 14:50:55 | 000,675,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcl.dll
[2012-05-17 14:49:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2012-05-17 14:49:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll
[2012-05-17 14:49:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2012-05-17 14:49:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll
[2012-05-17 14:49:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2012-05-17 14:49:41 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2012-05-17 14:49:35 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll
[2012-05-17 14:49:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe
[2012-05-17 14:49:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2012-05-17 14:49:35 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe
[2012-05-17 14:49:35 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2012-05-17 14:49:30 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll
[2012-05-17 14:49:30 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe
[2012-05-17 14:49:30 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll
[2012-05-17 14:49:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2012-05-17 14:49:30 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2012-05-17 14:49:30 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2012-05-17 14:49:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2012-05-17 14:49:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2012-05-17 14:49:30 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2012-05-17 14:49:30 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2012-05-17 14:49:30 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2012-05-17 14:49:24 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll
[2012-05-17 14:49:24 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2012-05-17 14:49:24 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2012-05-17 14:49:24 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2012-05-17 14:49:24 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2012-05-17 14:49:24 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2012-05-17 14:49:24 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2012-05-17 14:49:24 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2012-05-17 14:49:24 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2012-05-17 14:49:24 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2012-05-17 14:39:46 | 001,210,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012-05-17 14:39:44 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012-05-17 14:39:44 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012-05-17 14:39:40 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012-05-17 14:39:38 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2012-05-17 14:39:38 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2012-05-17 14:39:37 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2012-05-17 14:39:37 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2012-05-17 14:39:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2012-05-17 14:39:36 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2012-05-17 14:38:42 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012-05-17 14:38:42 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012-05-17 13:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012-05-17 13:43:33 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll
[2012-05-17 13:43:32 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012-05-17 13:43:31 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012-05-17 13:43:31 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012-05-17 13:43:31 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012-05-17 13:43:31 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012-05-17 13:42:21 | 004,699,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012-05-17 13:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012-05-10 07:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012-05-10 07:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012-05-10 07:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012-05-10 07:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012-05-10 07:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012-05-10 07:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012-05-08 20:39:16 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\till syster
[2 C:\Users\Peter\AppData\Roaming\*.tmp files -> C:\Users\Peter\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-06-07 19:38:00 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-07 19:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-06-07 18:48:03 | 000,004,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-06-07 18:48:03 | 000,004,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-06-07 12:54:06 | 000,711,040 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-06-07 12:54:06 | 000,601,106 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-06-07 12:54:06 | 000,106,020 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-06-07 12:48:11 | 000,000,988 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-07 12:48:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-06-06 20:33:31 | 000,073,830 | ---- | M] () -- C:\Users\Peter\Desktop\ESET.zip
[2012-06-06 18:30:33 | 000,000,512 | ---- | M] () -- C:\Users\Peter\Desktop\MBR.dat
[2012-06-06 18:15:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Peter\Desktop\aswMBR.exe
[2012-06-06 17:58:35 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2012-06-04 23:13:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Peter\Desktop\dds.scr
[2012-06-01 20:05:07 | 000,209,920 | ---- | M] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-05-23 21:41:39 | 000,006,397 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\PrimoPDFSet.xml
[2012-05-22 11:06:07 | 000,001,078 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk
[2012-05-17 20:33:54 | 000,716,678 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-05-17 15:46:57 | 000,382,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-05-17 13:57:47 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-05-10 07:44:06 | 000,001,700 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\Users\Peter\AppData\Roaming\*.tmp files -> C:\Users\Peter\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-06-06 20:33:31 | 000,073,830 | ---- | C] () -- C:\Users\Peter\Desktop\ESET.zip
[2012-06-06 18:30:33 | 000,000,512 | ---- | C] () -- C:\Users\Peter\Desktop\MBR.dat
[2012-05-17 14:49:26 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2012-05-17 14:49:26 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2012-05-17 14:49:25 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2012-05-17 14:49:25 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2012-05-17 14:49:25 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012-05-17 14:49:25 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012-05-10 07:44:06 | 000,001,700 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-03-17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010-09-27 09:55:37 | 000,716,678 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-06-28 07:36:26 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\imon1.dat

< End of report >
herrober
Regular Member
 
Posts: 15
Joined: June 4th, 2012, 5:34 pm

Re: Problem with redirects and anoying popup ad in bottom co

Unread postby herrober » June 7th, 2012, 2:08 pm

Dont know if you want the extras.txt file but here it comes anyway:

OTL Extras logfile created on: 2012-06-07 19:41:43 - Run 2
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Peter\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 53,18% Memory free
8,21 Gb Paging File | 6,33 Gb Available in Paging File | 77,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80,00 Gb Total Space | 25,52 Gb Free Space | 31,90% Space Free | Partition Type: NTFS
Drive D: | 516,17 Gb Total Space | 258,45 Gb Free Space | 50,07% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1385,08 Gb Free Space | 74,35% Space Free | Partition Type: NTFS

Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4132941712-4001711240-1955874638-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 62 71 2D 74 DC 5B C8 01 [binary data]
"VistaSp2" = 46 60 94 99 18 7B CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4132941712-4001711240-1955874638-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0189143D-B13E-40F4-B662-FC8163C5FBB5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0490F566-79FB-4D73-8A04-287EE6488038}" = rport=137 | protocol=17 | dir=out | app=system |
"{120BEC6F-9FC7-4492-8C1E-748949C5AAC4}" = rport=445 | protocol=6 | dir=out | app=system |
"{12B7D333-0BD4-4300-91F4-C339FAD7D098}" = lport=137 | protocol=17 | dir=in | app=system |
"{2D9369DE-30CB-47E4-A2EF-A5B9F716F63C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3C1957AD-C42D-4E9F-8FB9-15587EFA2D77}" = rport=10243 | protocol=6 | dir=out | app=system |
"{56E05532-867A-4087-B701-A8C2B17C6BDE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{599463B0-E2D1-4353-BED6-55B9A7B597F3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{684F717D-4235-47D3-836D-45A8928DB698}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7ADF6919-474A-431F-82ED-72E72BAD42E0}" = rport=138 | protocol=17 | dir=out | app=system |
"{7B08F26C-8E1B-4017-BC20-8F4A2436F8F0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{80D74B72-C2B6-4FD0-99B4-2FA77AB935D7}" = lport=445 | protocol=6 | dir=in | app=system |
"{8C9DD4C4-5A97-4481-871C-5593F8D8F006}" = rport=139 | protocol=6 | dir=out | app=system |
"{902DE457-C24D-4FA1-8EC9-F67C825F5480}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{98A21A78-2588-4A13-B4D5-B5B06AE1FE73}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C1A39EF-8309-4108-84D6-0682E70A3B0C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A3F99478-D3AA-4FC6-8ED0-1ACC3DCF1C3E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A45461F2-DEEA-4E9B-B646-0EAD6E42ECAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD540CCF-F93E-4507-888F-BCA1E7CCE2A6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C3951188-2657-4612-8A47-81AFAE104663}" = lport=139 | protocol=6 | dir=in | app=system |
"{C923B376-BF8E-491A-9838-F0B084E3B30A}" = lport=138 | protocol=17 | dir=in | app=system |
"{D33D8F82-3B6D-4EA2-BE41-598D0B5A3F26}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE0559D9-3550-41B8-A302-2979800D41B7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0523C689-DBC9-4490-8DC3-451521086B25}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{08B37552-0337-46A7-9C33-92A03280BD1C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B9ED1D2-0BBA-46D6-8863-02C31D14B074}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{124DE51B-8D7B-4F95-A76D-8D4A59DF4870}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{137AB934-78F2-4F01-B39B-68EDE5122E55}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{13D2630E-E1B2-4835-8120-EDF13CE3368F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{17CA3138-0D6B-478B-9589-B5E5EA8284C5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1E236426-2563-428C-B60B-714230E8227E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1ED59427-18C8-43C8-84A5-138FECCEE27A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1F2034B6-69DD-4520-A30F-7191C10BE0DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{202F1217-0D3B-415C-8979-C8AF0AEF7553}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2054D483-A590-4663-95B9-B8731CA2A72F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{23D7248E-55D1-46A9-AB5C-631DBF523A29}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{248E9B0F-0056-4174-9515-7CB8CABA5E9F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{270D6F8A-0241-41A1-AE6B-A9C1FEAF509A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2756267C-5AE5-401D-8E70-BFE6EEE84E70}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{27E4AA5A-3494-401C-A067-F4E984D1F999}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2BAC5734-6315-427B-8564-208EE6DB7F25}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2E934758-BDBC-42F8-9688-9C89BC5FC3EA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2FC0BAB2-C14D-494D-AAE1-B93C560BE12F}" = protocol=17 | dir=in | app=c:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe |
"{38CE9885-56A8-4769-93D1-6CD631F11004}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{38E9DDE8-D96B-4D68-A2A5-C39607BF12DA}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{3DD545A4-FB35-4184-9532-02A05F3BFB29}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{439254DB-FAAD-4CB3-A12A-2CBA9AFEDA60}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{43934244-DA04-4142-B8D0-067422F5D44B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{43E30B25-59DE-40D3-A032-7C9D51F0411E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{477A547E-5BAE-4089-80F7-25C569AF55F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{47A6ED8C-4A31-4757-AE03-91AB8D41BBE7}" = protocol=6 | dir=in | app=c:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe |
"{47E05DD1-DBB7-4016-A710-304720DF2049}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B3F4CBE-4BD3-4686-BBAF-E9FB38DC39A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B4E88C8-8B44-4D07-B78D-8995F6715F6F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4CEAAC54-6D3F-4C4D-87A8-B7515A26FE94}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{4D9A49E7-94CF-4175-9455-123646253082}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EF5A095-1662-4ADE-B325-4148501690C0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5124D29D-218B-46A2-B011-330E73A76CF3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{533D699E-F9E7-4631-808B-65D70357A6FA}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{5B03CF21-5E25-4C51-879A-6C924A924448}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5DEEA08D-726C-4E9D-837B-2BC2E52751EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5EDDE902-C163-4795-86ED-FE5FA74000A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F56AE27-E45F-40F8-90AE-B62525E90596}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{62445E96-4D00-4B50-AFB6-8218B344E5ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{651B4317-C80C-4622-B493-EFFE01BD5607}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{655607ED-74AB-4A44-8FB8-2E6BF7F5F57A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{65B5BD32-2C04-43AF-B4A9-DD7A171D43CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{666341AA-2606-4825-AA75-A40B507D13AE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{67776CCA-5EA2-416F-91B0-98B808C299BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6F708D8A-AB20-4FEF-860C-C1485FA71E24}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6FB32FA8-0B3D-4F9F-B2FC-1EEB64C28FFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{71D50374-EA6E-4B4A-8D42-F9D0ADA869C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{739B1DDE-CCCB-41F9-9A53-1C52C5A4053E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74690919-3970-4F86-AC13-668B431D008B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7475DF4A-98C6-4425-8A2C-A7B33062FED1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{75476073-2C8D-4D21-85EC-37DAF5B900A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{75668501-FCBF-4D74-A1DB-539A60D64F5D}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |
"{809ADB98-5015-434E-A6C1-56653554D4DA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{811DE89D-61F2-4D84-8DBA-7B168415ADE2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83EA0954-B708-4217-8A29-418CCCEFEE78}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8717E25A-FD1B-453F-B36E-6B5334C24CA1}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |
"{8996260F-E25F-496F-BB47-631AF4FBAD36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8C376316-7D87-4D62-AFBE-376A72A69E4F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8D752AB5-BABF-4330-9F25-2F917DB89B5E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8E4D3E67-4AF7-4ADA-8AED-ED04B4674ADB}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe |
"{8F0108FE-DBF7-4FAD-87A1-09AA95311FC2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8F06A65C-C44A-4098-B615-3717ADF34BF9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{929E2E8F-B915-4D81-92B4-3DF323B2C357}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{932E92C0-7915-4AE3-8D08-121A0C67E43D}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe |
"{95A10B06-1F51-457B-AA2C-37345FF66847}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A8F49ED-77D7-41A8-BD2A-79131EB795AB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9B04A6AB-14FF-4D62-B58F-47AD176D6F2B}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"{9F99EE86-AE8E-4FE6-A034-755BED83B3B3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A46D89A9-67C9-4098-B1C5-C91721BEB26A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A49D6378-ED65-4067-AB24-291E4E304CEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A5D8C5E4-8D79-4FC0-8E3E-7630A2905E43}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A670C6E9-B5B1-419A-9FCA-44FFAA9B13A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6E15D9C-1434-4394-904E-5D5011F39E6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A77321AD-058A-4DA2-AA3D-28B4DB733519}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8C93A80-DCDB-4D7C-8E99-7DB7414CD401}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9D79A20-93AE-4E82-BF6F-E96DDACC0684}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA9E032C-8403-43BC-9736-6B7BE7C66EDD}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{ABC0DC76-E02E-4653-A21D-88463112AF61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ACEFDFB0-C15C-4733-8553-29E7D9118E54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AE8BA95B-AE6A-458C-8215-05462C0F306D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B0325086-2292-4CF5-864A-02093AF5BF5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B0C784AB-78D4-402E-B3FE-7431ADF9159E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B576E611-E6A6-4D5D-80F5-7E4478083095}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B71B0EFD-9149-498A-8825-3C8561C3C591}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BAC739E6-CF54-42C9-9D61-0A56DB180C34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BD0C774F-A007-42F2-9EFB-7AB21589A251}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2A3B57B-CFBE-47D3-A76D-A468A7ED6BEA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2D3C82F-CF04-47E4-8B60-B090AE5C6895}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C5231CB8-692B-4957-8E0D-268D6C85B4C2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C57C5070-2822-4DD0-A924-A31D660E14FB}" = protocol=6 | dir=out | app=system |
"{C5846504-DEA5-4993-AC28-BA41C347302B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C839CF04-85B2-4F08-B18A-F072E753E58B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C8E8A092-00D1-4E2D-B768-EB7C6463C597}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA356B8E-F9CB-4A6C-BE2E-3D904E09D40F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CEA1B3C4-EC4A-4D37-BE86-4A80EAFED40F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D193EE4E-2845-4FA0-AB90-AF13EC0C1410}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D3664E45-6BC8-498D-9F64-F72C4931D7B3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D4F23347-19CC-41CA-93E9-722FA1815E36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D67FC30B-8C61-47AA-8AEC-8DC407E9B383}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DA3658BC-6345-4CAF-9A4C-ED7318BC4B10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DAC847CA-FC78-4A34-9D32-CDED1F3079C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DEC09E8A-3F93-4CB9-A61B-E4B696B32435}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DF0CA766-58B4-47B7-B4BF-94983BEB0B5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DFA08073-5A6D-440E-BDE3-533280AADE89}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E04C5EAB-0DF8-4DEC-AF47-FD9033EDC037}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E293F3B6-D881-42AC-9B03-3089ED6C80E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E43C4BBD-8E60-4A83-8826-9461E78787FC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E4A60BB8-3834-44C4-8DF5-C9EFEACD182D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E66F8092-B1E8-429D-8B8F-1A3FEA1C413E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7016B53-BEDF-461F-A134-8E183767EDA1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E7649BBB-BD1D-4945-80F2-ACBC35598AD9}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbstreamerclient.exe |
"{E9185AB0-FCA8-4C3E-B10A-7D2A0B3F08A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E923B0FF-764B-4024-A700-880C597C7397}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA375BEF-4C00-488F-A8EF-06C2C027FC01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EBC0B5F5-76C1-4E8E-B7F3-8C077DB7E5C7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EE39BAB8-51CD-4959-BDA0-42E0804FCBD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF656D4D-FF48-40AA-8627-7AE36344B928}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F12F73E4-F8D6-460D-8790-A4CB953C4903}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F1D4DDEC-BA56-4CA4-A5A3-A3390C8CCB47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2E58F7B-6832-4E14-81CA-8419A66FBB7D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F32DF143-AA82-4F84-94EA-E532A5E2E5AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F47187FA-A91F-4D44-90F5-E3DC2CFC2C60}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat |
"{F77E6C72-D368-4214-9977-8752C05BD792}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{FAAE2603-3A7E-4830-AC41-659AF576E94F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FAD8DC4B-4869-4EAC-916F-59302A3AB786}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FB05A2A8-0CF4-43FD-8BBD-D4E2AE29A217}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB3219E3-F2E3-4762-B759-2AD2D0280B46}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FCAEC91D-3643-47E3-8A2D-4504DD70EBE5}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orb.exe |
"TCP Query User{24DA08FB-6CE1-4D55-B304-C2DE4497495C}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"TCP Query User{4A5CFFDA-3DE5-493D-ACA5-321ED353D1B7}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{6264A28A-1E6D-4A8E-864B-6352779C0FC0}C:\program files (x86)\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |
"TCP Query User{7E33A24C-8B39-4ACB-962A-1453D37CD3AD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{8457252D-03B7-487A-8441-C3CF2D2FEF60}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{FD349562-84B9-4311-9E49-0C8CF08F317E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{20322779-A4B6-4666-8A1C-55B884E5DA85}C:\program files (x86)\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp remote\bin\orbtray.exe |
"UDP Query User{61D26737-910F-4097-97CB-FEA546226631}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe |
"UDP Query User{A003B0BA-36D7-481E-BA10-EF634D69167B}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{CEA54C1C-503D-407B-B6F5-7FAD0DDB176A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{E7DCCB1A-F9FE-41D2-A660-877875191569}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{E94F0B87-C392-4D60-A8DF-6283D03D25B1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{43A79282-8566-671D-A9CC-A82F54497F0A}" = ATI Catalyst Install Manager
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBF8FCB-046D-7688-FB4A-53DD34BB7648}" = ccc-utility64
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12CEE8C7-8983-4FEC-A046-3FB4AE3A691C}" = Windows Live Sync
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{15B8C1EF-CA1B-1050-FDF6-92BFF1AB7C42}" = Catalyst Control Center Graphics Previews Common
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C9FE53E-5922-9982-26C2-29C75F34D5DC}" = Catalyst Control Center InstallProxy
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2992C8AC-B9B4-45FD-B9D9-B43D7465F702}" = Google Välja bort annonscookies
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A7248FE-53C6-6838-C092-6E5AE0C01169}" = Catalyst Control Center Graphics Previews Vista
"{5CDE2F17-B82C-F25A-EE97-A0F84B1B5B96}" = Catalyst Control Center HydraVision Full
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C06969-09DE-5DEE-EC30-254168715100}" = Catalyst Control Center Graphics Full Existing
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{852BD922-520E-209D-0AEC-2A8886693B36}" = Catalyst Control Center Core Implementation
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A39CAD8-D852-E57C-C9EC-66B24A81EC8B}" = CCC Help English
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9749B943-7D5D-09E3-16EE-6F8BEC7A474F}" = Skins
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1F9909D-B829-41E4-EDDA-6CD5A69AB706}" = Catalyst Control Center Graphics Light
"{A49C7C20-F82D-0185-47B4-8A8A38AEBD3E}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{B2AE1185-18AA-9DE2-6E09-29A91D5A8F17}" = Catalyst Control Center Graphics Full New
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D84CB492-A248-49BA-8BBF-805A67C38A4E}" = Argos Mini II
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA7F689F-88EB-4946-B105-4C434CF5B07A}" = BankID säkerhetsprogram
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"CCleaner" = CCleaner (remove only)
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"FLAC" = FLAC 1.2.1b (remove only)
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.6
"MKVtoolnix" = MKVtoolnix 3.0.0
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Picasa 3" = Picasa 3
"PrimoPDF4.1.0.9" = PrimoPDF
"PS3 Media Server" = PS3 Media Server
"SpeedFan" = SpeedFan (remove only)
"Spotify" = Spotify
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"VLC media player" = VLC media player 0.9.9

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4132941712-4001711240-1955874638-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2011-04-15 10:43:45 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-04-16 05:57:26 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-04-16 05:57:27 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-04-17 05:12:27 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-04-17 05:12:27 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-04-17 06:43:16 | Computer Name = Peter-PC | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 9.0.8112.16421, time
stamp 0x4d7622de, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x0000000000000000, process id 0xa98, application
start time 0x01cbfcec38760589.

Error - 2011-04-17 15:00:03 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-04-17 15:00:38 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-04-18 08:07:18 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2011-04-18 08:07:23 | Computer Name = Peter-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 2012-06-04 14:58:52 | Computer Name = Peter-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-04 15:01:38 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2012-06-04 17:16:20 | Computer Name = Peter-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-04 17:18:44 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2012-06-04 18:06:16 | Computer Name = Peter-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-05 05:36:10 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2012-06-05 17:37:33 | Computer Name = Peter-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-06 03:12:26 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 2012-06-06 17:24:57 | Computer Name = Peter-PC | Source = DCOM | ID = 10010
Description =

Error - 2012-06-07 06:49:45 | Computer Name = Peter-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
herrober
Regular Member
 
Posts: 15
Joined: June 4th, 2012, 5:34 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware