TechSpot

Need help removeing system check virus win7

By rmelbye
Jan 18, 2012
  1. Hi, so today i woke up turned on my comptuer started wrinting in word searched for some pictures on google, and suddenly MSE tells me it has found a serious threat, i remove it, 5 min after the "errors" accure and the system check starts,. I naturally get suspecius and google it on my laptop, and i see that others also are getting this virus.

    I have read through one fix of it here on this page, but i understand that i cant follow the guide as it is specific to that user.

    Therefore i post a new thread hopeing that someone can help me remove this virus :(

    thanks very much!!

    and btw does a format work, or will the files i backup still be infected?
     
  2. rmelbye

    rmelbye TS Rookie Topic Starter Posts: 42

    So just an update her, i left my computer while it was unhiding my files, and when i came back MSE was promting that i had to restart to finish cleaning my computer, and now it dosent start the system check, bot the startmenu is still ****ed up and my background is still black, should i proceed with the guide in one of the other threads`?
     
  3. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. rmelbye

    rmelbye TS Rookie Topic Starter Posts: 42

    first log file from MBAM

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.18.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Rasmus Melbye :: PIONEER [administrator]

    18-01-2012 18:56:23
    mbam-log-2012-01-18 (18-56-23).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 549916
    Time elapsed: 1 hour(s), 31 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 6
    C:\Users\Rasmus Melbye\Desktop\Backup af skrivebord 2\PDI\Backup Group 4\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exe (PUP.Hacktool.Office) -> Quarantined and deleted successfully.
    D:\$RECYCLE.BIN\S-1-5-21-1667449165-3236139713-1594889806-1001\$RTKN1SG\mini-KMS_Activator_v1.053.exe (PUP.Hacktool.Office) -> Quarantined and deleted successfully.
    D:\månedlig backup\Backup af skrivebord 2\PDI\Backup Group 4\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exe (PUP.Hacktool.Office) -> Quarantined and deleted successfully.
    D:\månedlig backup\PDI semester\PDI 1 semester\Group 4\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exe (PUP.Hacktool.Office) -> Quarantined and deleted successfully.
    D:\Rasmus Melbye\Desktop\Backup af skrivebord 2\PDI\Backup Group 4\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exe (PUP.Hacktool.Office) -> Quarantined and deleted successfully.
    D:\Spil\DIRT\SKIDROW.dll (Trojan.Downloader.H) -> Quarantined and deleted successfully.

    (end)

    I cant see anything resent here, only files I have had for ages, i will continue the steps
     
  5. rmelbye

    rmelbye TS Rookie Topic Starter Posts: 42

    just a brief question, if the gmer dosent find anything when i open it and i quick scans (log is empty) should i do a scan by pushing the scan botton in the program,?

    thanks btw.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    No. Proceed with next steps.
     
  7. rmelbye

    rmelbye TS Rookie Topic Starter Posts: 42

    When trying to run the DDS it just opens notepad with alot of strange symbols, should it be open'ed with notepad?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    No. That's infection doing its "job" :)

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  9. rmelbye

    rmelbye TS Rookie Topic Starter Posts: 42

    okay i did run that program ealier, but now i have done it again, the logs are here:

    first run:
    16:20:47.0097 5028 TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
    16:20:47.0175 5028 ============================================================
    16:20:47.0175 5028 Current date / time: 2012/01/18 16:20:47.0175
    16:20:47.0175 5028 SystemInfo:
    16:20:47.0175 5028
    16:20:47.0175 5028 OS Version: 6.1.7601 ServicePack: 1.0
    16:20:47.0175 5028 Product type: Workstation
    16:20:47.0175 5028 ComputerName: PIONEER
    16:20:47.0175 5028 UserName: Rasmus Melbye
    16:20:47.0175 5028 Windows directory: C:\Windows
    16:20:47.0175 5028 System windows directory: C:\Windows
    16:20:47.0175 5028 Running under WOW64
    16:20:47.0175 5028 Processor architecture: Intel x64
    16:20:47.0175 5028 Number of processors: 4
    16:20:47.0175 5028 Page size: 0x1000
    16:20:47.0175 5028 Boot type: Normal boot
    16:20:47.0175 5028 ============================================================
    16:20:47.0799 5028 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:20:56.0769 5028 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:21:02.0260 5028 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:21:02.0369 5028 Initialize success
    16:21:14.0131 4672 ============================================================
    16:21:14.0131 4672 Scan started
    16:21:14.0131 4672 Mode: Manual;
    16:21:14.0131 4672 ============================================================
    16:21:14.0475 4672 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    16:21:14.0490 4672 1394ohci - ok
    16:21:14.0506 4672 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    16:21:14.0506 4672 ACPI - ok
    16:21:14.0521 4672 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    16:21:14.0521 4672 AcpiPmi - ok
    16:21:14.0615 4672 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    16:21:14.0631 4672 adp94xx - ok
    16:21:14.0677 4672 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    16:21:14.0677 4672 adpahci - ok
    16:21:14.0709 4672 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    16:21:14.0709 4672 adpu320 - ok
    16:21:14.0755 4672 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    16:21:14.0755 4672 AFD - ok
    16:21:14.0771 4672 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    16:21:14.0771 4672 agp440 - ok
    16:21:14.0818 4672 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    16:21:14.0818 4672 aliide - ok
    16:21:14.0833 4672 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    16:21:14.0833 4672 amdide - ok
    16:21:14.0865 4672 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    16:21:14.0865 4672 AmdK8 - ok
    16:21:14.0880 4672 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    16:21:14.0880 4672 AmdPPM - ok
    16:21:14.0911 4672 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    16:21:14.0911 4672 amdsata - ok
    16:21:14.0943 4672 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    16:21:14.0943 4672 amdsbs - ok
    16:21:14.0943 4672 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    16:21:14.0943 4672 amdxata - ok
    16:21:14.0974 4672 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    16:21:14.0974 4672 AppID - ok
    16:21:15.0052 4672 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    16:21:15.0067 4672 arc - ok
    16:21:15.0083 4672 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    16:21:15.0083 4672 arcsas - ok
    16:21:15.0114 4672 AsIO - ok
    16:21:15.0177 4672 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    16:21:15.0177 4672 AsyncMac - ok
    16:21:15.0192 4672 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    16:21:15.0192 4672 atapi - ok
    16:21:15.0286 4672 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    16:21:15.0286 4672 b06bdrv - ok
    16:21:15.0333 4672 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    16:21:15.0333 4672 b57nd60a - ok
    16:21:15.0364 4672 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    16:21:15.0379 4672 Beep - ok
    16:21:15.0426 4672 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    16:21:15.0426 4672 blbdrive - ok
    16:21:15.0567 4672 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    16:21:15.0582 4672 bowser - ok
    16:21:15.0582 4672 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    16:21:15.0598 4672 BrFiltLo - ok
    16:21:15.0613 4672 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    16:21:15.0629 4672 BrFiltUp - ok
    16:21:15.0645 4672 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    16:21:15.0645 4672 Brserid - ok
    16:21:15.0660 4672 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    16:21:15.0660 4672 BrSerWdm - ok
    16:21:15.0676 4672 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:21:15.0676 4672 BrUsbMdm - ok
    16:21:15.0691 4672 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    16:21:15.0691 4672 BrUsbSer - ok
    16:21:15.0707 4672 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
    16:21:15.0723 4672 BthEnum - ok
    16:21:15.0738 4672 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    16:21:15.0738 4672 BTHMODEM - ok
    16:21:15.0754 4672 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    16:21:15.0769 4672 BthPan - ok
    16:21:15.0785 4672 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
    16:21:15.0785 4672 BTHPORT - ok
    16:21:15.0816 4672 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
    16:21:15.0816 4672 BTHUSB - ok
    16:21:15.0847 4672 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    16:21:15.0847 4672 cdfs - ok
    16:21:15.0894 4672 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    16:21:15.0894 4672 cdrom - ok
    16:21:15.0925 4672 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    16:21:15.0941 4672 circlass - ok
    16:21:15.0957 4672 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    16:21:15.0972 4672 CLFS - ok
    16:21:16.0081 4672 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    16:21:16.0081 4672 CmBatt - ok
    16:21:16.0097 4672 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    16:21:16.0097 4672 cmdide - ok
    16:21:16.0191 4672 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    16:21:16.0191 4672 CNG - ok
    16:21:16.0222 4672 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    16:21:16.0222 4672 Compbatt - ok
    16:21:16.0253 4672 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    16:21:16.0253 4672 CompositeBus - ok
    16:21:16.0269 4672 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    16:21:16.0284 4672 crcdisk - ok
    16:21:16.0331 4672 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    16:21:16.0331 4672 CSC - ok
    16:21:16.0378 4672 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    16:21:16.0378 4672 DfsC - ok
    16:21:16.0409 4672 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    16:21:16.0409 4672 discache - ok
    16:21:16.0425 4672 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    16:21:16.0440 4672 Disk - ok
    16:21:16.0487 4672 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    16:21:16.0487 4672 drmkaud - ok
    16:21:16.0518 4672 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    16:21:16.0534 4672 DXGKrnl - ok
    16:21:16.0612 4672 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    16:21:16.0674 4672 ebdrv - ok
    16:21:16.0737 4672 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    16:21:16.0737 4672 elxstor - ok
    16:21:16.0752 4672 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    16:21:16.0768 4672 ErrDev - ok
    16:21:16.0815 4672 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    16:21:16.0815 4672 exfat - ok
    16:21:16.0846 4672 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    16:21:16.0846 4672 fastfat - ok
    16:21:16.0877 4672 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    16:21:16.0877 4672 fdc - ok
    16:21:16.0908 4672 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    16:21:16.0908 4672 FileInfo - ok
    16:21:16.0924 4672 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    16:21:16.0924 4672 Filetrace - ok
    16:21:16.0955 4672 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    16:21:16.0955 4672 flpydisk - ok
    16:21:16.0986 4672 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    16:21:16.0986 4672 FltMgr - ok
    16:21:17.0017 4672 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    16:21:17.0017 4672 FsDepends - ok
    16:21:17.0049 4672 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    16:21:17.0049 4672 Fs_Rec - ok
    16:21:17.0080 4672 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    16:21:17.0080 4672 fvevol - ok
    16:21:17.0111 4672 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    16:21:17.0111 4672 gagp30kx - ok
    16:21:17.0173 4672 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    16:21:17.0173 4672 GEARAspiWDM - ok
    16:21:17.0251 4672 GPU-Z - ok
    16:21:17.0283 4672 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    16:21:17.0283 4672 hcw85cir - ok
    16:21:17.0314 4672 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    16:21:17.0329 4672 HdAudAddService - ok
    16:21:17.0345 4672 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    16:21:17.0345 4672 HDAudBus - ok
    16:21:17.0361 4672 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    16:21:17.0361 4672 HidBatt - ok
    16:21:17.0392 4672 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    16:21:17.0392 4672 HidBth - ok
    16:21:17.0423 4672 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    16:21:17.0423 4672 HidIr - ok
    16:21:17.0470 4672 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    16:21:17.0470 4672 HidUsb - ok
    16:21:17.0501 4672 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    16:21:17.0501 4672 HpSAMD - ok
    16:21:17.0532 4672 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
    16:21:17.0532 4672 HTCAND64 - ok
    16:21:17.0595 4672 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
    16:21:17.0595 4672 htcnprot - ok
    16:21:17.0641 4672 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    16:21:17.0657 4672 HTTP - ok
    16:21:17.0688 4672 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    16:21:17.0688 4672 hwpolicy - ok
    16:21:17.0719 4672 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    16:21:17.0719 4672 i8042prt - ok
    16:21:17.0766 4672 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    16:21:17.0766 4672 iaStorV - ok
    16:21:17.0797 4672 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    16:21:17.0797 4672 iirsp - ok
    16:21:17.0813 4672 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    16:21:17.0813 4672 intelide - ok
    16:21:17.0922 4672 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    16:21:17.0922 4672 intelppm - ok
    16:21:17.0985 4672 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:21:17.0985 4672 IpFilterDriver - ok
    16:21:18.0000 4672 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    16:21:18.0000 4672 IPMIDRV - ok
    16:21:18.0031 4672 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    16:21:18.0047 4672 IPNAT - ok
    16:21:18.0109 4672 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    16:21:18.0109 4672 IRENUM - ok
    16:21:18.0125 4672 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    16:21:18.0125 4672 isapnp - ok
    16:21:18.0141 4672 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    16:21:18.0156 4672 iScsiPrt - ok
    16:21:18.0187 4672 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    16:21:18.0187 4672 kbdclass - ok
    16:21:18.0203 4672 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    16:21:18.0203 4672 kbdhid - ok
    16:21:18.0250 4672 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    16:21:18.0265 4672 KSecDD - ok
    16:21:18.0281 4672 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    16:21:18.0281 4672 KSecPkg - ok
    16:21:18.0312 4672 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    16:21:18.0328 4672 ksthunk - ok
    16:21:18.0406 4672 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    16:21:18.0406 4672 lltdio - ok
    16:21:18.0437 4672 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    16:21:18.0437 4672 LSI_FC - ok
    16:21:18.0468 4672 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    16:21:18.0468 4672 LSI_SAS - ok
    16:21:18.0484 4672 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    16:21:18.0484 4672 LSI_SAS2 - ok
    16:21:18.0515 4672 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    16:21:18.0515 4672 LSI_SCSI - ok
    16:21:18.0546 4672 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    16:21:18.0546 4672 luafv - ok
    16:21:18.0562 4672 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    16:21:18.0562 4672 megasas - ok
    16:21:18.0593 4672 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    16:21:18.0593 4672 MegaSR - ok
    16:21:18.0640 4672 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    16:21:18.0640 4672 Modem - ok
    16:21:18.0671 4672 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    16:21:18.0671 4672 monitor - ok
    16:21:18.0702 4672 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    16:21:18.0702 4672 mouclass - ok
    16:21:18.0733 4672 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    16:21:18.0733 4672 mouhid - ok
    16:21:18.0811 4672 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    16:21:18.0811 4672 mountmgr - ok
    16:21:18.0874 4672 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
    16:21:18.0874 4672 MpFilter - ok
    16:21:18.0889 4672 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    16:21:18.0905 4672 mpio - ok
    16:21:18.0921 4672 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
    16:21:18.0921 4672 MpNWMon - ok
    16:21:18.0952 4672 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    16:21:18.0952 4672 mpsdrv - ok
    16:21:18.0983 4672 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    16:21:18.0983 4672 MRxDAV - ok
    16:21:19.0014 4672 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:21:19.0014 4672 mrxsmb - ok
    16:21:19.0045 4672 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:21:19.0061 4672 mrxsmb10 - ok
    16:21:19.0077 4672 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:21:19.0077 4672 mrxsmb20 - ok
    16:21:19.0108 4672 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    16:21:19.0108 4672 msahci - ok
    16:21:19.0123 4672 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    16:21:19.0123 4672 msdsm - ok
    16:21:19.0170 4672 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    16:21:19.0170 4672 Msfs - ok
    16:21:19.0201 4672 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    16:21:19.0201 4672 mshidkmdf - ok
    16:21:19.0233 4672 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    16:21:19.0233 4672 msisadrv - ok
    16:21:19.0264 4672 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    16:21:19.0264 4672 MSKSSRV - ok
    16:21:19.0311 4672 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    16:21:19.0311 4672 MSPCLOCK - ok
    16:21:19.0311 4672 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    16:21:19.0326 4672 MSPQM - ok
    16:21:19.0357 4672 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    16:21:19.0373 4672 MsRPC - ok
    16:21:19.0389 4672 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    16:21:19.0389 4672 mssmbios - ok
    16:21:19.0404 4672 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    16:21:19.0404 4672 MSTEE - ok
    16:21:19.0420 4672 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    16:21:19.0420 4672 MTConfig - ok
    16:21:19.0467 4672 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
    16:21:19.0467 4672 MTsensor - ok
    16:21:19.0482 4672 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    16:21:19.0482 4672 Mup - ok
    16:21:19.0513 4672 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    16:21:19.0529 4672 NativeWifiP - ok
    16:21:19.0576 4672 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    16:21:19.0591 4672 NDIS - ok
    16:21:19.0607 4672 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    16:21:19.0607 4672 NdisCap - ok
    16:21:19.0638 4672 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    16:21:19.0638 4672 NdisTapi - ok
    16:21:19.0685 4672 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    16:21:19.0685 4672 Ndisuio - ok
    16:21:19.0716 4672 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    16:21:19.0716 4672 NdisWan - ok
    16:21:19.0747 4672 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    16:21:19.0747 4672 NDProxy - ok
    16:21:19.0794 4672 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    16:21:19.0794 4672 NetBIOS - ok
    16:21:19.0810 4672 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    16:21:19.0810 4672 NetBT - ok
    16:21:19.0935 4672 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    16:21:19.0935 4672 nfrd960 - ok
    16:21:19.0966 4672 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    16:21:19.0966 4672 NisDrv - ok
    16:21:19.0997 4672 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    16:21:20.0013 4672 Npfs - ok
    16:21:20.0013 4672 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    16:21:20.0013 4672 nsiproxy - ok
    16:21:20.0091 4672 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    16:21:20.0137 4672 Ntfs - ok
    16:21:20.0169 4672 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    16:21:20.0169 4672 Null - ok
    16:21:20.0184 4672 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
    16:21:20.0200 4672 nusb3hub - ok
    16:21:20.0215 4672 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    16:21:20.0215 4672 nusb3xhc - ok
    16:21:20.0278 4672 NVHDA (dd743dc997f26eddfdcebe7146b458b8) C:\Windows\system32\drivers\nvhda64v.sys
    16:21:20.0278 4672 NVHDA - ok
    16:21:20.0559 4672 nvlddmkm (fd7ea1dcfbe760f04146024697329843) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    16:21:20.0605 4672 nvlddmkm - ok
    16:21:20.0637 4672 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    16:21:20.0637 4672 nvraid - ok
    16:21:20.0652 4672 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    16:21:20.0652 4672 nvstor - ok
    16:21:20.0699 4672 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    16:21:20.0699 4672 nv_agp - ok
    16:21:20.0715 4672 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    16:21:20.0715 4672 ohci1394 - ok
    16:21:20.0746 4672 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    16:21:20.0761 4672 Parport - ok
    16:21:20.0777 4672 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    16:21:20.0777 4672 partmgr - ok
    16:21:20.0793 4672 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    16:21:20.0808 4672 pci - ok
    16:21:20.0824 4672 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    16:21:20.0824 4672 pciide - ok
    16:21:20.0839 4672 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    16:21:20.0839 4672 pcmcia - ok
    16:21:20.0855 4672 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    16:21:20.0855 4672 pcw - ok
    16:21:20.0902 4672 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    16:21:20.0917 4672 PEAUTH - ok
    16:21:21.0058 4672 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    16:21:21.0058 4672 PptpMiniport - ok
    16:21:21.0073 4672 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    16:21:21.0073 4672 Processor - ok
    16:21:21.0120 4672 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    16:21:21.0120 4672 Psched - ok
    16:21:21.0167 4672 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    16:21:21.0198 4672 ql2300 - ok
    16:21:21.0229 4672 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    16:21:21.0229 4672 ql40xx - ok
    16:21:21.0245 4672 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    16:21:21.0245 4672 QWAVEdrv - ok
    16:21:21.0276 4672 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    16:21:21.0292 4672 RasAcd - ok
    16:21:21.0323 4672 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:21:21.0323 4672 RasAgileVpn - ok
    16:21:21.0370 4672 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:21:21.0370 4672 Rasl2tp - ok
    16:21:21.0417 4672 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    16:21:21.0417 4672 RasPppoe - ok
    16:21:21.0463 4672 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    16:21:21.0463 4672 RasSstp - ok
    16:21:21.0495 4672 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    16:21:21.0495 4672 rdbss - ok
    16:21:21.0526 4672 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    16:21:21.0526 4672 rdpbus - ok
    16:21:21.0557 4672 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:21:21.0557 4672 RDPCDD - ok
    16:21:21.0573 4672 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    16:21:21.0573 4672 RDPDR - ok
    16:21:21.0588 4672 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    16:21:21.0588 4672 RDPENCDD - ok
    16:21:21.0604 4672 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    16:21:21.0604 4672 RDPREFMP - ok
    16:21:21.0651 4672 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
    16:21:21.0651 4672 RdpVideoMiniport - ok
    16:21:21.0666 4672 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    16:21:21.0682 4672 RDPWD - ok
    16:21:21.0713 4672 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    16:21:21.0713 4672 rdyboost - ok
    16:21:21.0760 4672 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    16:21:21.0760 4672 RFCOMM - ok
    16:21:21.0822 4672 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    16:21:21.0822 4672 rspndr - ok
    16:21:21.0885 4672 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
    16:21:21.0900 4672 RTL8167 - ok
    16:21:21.0916 4672 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    16:21:21.0916 4672 s3cap - ok
    16:21:21.0931 4672 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    16:21:21.0931 4672 sbp2port - ok
    16:21:21.0963 4672 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    16:21:21.0963 4672 scfilter - ok
    16:21:21.0994 4672 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    16:21:22.0009 4672 secdrv - ok
    16:21:22.0041 4672 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    16:21:22.0041 4672 Serenum - ok
    16:21:22.0072 4672 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    16:21:22.0072 4672 Serial - ok
    16:21:22.0119 4672 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    16:21:22.0119 4672 sermouse - ok
    16:21:22.0150 4672 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    16:21:22.0150 4672 sffdisk - ok
    16:21:22.0165 4672 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    16:21:22.0181 4672 sffp_mmc - ok
    16:21:22.0197 4672 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    16:21:22.0197 4672 sffp_sd - ok
    16:21:22.0212 4672 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    16:21:22.0212 4672 sfloppy - ok
    16:21:22.0243 4672 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    16:21:22.0259 4672 SiSRaid2 - ok
    16:21:22.0275 4672 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    16:21:22.0275 4672 SiSRaid4 - ok
    16:21:22.0306 4672 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    16:21:22.0306 4672 Smb - ok
    16:21:22.0337 4672 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    16:21:22.0337 4672 spldr - ok
    16:21:22.0431 4672 sptd (4b3f898dc1378ced2f35d04e5b0ce0df) C:\Windows\System32\Drivers\sptd.sys
    16:21:22.0431 4672 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: 4b3f898dc1378ced2f35d04e5b0ce0df
    16:21:22.0431 4672 sptd ( LockedFile.Multi.Generic ) - warning
    16:21:22.0431 4672 sptd - detected LockedFile.Multi.Generic (1)
    16:21:22.0477 4672 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    16:21:22.0477 4672 srv - ok
    16:21:22.0509 4672 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    16:21:22.0509 4672 srv2 - ok
    16:21:22.0540 4672 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    16:21:22.0540 4672 srvnet - ok
    16:21:22.0618 4672 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    16:21:22.0633 4672 stexstor - ok
    16:21:22.0680 4672 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    16:21:22.0680 4672 storflt - ok
    16:21:22.0696 4672 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    16:21:22.0696 4672 storvsc - ok
    16:21:22.0727 4672 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    16:21:22.0727 4672 swenum - ok
    16:21:22.0758 4672 Synth3dVsc - ok
    16:21:22.0836 4672 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    16:21:22.0899 4672 Tcpip - ok
    16:21:23.0070 4672 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    16:21:23.0086 4672 TCPIP6 - ok
    16:21:23.0117 4672 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    16:21:23.0133 4672 tcpipreg - ok
    16:21:23.0148 4672 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    16:21:23.0148 4672 TDPIPE - ok
    16:21:23.0164 4672 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    16:21:23.0179 4672 TDTCP - ok
    16:21:23.0211 4672 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    16:21:23.0211 4672 tdx - ok
    16:21:23.0226 4672 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    16:21:23.0226 4672 TermDD - ok
    16:21:23.0273 4672 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:21:23.0273 4672 tssecsrv - ok
    16:21:23.0304 4672 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    16:21:23.0304 4672 TsUsbFlt - ok
    16:21:23.0304 4672 tsusbhub - ok
    16:21:23.0335 4672 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    16:21:23.0335 4672 tunnel - ok
    16:21:23.0367 4672 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    16:21:23.0367 4672 uagp35 - ok
    16:21:23.0382 4672 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    16:21:23.0398 4672 udfs - ok
    16:21:23.0429 4672 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    16:21:23.0429 4672 uliagpkx - ok
    16:21:23.0445 4672 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    16:21:23.0445 4672 umbus - ok
    16:21:23.0476 4672 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    16:21:23.0476 4672 UmPass - ok
    16:21:23.0507 4672 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    16:21:23.0507 4672 USBAAPL64 - ok
    16:21:23.0538 4672 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    16:21:23.0538 4672 usbccgp - ok
    16:21:23.0554 4672 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    16:21:23.0554 4672 usbcir - ok
    16:21:23.0585 4672 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    16:21:23.0585 4672 usbehci - ok
    16:21:23.0616 4672 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    16:21:23.0616 4672 usbhub - ok
    16:21:23.0647 4672 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    16:21:23.0647 4672 usbohci - ok
    16:21:23.0663 4672 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    16:21:23.0663 4672 usbprint - ok
    16:21:23.0679 4672 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:21:23.0694 4672 USBSTOR - ok
    16:21:23.0710 4672 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    16:21:23.0710 4672 usbuhci - ok
    16:21:23.0803 4672 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
    16:21:23.0803 4672 usb_rndisx - ok
    16:21:23.0819 4672 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    16:21:23.0819 4672 vdrvroot - ok
    16:21:23.0866 4672 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    16:21:23.0866 4672 vga - ok
    16:21:23.0897 4672 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    16:21:23.0897 4672 VgaSave - ok
    16:21:23.0913 4672 VGPU - ok
    16:21:23.0928 4672 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    16:21:23.0944 4672 vhdmp - ok
    16:21:24.0022 4672 VIAHdAudAddService (8f69c38a8ba725f891f26aac8888696e) C:\Windows\system32\drivers\viahduaa.sys
    16:21:24.0022 4672 VIAHdAudAddService - ok
    16:21:24.0069 4672 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    16:21:24.0069 4672 viaide - ok
    16:21:24.0100 4672 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    16:21:24.0100 4672 vmbus - ok
    16:21:24.0115 4672 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    16:21:24.0115 4672 VMBusHID - ok
    16:21:24.0131 4672 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    16:21:24.0131 4672 volmgr - ok
    16:21:24.0178 4672 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    16:21:24.0178 4672 volmgrx - ok
    16:21:24.0193 4672 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    16:21:24.0209 4672 volsnap - ok
    16:21:24.0240 4672 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    16:21:24.0240 4672 vsmraid - ok
    16:21:24.0271 4672 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    16:21:24.0271 4672 vwifibus - ok
    16:21:24.0303 4672 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    16:21:24.0303 4672 WacomPen - ok
    16:21:24.0334 4672 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    16:21:24.0334 4672 WANARP - ok
    16:21:24.0349 4672 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    16:21:24.0349 4672 Wanarpv6 - ok
    16:21:24.0396 4672 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    16:21:24.0396 4672 Wd - ok
    16:21:24.0427 4672 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
    16:21:24.0427 4672 WDC_SAM - ok
    16:21:24.0474 4672 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    16:21:24.0474 4672 Wdf01000 - ok
    16:21:24.0537 4672 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    16:21:24.0537 4672 WfpLwf - ok
    16:21:24.0568 4672 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    16:21:24.0568 4672 WIMMount - ok
    16:21:24.0646 4672 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    16:21:24.0646 4672 WinUsb - ok
    16:21:24.0724 4672 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    16:21:24.0724 4672 WmiAcpi - ok
    16:21:24.0771 4672 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    16:21:24.0771 4672 ws2ifsl - ok
    16:21:24.0802 4672 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    16:21:24.0802 4672 WudfPf - ok
    16:21:24.0849 4672 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:21:24.0864 4672 WUDFRd - ok
    16:21:24.0895 4672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    16:21:24.0973 4672 \Device\Harddisk0\DR0 - ok
    16:21:24.0973 4672 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    16:21:24.0989 4672 \Device\Harddisk1\DR1 - ok
    16:21:24.0989 4672 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
    16:21:24.0989 4672 \Device\Harddisk2\DR2 - ok
    16:21:24.0989 4672 Boot (0x1200) (e72fb13392065c487bf10821688092cb) \Device\Harddisk0\DR0\Partition0
    16:21:25.0005 4672 \Device\Harddisk0\DR0\Partition0 - ok
    16:21:25.0020 4672 Boot (0x1200) (07d9854d3117a53c795c4b251bf79525) \Device\Harddisk0\DR0\Partition1
    16:21:25.0020 4672 \Device\Harddisk0\DR0\Partition1 - ok
    16:21:25.0020 4672 Boot (0x1200) (f24ba3e5c809c830963a0fa18a5ae5c4) \Device\Harddisk1\DR1\Partition0
    16:21:25.0020 4672 \Device\Harddisk1\DR1\Partition0 - ok
    16:21:25.0020 4672 Boot (0x1200) (c48a9945301478aae27f4ba2791bc080) \Device\Harddisk2\DR2\Partition0
    16:21:25.0020 4672 \Device\Harddisk2\DR2\Partition0 - ok
    16:21:25.0020 4672 ============================================================
    16:21:25.0020 4672 Scan finished
    16:21:25.0020 4672 ============================================================
    16:21:25.0036 4000 Detected object count: 1
    16:21:25.0036 4000 Actual detected object count: 1
    16:21:50.0916 4000 C:\Windows\System32\Drivers\sptd.sys - copied to quarantine
    16:21:52.0071 4000 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
    16:22:01.0867 4356 Deinitialize success
     
  10. rmelbye

    rmelbye TS Rookie Topic Starter Posts: 42

    duplicate.............
     
  11. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  12. rmelbye

    rmelbye TS Rookie Topic Starter Posts: 42

    aswMBR:

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-18 21:49:32
    -----------------------------
    21:49:32.469 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:49:32.469 Number of processors: 4 586 0x2502
    21:49:32.470 ComputerName: PIONEER UserName:
    21:49:35.454 Initialize success
    21:50:19.616 AVAST engine defs: 12011801
    21:50:31.038 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-d
    21:50:31.041 Disk 0 Vendor: ST2000DL003-9VT166 CC45 Size: 1907729MB BusType: 3
    21:50:31.045 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-4
    21:50:31.048 Disk 1 Vendor: SAMSUNG_HD154UI 1AG01118 Size: 1430799MB BusType: 3
    21:50:31.052 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T0L0-5
    21:50:31.056 Disk 2 Vendor: SAMSUNG_HD321KJ CP100-11 Size: 305245MB BusType: 3
    21:50:31.081 Disk 0 MBR read successfully
    21:50:31.086 Disk 0 MBR scan
    21:50:31.093 Disk 0 Windows 7 default MBR code
    21:50:31.108 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100000 MB offset 2048
    21:50:31.175 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1807727 MB offset 204802048
    21:50:31.212 Service scanning
    21:50:31.784 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    21:50:31.830 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    21:50:32.368 Modules scanning
    21:50:32.376 Disk 0 trace - called modules:
    21:50:32.414 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80070582c0]<<
    21:50:32.422 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007846060]
    21:50:32.429 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-d[0xfffffa8007550060]
    21:50:32.436 \Driver\atapi[0xfffffa800751c6a0] -> IRP_MJ_CREATE -> 0xfffffa80070582c0
    21:50:36.021 AVAST engine scan C:\Windows
    21:50:59.250 AVAST engine scan C:\Windows\system32
    21:53:19.363 AVAST engine scan C:\Windows\system32\drivers
    21:53:38.390 AVAST engine scan C:\Users\Rasmus Melbye
    21:55:43.772 Disk 0 MBR has been saved successfully to "C:\Users\Rasmus Melbye\Desktop\MBR.dat"
    21:55:43.817 The log file has been saved successfully to "C:\Users\Rasmus Melbye\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-18 21:49:32
    -----------------------------
    21:49:32.469 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:49:32.469 Number of processors: 4 586 0x2502
    21:49:32.470 ComputerName: PIONEER UserName:
    21:49:35.454 Initialize success
    21:50:19.616 AVAST engine defs: 12011801
    21:50:31.038 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-d
    21:50:31.041 Disk 0 Vendor: ST2000DL003-9VT166 CC45 Size: 1907729MB BusType: 3
    21:50:31.045 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-4
    21:50:31.048 Disk 1 Vendor: SAMSUNG_HD154UI 1AG01118 Size: 1430799MB BusType: 3
    21:50:31.052 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T0L0-5
    21:50:31.056 Disk 2 Vendor: SAMSUNG_HD321KJ CP100-11 Size: 305245MB BusType: 3
    21:50:31.081 Disk 0 MBR read successfully
    21:50:31.086 Disk 0 MBR scan
    21:50:31.093 Disk 0 Windows 7 default MBR code
    21:50:31.108 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100000 MB offset 2048
    21:50:31.175 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1807727 MB offset 204802048
    21:50:31.212 Service scanning
    21:50:31.784 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    21:50:31.830 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    21:50:32.368 Modules scanning
    21:50:32.376 Disk 0 trace - called modules:
    21:50:32.414 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80070582c0]<<
    21:50:32.422 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007846060]
    21:50:32.429 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-d[0xfffffa8007550060]
    21:50:32.436 \Driver\atapi[0xfffffa800751c6a0] -> IRP_MJ_CREATE -> 0xfffffa80070582c0
    21:50:36.021 AVAST engine scan C:\Windows
    21:50:59.250 AVAST engine scan C:\Windows\system32
    21:53:19.363 AVAST engine scan C:\Windows\system32\drivers
    21:53:38.390 AVAST engine scan C:\Users\Rasmus Melbye
    21:55:43.772 Disk 0 MBR has been saved successfully to "C:\Users\Rasmus Melbye\Desktop\MBR.dat"
    21:55:43.817 The log file has been saved successfully to "C:\Users\Rasmus Melbye\Desktop\aswMBR.txt"
    22:01:56.725 AVAST engine scan C:\ProgramData
    22:03:41.751 Scan finished successfully
    22:12:11.131 Disk 0 MBR has been saved successfully to "C:\Users\Rasmus Melbye\Desktop\MBR.dat"
    22:12:11.177 The log file has been saved successfully to "C:\Users\Rasmus Melbye\Desktop\aswMBR.txt"
     
  13. rmelbye

    rmelbye TS Rookie Topic Starter Posts: 42

    Should i push "FixMBR" in MBR
     
  14. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    No. Do only what my instructions say.
     
  15. rmelbye

    rmelbye TS Rookie Topic Starter Posts: 42

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 64
    -bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    1863 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  16. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  17. rmelbye

    rmelbye TS Rookie Topic Starter Posts: 42

    ComboFix 12-01-18.04 - Rasmus Melbye 18-01-2012 22:55:20.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.45.1033.18.8190.6014 [GMT 1:00]
    Kører fra: c:\users\Rasmus Melbye\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Dannede nyt systemgendannelsespunkt
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\~zjOlGvZGP9MiGh
    c:\programdata\~zjOlGvZGP9MiGhr
    c:\programdata\zjOlGvZGP9MiGh
    c:\users\Rasmus Melbye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    c:\users\Rasmus Melbye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
    c:\users\Rasmus Melbye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
    c:\windows\Downloaded Program Files\IDropPTB.dll
    c:\windows\SysWow64\tmp85C7.tmp
    c:\windows\SysWow64\tmp85C8.tmp
    .
    .
    ((((((((((((((((((((((((((((( Filer skabt fra 2011-12-18 til 2012-01-18 )))))))))))))))))))))))))))))))))))
    .
    .
    2012-01-18 20:09 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02154C9F-0132-48CC-9200-3AD4D05D7EED}\mpengine.dll
    2012-01-18 15:54 . 2012-01-18 15:54 -------- d-----w- c:\users\Rasmus Melbye\AppData\Roaming\SUPERAntiSpyware.com
    2012-01-18 15:52 . 2012-01-18 15:53 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-01-18 15:52 . 2012-01-18 15:52 -------- d-----w- c:\programdata\SUPERSetup
    2012-01-18 15:21 . 2012-01-18 15:40 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-01-16 09:54 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2012-01-16 09:54 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
    2012-01-16 09:54 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2012-01-16 09:54 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-16 09:54 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-01-16 09:54 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-01-16 09:54 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-01-16 09:53 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
    2012-01-16 09:53 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-01-13 15:02 . 2012-01-13 15:02 -------- d-----w- c:\program files\iTunes
    2012-01-13 15:02 . 2012-01-13 15:02 -------- d-----w- c:\program files (x86)\iTunes
    2012-01-13 15:02 . 2012-01-13 15:02 -------- d-----w- c:\program files\iPod
    2012-01-12 21:29 . 2012-01-18 21:37 -------- d--h--w- c:\users\Rasmus Melbye\AppData\Roaming\TS3Client
    2012-01-12 21:28 . 2012-01-18 21:37 -------- d--h--w- c:\users\Rasmus Melbye\AppData\Local\TeamSpeak 3 Client
    2012-01-10 15:34 . 2012-01-10 15:34 -------- d-----w- c:\users\Rasmus Melbye\AppData\Local\Google
    2012-01-06 15:48 . 2012-01-06 15:48 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
    2012-01-06 15:48 . 2012-01-06 15:48 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
    2012-01-06 15:48 . 2012-01-06 15:48 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
    2012-01-06 15:48 . 2012-01-06 15:48 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
    2012-01-02 19:15 . 2012-01-18 21:37 -------- d--h--w- c:\users\Rasmus Melbye\AppData\Local\uxsoft
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-31 13:18 . 2011-05-27 16:37 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2011-12-31 13:18 . 2011-05-26 13:10 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2011-12-31 13:17 . 2011-05-26 13:10 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2011-12-17 21:05 . 2011-08-13 14:29 1715008 ----a-w- c:\windows\system32\nvdispco64.dll
    2011-12-17 21:05 . 2011-08-13 14:29 1454912 ----a-w- c:\windows\system32\nvgenco64.dll
    2011-12-17 21:05 . 2011-06-30 10:10 14863680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-12-17 21:05 . 2011-05-21 16:18 9622336 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-12-17 21:05 . 2011-05-21 16:18 2403136 ----a-w- c:\windows\system32\nvapi64.dll
    2011-12-17 20:08 . 2011-04-07 21:19 6004544 ----a-w- c:\windows\system32\nvcpl.dll
    2011-12-17 20:08 . 2011-04-07 21:19 3028800 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-12-17 20:08 . 2011-08-13 14:30 2562368 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-12-17 20:08 . 2011-04-07 21:19 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2011-12-17 20:08 . 2011-04-07 21:19 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-12-17 20:08 . 2011-04-07 21:19 63296 ----a-w- c:\windows\system32\nvshext.dll
    2011-12-17 11:43 . 2011-12-17 11:43 406336 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2011-12-10 14:24 . 2011-06-18 10:44 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-06 09:32 . 2011-05-26 13:10 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2011-11-21 11:40 . 2011-05-17 14:02 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-11-15 20:25 . 2011-05-17 19:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-09 14:21 . 2011-12-01 10:00 31040 ----a-w- c:\windows\system32\nvhdap64.dll
    2011-11-09 14:21 . 2011-12-01 10:00 187200 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
    2011-11-09 14:21 . 2011-12-01 10:00 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
    2011-10-24 12:29 . 2011-10-24 12:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 12:29 . 2011-10-24 12:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Bemærk* tomme linier & lovlige standard linier vises ikke
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ---ha-w- c:\users\Rasmus Melbye\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ---ha-w- c:\users\Rasmus Melbye\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ---ha-w- c:\users\Rasmus Melbye\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-08-11 2472048]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    .
    c:\users\Rasmus Melbye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Rasmus Melbye\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
    GmoteServer.lnk - c:\program files (x86)\GmoteServer\GmoteServer.exe [2011-7-16 451584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-05-17 1431888]
    R3 GPU-Z;GPU-Z;c:\users\RASMUS~1\AppData\Local\Temp\GPU-Z.sys [x]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub; [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
    S2 mitsijm2012;Autodesk Moldflow Inventor Tool Suite Integration 2012 Job Manager;d:\programmer\Inventor\Inventor 2012\Moldflow\bin\mitsijm.exe [2010-12-07 848184]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2011-12-17 2348864]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-12-17 381248]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Andre Services/Drivers i Hukommelsen ---
    .
    *NewlyCreated* - 57616386
    *NewlyCreated* - ASWMBR
    *Deregistered* - 57616386
    *Deregistered* - aswMBR
    .
    Indhold af mappen 'Planlagte Opgaver'
    .
    2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1667449165-3236139713-1594889806-1001Core.job
    - c:\users\Rasmus Melbye\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-10 15:34]
    .
    2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1667449165-3236139713-1594889806-1001UA.job
    - c:\users\Rasmus Melbye\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-10 15:34]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ---ha-w- c:\users\Rasmus Melbye\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ---ha-w- c:\users\Rasmus Melbye\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ---ha-w- c:\users\Rasmus Melbye\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ---ha-w- c:\users\Rasmus Melbye\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Yderligere scanning -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 194.239.134.83
    FF - ProfilePath - c:\users\Rasmus Melbye\AppData\Roaming\Mozilla\Firefox\Profiles\g3einov8.default\
    FF - prefs.js: browser.startup.homepage - www.google.dk
    .
    - - - - TOMME GENVEJE FJERNET - - - -
    .
    Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Rasmus Melbye\AppData\Local\Akamai\netsession_win.exe
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
    .
    .
    .
    --------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
    .
    [HKEY_USERS\S-1-5-21-1667449165-3236139713-1594889806-1001\Software\SecuROM\License information*]
    "datasecu"=hex:aa,a7,94,42,bb,01,10,d3,2e,e4,0b,9d,21,5a,56,63,87,49,9e,d4,9c,
    51,95,b1,8a,18,9b,64,fe,cb,6c,c2,f8,7a,5f,88,25,de,10,50,8b,75,5c,fc,b1,35,\
    "rkeysecu"=hex:4f,ee,cf,9c,d2,89,c9,89,bb,03,01,31,12,4e,6f,3d
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Gennemført tid: 2012-01-18 23:04:18
    ComboFix-quarantined-files.txt 2012-01-18 22:04
    .
    Pre-Kørsel: 36.240.773.120 byte ledig
    Post-Kørsel: 36.119.515.136 byte ledig
    .
    - - End Of File - - 0B6035C8291507D53E9918FDDEF76FE0
     
  18. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. rmelbye

    rmelbye TS Rookie Topic Starter Posts: 42

    it is doing alot better, i can actually pick a background picture now., thx very much i <3 this forum

    OLT.T 1/2

    OTL logfile created on: 18-01-2012 23:13:01 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rasmus Melbye\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

    8,00 Gb Total Physical Memory | 5,39 Gb Available Physical Memory | 67,43% Memory free
    15,99 Gb Paging File | 13,56 Gb Available in Paging File | 84,77% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 97,66 Gb Total Space | 33,69 Gb Free Space | 34,50% Space Free | Partition Type: NTFS
    Drive D: | 1765,36 Gb Total Space | 426,62 Gb Free Space | 24,17% Space Free | Partition Type: NTFS
    Drive F: | 1397,26 Gb Total Space | 1397,13 Gb Free Space | 99,99% Space Free | Partition Type: NTFS
    Drive H: | 298,09 Gb Total Space | 78,09 Gb Free Space | 26,20% Space Free | Partition Type: NTFS

    Computer Name: PIONEER | User Name: Rasmus Melbye | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-01-18 23:11:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rasmus Melbye\Desktop\OTL.exe
    PRC - [2012-01-06 16:48:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2011-12-17 22:05:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2011-12-17 12:43:30 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011-12-06 10:32:59 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2011-08-12 16:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2011-06-06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011-01-20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2009-11-26 23:13:32 | 007,274,496 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
    PRC - [2009-08-19 18:56:38 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012-01-06 16:48:05 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2011-12-17 12:43:16 | 000,349,504 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
    MOD - [2011-06-24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011-06-24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010-01-21 00:34:10 | 008,793,952 | ---- | M] () -- C:\PROGRA~2\MICROS~2\Office14\1033\GrooveIntlResource.dll
    MOD - [2010-01-09 19:18:18 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    MOD - [2009-09-30 10:33:06 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll
    MOD - [2009-08-27 18:41:46 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll
    MOD - [2009-08-27 18:41:46 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\AsSpindownTimeout.dll
    MOD - [2009-04-22 19:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\ASUSSERVICE.DLL


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011-08-12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2011-05-17 22:36:59 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2011-04-27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2011-04-27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2011-12-17 22:05:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2011-12-17 12:43:30 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011-12-06 10:32:59 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2011-10-16 10:54:09 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011-08-12 16:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2011-06-29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
    SRV - [2011-06-06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010-12-07 16:30:00 | 000,848,184 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- D:\Programmer\Inventor\Inventor 2012\Moldflow\bin\mitsijm.exe -- (mitsijm2012)
    SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009-08-19 18:56:38 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011-11-09 15:21:39 | 000,187,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011-07-22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
    DRV:64bit: - [2011-07-12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
    DRV:64bit: - [2011-05-18 09:03:34 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2011-05-10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011-04-27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2011-03-21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010-11-20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010-11-20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010-08-04 20:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2010-06-25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2010-01-22 11:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010-01-22 11:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2009-11-01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009-07-16 10:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-07-14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009-05-18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008-05-06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm






    IE - HKU\S-1-5-21-1667449165-3236139713-1594889806-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da-DK
    IE - HKU\S-1-5-21-1667449165-3236139713-1594889806-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 66 2B 18 70 A8 CC 01 [binary data]
    IE - HKU\S-1-5-21-1667449165-3236139713-1594889806-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1667449165-3236139713-1594889806-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.dk"

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rasmus Melbye\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rasmus Melbye\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-01-06 16:48:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-11-03 21:54:21 | 000,000,000 | ---D | M]

    [2011-05-17 14:46:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rasmus Melbye\AppData\Roaming\mozilla\Extensions
    [2011-11-29 22:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rasmus Melbye\AppData\Roaming\mozilla\Firefox\Profiles\g3einov8.default\extensions
    [2012-01-18 22:37:52 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Rasmus Melbye\AppData\Roaming\mozilla\Firefox\Profiles\g3einov8.default\extensions\en-GB@dictionaries.addons.mozilla.org
    [2011-11-10 14:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2011-11-21 13:51:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012-01-06 16:48:06 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011-09-03 01:48:49 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml
    [2011-09-03 01:04:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011-09-03 01:48:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Rasmus Melbye\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rasmus Melbye\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rasmus Melbye\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll
    CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Rasmus Melbye\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Rasmus Melbye\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google-s\u00F8gning = C:\Users\Rasmus Melbye\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: Gmail = C:\Users\Rasmus Melbye\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

    O1 HOSTS File: ([2012-01-18 22:58:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKU\S-1-5-21-1667449165-3236139713-1594889806-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-1667449165-3236139713-1594889806-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-1667449165-3236139713-1594889806-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1667449165-3236139713-1594889806-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Rasmus Melbye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rasmus Melbye\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Rasmus Melbye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GmoteServer.lnk = C:\Program Files (x86)\GmoteServer\GmoteServer.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1667449165-3236139713-1594889806-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1667449165-3236139713-1594889806-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1667449165-3236139713-1594889806-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 194.239.134.83
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BC7D4FD-55F0-4B01-818D-775B1782F967}: DhcpNameServer = 208.67.222.222 208.67.220.220 194.239.134.83
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3543F474-AA1F-4B78-B0E4-C64E34D685BF}: DhcpNameServer = 192.168.42.129
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
    Drivers32: msacm.divxa32 - C:\Windows\SysWow64\DivXa32.acm (Packed With Joy !)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.divx - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - C:\Windows\SysWow64\ff_vfw.dll ()
    Drivers32: VIDC.RTV1 - rtvcvfw32.dll File not found
    Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-01-18 23:11:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rasmus Melbye\Desktop\OTL.exe
    [2012-01-18 23:06:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012-01-18 23:04:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012-01-18 22:54:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012-01-18 22:54:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012-01-18 22:54:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012-01-18 22:54:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012-01-18 22:54:05 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012-01-18 22:51:52 | 004,387,138 | R--- | C] (Swearware) -- C:\Users\Rasmus Melbye\Desktop\ComboFix.exe
    [2012-01-18 22:25:51 | 000,000,000 | ---D | C] -- C:\Users\Rasmus Melbye\Desktop\bootkit_remover
    [2012-01-18 21:48:57 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Rasmus Melbye\Desktop\aswMBR.exe
    [2012-01-18 21:25:31 | 001,975,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rasmus Melbye\Desktop\tdsskiller.exe
    [2012-01-18 21:17:52 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Rasmus Melbye\Desktop\dds(1).scr
    [2012-01-18 21:13:21 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Rasmus Melbye\Desktop\dds.scr
    [2012-01-18 18:52:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Rasmus Melbye\Desktop\TFC.exe
    [2012-01-18 16:54:15 | 000,000,000 | ---D | C] -- C:\Users\Rasmus Melbye\AppData\Roaming\SUPERAntiSpyware.com
    [2012-01-18 16:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012-01-18 16:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012-01-18 16:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
    [2012-01-18 16:51:30 | 014,103,168 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Rasmus Melbye\Desktop\SUPERAntiSpyware.exe
    [2012-01-18 16:24:10 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rasmus Melbye\Desktop\mbam-setup-1.60.0.1800.exe
    [2012-01-18 16:21:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012-01-18 16:20:09 | 000,000,000 | ---D | C] -- C:\Users\Rasmus Melbye\Desktop\tdsskiller
    [2012-01-18 11:19:07 | 000,000,000 | ---D | C] -- C:\Users\Rasmus Melbye\Desktop\Webshop
    [2012-01-13 16:02:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012-01-13 16:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012-01-13 16:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012-01-13 16:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012-01-12 22:29:32 | 000,000,000 | ---D | C] -- C:\Users\Rasmus Melbye\AppData\Roaming\TS3Client
    [2012-01-12 22:28:20 | 000,000,000 | ---D | C] -- C:\Users\Rasmus Melbye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
    [2012-01-12 22:28:16 | 000,000,000 | ---D | C] -- C:\Users\Rasmus Melbye\AppData\Local\TeamSpeak 3 Client
    [2012-01-12 22:27:13 | 031,885,664 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Users\Rasmus Melbye\Desktop\TeamSpeak3-Client-win64-3.0.2.exe
    [2012-01-10 16:35:03 | 000,000,000 | ---D | C] -- C:\Users\Rasmus Melbye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012-01-10 16:34:22 | 000,000,000 | ---D | C] -- C:\Users\Rasmus Melbye\AppData\Local\Google
    [2012-01-02 22:17:14 | 000,000,000 | ---D | C] -- C:\Users\Rasmus Melbye\Desktop\Nytår 2011-2012
    [2012-01-02 20:15:49 | 000,000,000 | ---D | C] -- C:\Users\Rasmus Melbye\AppData\Local\uxsoft
    [2012-01-02 20:15:39 | 000,156,672 | ---- | C] (uxsoft) -- C:\Users\Rasmus Melbye\Desktop\AppleWirelessKeyboard.exe
    [2011-12-28 21:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2011-12-28 21:22:15 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2011-12-28 21:22:15 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2011-12-23 11:49:15 | 000,000,000 | ---D | C] -- C:\Users\Rasmus Melbye\Desktop\Backup af htc
     
  20. rmelbye

    rmelbye TS Rookie Topic Starter Posts: 42

    OLT.T 2/2

    ========== Files - Modified Within 30 Days ==========

    [2012-01-18 23:11:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rasmus Melbye\Desktop\OTL.exe
    [2012-01-18 22:58:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012-01-18 22:52:00 | 004,387,138 | R--- | M] (Swearware) -- C:\Users\Rasmus Melbye\Desktop\ComboFix.exe
    [2012-01-18 22:39:00 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1667449165-3236139713-1594889806-1001UA.job
    [2012-01-18 22:13:58 | 000,044,607 | ---- | M] () -- C:\Users\Rasmus Melbye\Desktop\bootkit_remover.zip
    [2012-01-18 22:12:11 | 000,000,512 | ---- | M] () -- C:\Users\Rasmus Melbye\Desktop\MBR.dat
    [2012-01-18 21:49:13 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Rasmus Melbye\Desktop\aswMBR.exe
    [2012-01-18 21:25:40 | 001,975,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rasmus Melbye\Desktop\tdsskiller.exe
    [2012-01-18 21:17:53 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Rasmus Melbye\Desktop\dds(1).scr
    [2012-01-18 21:13:25 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Rasmus Melbye\Desktop\dds.scr
    [2012-01-18 20:41:44 | 000,302,592 | ---- | M] () -- C:\Users\Rasmus Melbye\Desktop\qk9yh3d0.exe
    [2012-01-18 20:41:11 | 000,014,544 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012-01-18 20:41:11 | 000,014,544 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012-01-18 20:33:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012-01-18 20:33:42 | 2145,947,647 | -HS- | M] () -- C:\hiberfil.sys
    [2012-01-18 18:52:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rasmus Melbye\Desktop\TFC.exe
    [2012-01-18 16:52:54 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012-01-18 16:52:05 | 014,103,168 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Rasmus Melbye\Desktop\SUPERAntiSpyware.exe
    [2012-01-18 16:39:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1667449165-3236139713-1594889806-1001Core.job
    [2012-01-18 16:37:21 | 001,008,141 | ---- | M] () -- C:\Users\Rasmus Melbye\Desktop\iExplore.exe
    [2012-01-18 16:24:49 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012-01-18 16:24:13 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rasmus Melbye\Desktop\mbam-setup-1.60.0.1800.exe
    [2012-01-18 16:20:00 | 001,956,583 | ---- | M] () -- C:\Users\Rasmus Melbye\Desktop\tdsskiller.zip
    [2012-01-18 13:53:30 | 000,684,297 | ---- | M] () -- C:\Users\Rasmus Melbye\Desktop\unhide.exe
    [2012-01-16 19:16:14 | 190,704,143 | ---- | M] () -- C:\Users\Rasmus Melbye\Desktop\books.zip
    [2012-01-16 11:23:39 | 005,075,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012-01-16 11:09:01 | 001,357,806 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012-01-16 11:09:01 | 000,654,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012-01-16 11:09:01 | 000,509,358 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
    [2012-01-16 11:09:01 | 000,122,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012-01-16 11:09:01 | 000,098,514 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
    [2012-01-16 11:08:52 | 001,357,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012-01-13 16:02:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012-01-12 22:28:20 | 000,001,234 | ---- | M] () -- C:\Users\Rasmus Melbye\Desktop\TeamSpeak 3 Client.lnk
    [2012-01-12 22:27:40 | 031,885,664 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Rasmus Melbye\Desktop\TeamSpeak3-Client-win64-3.0.2.exe
    [2012-01-11 20:49:15 | 000,821,248 | ---- | M] () -- C:\Users\Rasmus Melbye\Desktop\FreeISOBurner.exe
    [2012-01-10 16:35:04 | 000,002,355 | ---- | M] () -- C:\Users\Rasmus Melbye\Desktop\Google Chrome.lnk
    [2012-01-02 20:15:40 | 000,156,672 | ---- | M] (uxsoft) -- C:\Users\Rasmus Melbye\Desktop\AppleWirelessKeyboard.exe
    [2011-12-31 14:18:19 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2011-12-31 14:18:19 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011-12-31 14:17:09 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
    [2011-12-29 20:59:11 | 000,033,738 | ---- | M] () -- C:\Users\Rasmus Melbye\Desktop\Lønseddel_10146_29-12-2011_28380.PDF
    [2011-12-29 12:27:00 | 000,001,020 | ---- | M] () -- C:\Users\Rasmus Melbye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

    ========== Files Created - No Company Name ==========

    [2012-01-18 22:54:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012-01-18 22:54:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012-01-18 22:54:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012-01-18 22:54:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012-01-18 22:54:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012-01-18 22:13:57 | 000,044,607 | ---- | C] () -- C:\Users\Rasmus Melbye\Desktop\bootkit_remover.zip
    [2012-01-18 21:55:43 | 000,000,512 | ---- | C] () -- C:\Users\Rasmus Melbye\Desktop\MBR.dat
    [2012-01-18 20:41:41 | 000,302,592 | ---- | C] () -- C:\Users\Rasmus Melbye\Desktop\qk9yh3d0.exe
    [2012-01-18 16:52:54 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012-01-18 16:37:18 | 001,008,141 | ---- | C] () -- C:\Users\Rasmus Melbye\Desktop\iExplore.exe
    [2012-01-18 16:24:49 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012-01-18 16:19:55 | 001,956,583 | ---- | C] () -- C:\Users\Rasmus Melbye\Desktop\tdsskiller.zip
    [2012-01-18 14:05:15 | 000,002,208 | ---- | C] () -- C:\Users\Public\Desktop\TI InterActive!.LNK
    [2012-01-18 14:05:15 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Inventor Professional 2012.lnk
    [2012-01-18 14:05:15 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012-01-18 14:05:15 | 000,001,695 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Showcase 2012 (64-bit).lnk
    [2012-01-18 14:05:15 | 000,001,556 | ---- | C] () -- C:\Users\Public\Desktop\DiRT 3.lnk
    [2012-01-18 14:05:15 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
    [2012-01-18 14:05:15 | 000,000,637 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
    [2012-01-18 14:05:15 | 000,000,627 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
    [2012-01-18 14:05:15 | 000,000,461 | ---- | C] () -- C:\Users\Public\Desktop\Start The Witcher 2.lnk
    [2012-01-18 14:05:10 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2012-01-18 14:05:10 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012-01-18 14:05:10 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012-01-18 14:05:10 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2012-01-18 14:05:10 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
    [2012-01-18 14:05:10 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012-01-18 14:05:10 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
    [2012-01-18 14:05:10 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [2012-01-18 14:05:10 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012-01-18 14:05:10 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    [2012-01-18 14:05:10 | 000,001,218 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
    [2012-01-18 14:05:10 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [2012-01-18 14:05:10 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012-01-18 14:05:10 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
    [2012-01-18 14:05:10 | 000,000,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
    [2012-01-18 14:05:10 | 000,000,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
    [2012-01-18 14:05:10 | 000,000,844 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
    [2012-01-18 14:05:10 | 000,000,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
    [2012-01-18 14:05:10 | 000,000,781 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
    [2012-01-18 13:51:10 | 000,684,297 | ---- | C] () -- C:\Users\Rasmus Melbye\Desktop\unhide.exe
    [2012-01-16 19:13:47 | 190,704,143 | ---- | C] () -- C:\Users\Rasmus Melbye\Desktop\books.zip
    [2012-01-12 22:28:20 | 000,001,234 | ---- | C] () -- C:\Users\Rasmus Melbye\Desktop\TeamSpeak 3 Client.lnk
    [2012-01-11 20:49:14 | 000,821,248 | ---- | C] () -- C:\Users\Rasmus Melbye\Desktop\FreeISOBurner.exe
    [2012-01-10 16:35:04 | 000,002,355 | ---- | C] () -- C:\Users\Rasmus Melbye\Desktop\Google Chrome.lnk
    [2012-01-10 16:34:23 | 000,000,974 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1667449165-3236139713-1594889806-1001UA.job
    [2012-01-10 16:34:23 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1667449165-3236139713-1594889806-1001Core.job
    [2011-12-29 20:59:10 | 000,033,738 | ---- | C] () -- C:\Users\Rasmus Melbye\Desktop\Lønseddel_10146_29-12-2011_28380.PDF
    [2011-12-17 12:43:40 | 000,406,336 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011-10-02 19:38:36 | 000,111,282 | ---- | C] () -- C:\Windows\SetTrademark.EXE
    [2011-10-02 19:38:35 | 000,111,069 | ---- | C] () -- C:\Windows\RunMSIEXEC.EXE
    [2011-10-02 19:38:33 | 000,111,390 | ---- | C] () -- C:\Windows\parseuninstallpath1.EXE
    [2011-10-02 19:38:32 | 000,111,457 | ---- | C] () -- C:\Windows\ParseUninstallPath.EXE
    [2011-10-02 19:38:32 | 000,000,209 | ---- | C] () -- C:\Windows\Ic32.ini
    [2011-10-02 19:38:31 | 000,112,043 | ---- | C] () -- C:\Windows\FixTalkTIRegistry.EXE
    [2011-10-02 19:38:29 | 000,111,328 | ---- | C] () -- C:\Windows\CheckForOldInstall.EXE
    [2011-10-02 19:38:28 | 000,111,338 | ---- | C] () -- C:\Windows\CheckForNewInstall.EXE
    [2011-09-21 21:56:22 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
    [2011-08-24 19:02:24 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2011-08-24 19:02:24 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2011-08-24 19:02:22 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2011-08-24 19:02:22 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    [2011-07-15 23:03:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2011-06-07 14:01:10 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011-05-31 15:19:34 | 000,007,605 | ---- | C] () -- C:\Users\Rasmus Melbye\AppData\Local\Resmon.ResmonCfg
    [2011-05-26 14:10:46 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011-05-26 14:10:45 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
    [2011-05-26 14:10:45 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2011-05-18 14:30:20 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2011-05-18 14:30:20 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
    [2011-05-17 14:53:32 | 001,357,806 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011-05-02 23:30:50 | 001,144,147 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll
    [2011-05-02 23:27:54 | 003,935,545 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
    [2011-05-02 21:23:46 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
    [2011-05-02 21:19:34 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
    [2011-05-02 21:19:20 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011-04-09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011-03-18 22:32:44 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
    [2011-03-18 22:29:56 | 000,181,248 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
    [2011-03-18 22:28:30 | 001,557,504 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
    [2011-03-18 22:27:08 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
    [2011-03-18 22:26:44 | 000,484,864 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
    [2011-03-18 22:25:38 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
    [2011-03-18 22:25:24 | 000,141,312 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
    [2011-03-03 12:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
    [2011-03-03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
    [2011-03-03 12:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
    [2011-03-03 12:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
    [2011-03-03 12:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
    [2011-03-03 12:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
    [2011-03-03 12:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
    [2011-03-03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
    [2011-03-03 12:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
    [2011-03-03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
    [2011-03-03 12:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
    [2011-03-03 12:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
    [2011-03-03 12:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
    [2011-02-22 20:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011-02-22 20:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2010-08-18 20:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
    [2009-08-11 22:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
    [2009-08-11 22:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\SysWow64\ac3filter_intl.dll
    [2009-07-14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009-07-14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009-07-14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009-07-14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2009-05-20 13:04:42 | 000,045,568 | ---- | C] () -- C:\Windows\SysWow64\spdifer_config.exe
    [2008-11-06 16:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
    [2006-03-04 05:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\OptimFROG.dll

    ========== LOP Check ==========

    [2011-09-16 10:56:06 | 000,000,000 | ---D | M] -- C:\Users\Rasmus Melbye\AppData\Roaming\Autodesk
    [2011-05-18 09:09:42 | 000,000,000 | ---D | M] -- C:\Users\Rasmus Melbye\AppData\Roaming\DAEMON Tools Lite
    [2012-01-18 11:28:10 | 000,000,000 | ---D | M] -- C:\Users\Rasmus Melbye\AppData\Roaming\Dropbox
    [2012-01-18 10:27:12 | 000,000,000 | ---D | M] -- C:\Users\Rasmus Melbye\AppData\Roaming\Gmote
    [2011-09-21 22:01:20 | 000,000,000 | ---D | M] -- C:\Users\Rasmus Melbye\AppData\Roaming\HTC
    [2011-09-21 22:06:22 | 000,000,000 | ---D | M] -- C:\Users\Rasmus Melbye\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2011-05-27 19:36:29 | 000,000,000 | ---D | M] -- C:\Users\Rasmus Melbye\AppData\Roaming\LolClient
    [2011-10-21 14:50:00 | 000,000,000 | ---D | M] -- C:\Users\Rasmus Melbye\AppData\Roaming\Origin
    [2011-09-20 21:20:44 | 000,000,000 | ---D | M] -- C:\Users\Rasmus Melbye\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2011-09-21 21:53:46 | 000,000,000 | ---D | M] -- C:\Users\Rasmus Melbye\AppData\Roaming\Teleca
    [2012-01-18 22:37:52 | 000,000,000 | ---D | M] -- C:\Users\Rasmus Melbye\AppData\Roaming\TS3Client
    [2012-01-18 18:52:27 | 000,000,000 | ---D | M] -- C:\Users\Rasmus Melbye\AppData\Roaming\uTorrent
    [2011-11-09 21:44:19 | 000,032,732 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011-05-17 22:55:14 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2011-05-17 20:48:58 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012-01-18 23:04:18 | 000,016,111 | ---- | M] () -- C:\ComboFix.txt
    [2012-01-18 20:33:42 | 2145,947,647 | -HS- | M] () -- C:\hiberfil.sys
    [2012-01-18 20:33:49 | 4292,923,391 | -HS- | M] () -- C:\pagefile.sys
    [2012-01-18 18:55:48 | 000,000,357 | ---- | M] () -- C:\rkill.log
    [2011-11-10 14:03:09 | 000,002,364 | ---- | M] () -- C:\shared.log
    [2012-01-18 16:22:01 | 000,080,992 | ---- | M] () -- C:\TDSSKiller.2.7.5.0_18.01.2012_16.20.47_log.txt
    [2012-01-18 16:40:29 | 000,080,992 | ---- | M] () -- C:\TDSSKiller.2.7.5.0_18.01.2012_16.39.58_log.txt
    [2012-01-18 21:49:50 | 000,081,580 | ---- | M] () -- C:\TDSSKiller.2.7.5.0_18.01.2012_21.25.43_log.txt
    [2010-05-22 06:58:47 | 028,135,936 | ---- | M] () -- C:\w7lxe.exe
    [2011-05-17 22:55:20 | 000,206,312 | RHS- | M] () -- C:\XELDZ

    < %systemroot%\Fonts\*.com >
    [2009-07-14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009-07-14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009-07-14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009-07-14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009-06-10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009-07-14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011-05-17 16:37:37 | 000,000,221 | -HS- | M] () -- C:\Users\Rasmus Melbye\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012-01-02 20:15:40 | 000,156,672 | ---- | M] (uxsoft) -- C:\Users\Rasmus Melbye\Desktop\AppleWirelessKeyboard.exe
    [2012-01-18 21:49:13 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Rasmus Melbye\Desktop\aswMBR.exe
    [2012-01-10 16:34:17 | 000,606,544 | ---- | M] (Google Inc.) -- C:\Users\Rasmus Melbye\Desktop\ChromeSetup.exe
    [2012-01-18 22:52:00 | 004,387,138 | R--- | M] (Swearware) -- C:\Users\Rasmus Melbye\Desktop\ComboFix.exe
    [2012-01-11 20:49:15 | 000,821,248 | ---- | M] () -- C:\Users\Rasmus Melbye\Desktop\FreeISOBurner.exe
    [2012-01-18 16:37:21 | 001,008,141 | ---- | M] () -- C:\Users\Rasmus Melbye\Desktop\iExplore.exe
    [2012-01-18 16:24:13 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rasmus Melbye\Desktop\mbam-setup-1.60.0.1800.exe
    [2012-01-18 23:11:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rasmus Melbye\Desktop\OTL.exe
    [2012-01-18 20:41:44 | 000,302,592 | ---- | M] () -- C:\Users\Rasmus Melbye\Desktop\qk9yh3d0.exe
    [2012-01-18 16:52:05 | 014,103,168 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Rasmus Melbye\Desktop\SUPERAntiSpyware.exe
    [2012-01-18 21:25:40 | 001,975,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rasmus Melbye\Desktop\tdsskiller.exe
    [2012-01-12 22:27:40 | 031,885,664 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\Rasmus Melbye\Desktop\TeamSpeak3-Client-win64-3.0.2.exe
    [2012-01-18 18:52:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rasmus Melbye\Desktop\TFC.exe
    [2012-01-18 13:53:30 | 000,684,297 | ---- | M] () -- C:\Users\Rasmus Melbye\Desktop\unhide.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009-06-10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012-01-16 11:24:29 | 000,000,402 | -HS- | M] () -- C:\Users\Rasmus Melbye\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >
    [2011-05-18 12:27:04 | 000,038,912 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\Luc.exe

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  21. rmelbye

    rmelbye TS Rookie Topic Starter Posts: 42

    Extras:

    OTL Extras logfile created on: 18-01-2012 23:13:01 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Rasmus Melbye\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

    8,00 Gb Total Physical Memory | 5,39 Gb Available Physical Memory | 67,43% Memory free
    15,99 Gb Paging File | 13,56 Gb Available in Paging File | 84,77% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 97,66 Gb Total Space | 33,69 Gb Free Space | 34,50% Space Free | Partition Type: NTFS
    Drive D: | 1765,36 Gb Total Space | 426,62 Gb Free Space | 24,17% Space Free | Partition Type: NTFS
    Drive F: | 1397,26 Gb Total Space | 1397,13 Gb Free Space | 99,99% Space Free | Partition Type: NTFS
    Drive H: | 298,09 Gb Total Space | 78,09 Gb Free Space | 26,20% Space Free | Partition Type: NTFS

    Computer Name: PIONEER | User Name: Rasmus Melbye | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1667449165-3236139713-1594889806-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- D:\Programmer\CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- D:\Programmer\CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{266597A9-1664-0000-0100-DCBF2B69166B}" = Autodesk Vault 2012 (Client) English Language Pack
    "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4E1A54A9-FFB3-4BE6-B59B-3CC94C3B31D2}" = Autodesk Inventor Fusion for Inventor 2012 Add-in Language Pack
    "{4E3B47F2-21EB-4F20-87C8-5A0E4D5F3858}" = Autodesk Inventor Fusion for Inventor 2012 Add-in
    "{5783F2D7-A028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2012
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{7F4DD591-1664-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2012
    "{7F4DD591-1664-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2012 English Language Pack
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8BF20445-0010-1033-853B-F016F3127FCD}" = Autodesk Showcase 2012 64-bit - English
    "{8BF20445-58A5-4870-853B-F016F3127FCD}" = Autodesk Showcase 2012 64-bit - English
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0406-1000-0000000FF1CE}" = Microsoft Office Access MUI (Danish) 2010
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0406-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Danish) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0017-0406-1000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Danish) 2010
    "{90140000-0018-0406-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Danish) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0406-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Danish) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0406-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Danish) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0406-1000-0000000FF1CE}" = Microsoft Office Word MUI (Danish) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0406-1000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2010
    "{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-041D-1000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0406-1000-0000000FF1CE}" = Microsoft Office Proofing (Danish) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0406-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Danish) 2010
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0044-0406-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Danish) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0054-0409-1000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
    "{90140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
    "{90140000-006E-0406-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Danish) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0406-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Danish) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0406-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Danish) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0100-0406-1000-0000000FF1CE}" = Microsoft Office O MUI (Danish) 2010
    "{90140000-0101-0406-1000-0000000FF1CE}" = Microsoft Office X MUI (Danish) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{AC3E3746-8F18-4F8A-9521-1493022C6E0A}" = Autodesk DirectConnect 2012 64-bit
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision-driver 290.53
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Kontrolpanel 290.53
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafikdriver 290.53
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controllerdriver 290.36
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-systemsoftware 9.11.1107
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Opdateringer 1.6.24
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-lyddriver 1.3.9.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B46DECD1-1664-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2012 (Desktop Content)
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CF526A26-1664-0000-0000-02E95019B628}" = Autodesk Vault 2012 (Client)
    "{D25FF5C1-1664-469A-9794-69309387C193}" = Quick Uninstall Tool for Autodesk Inventor 2012
    "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
    "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DA-DK Language Pack
    "{E027C59C-4C47-4BE8-8078-BCD3D2680EC3}" = Eco Materials Adviser (x64)
    "{F27D5AAD-758E-460F-964D-6F2E65964C08}" = Microsoft Antimalware Service DA-DK Language Pack
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
    "{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Autodesk DirectConnect 2012 64-bit" = Autodesk DirectConnect 2012 64-bit
    "Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
    "Autodesk Inventor Fusion for Inventor 2012 Add-in" = Autodesk Inventor Fusion for Inventor 2012 Add-in
    "Autodesk Inventor Professional 2012" = Autodesk Inventor Professional 2012 English
    "Autodesk Showcase 2012 64-bit - English" = Autodesk Showcase 2012 64-bit - English
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "DWG TrueView 2012" = DWG TrueView 2012
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "Office14.OMUI.da-dk" = Microsoft Office Language Pack 2010 - Danish/dansk
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Office14.VISIO" = Microsoft Visio Premium 2010
    "WinRAR archiver" = WinRAR 4.00 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{24FF088D-CDCF-480C-8A4B-98F14A54CAA8}" = Autodesk Material Library Low Resolution Image Library 2012
    "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
    "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
    "{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{51E43DA1-CAEA-4264-9BB8-3F47ED57E2A4}" = TI InterActive!™
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{AC76BA86-7AD7-1030-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Dansk
    "{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
    "{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
    "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.210
    "{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "Adobe AIR" = Adobe AIR
    "Afterburner" = MSI Afterburner 2.1.0
    "Autodesk Design Review 2012" = Autodesk Design Review 2012
    "Autodesk Vault 2012 (Client)" = Autodesk Vault 2012 (Client)
    "Battlelog Web Plugins" = Battlelog Web Plugins
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
    "ESN Sonar-0.70.0" = ESN Sonar
    "ESN Sonar-0.70.4" = ESN Sonar
    "GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
    "hon" = Heroes of Newerth
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "KeyShot2_64" = KeyShot2 2.1 64 bit
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Media Player - Codec Pack" = Media Player Codec Pack 4.0.0
    "Mozilla Firefox 9.0.1 (x86 da)" = Mozilla Firefox 9.0.1 (x86 da)
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OpenAL" = OpenAL
    "Origin" = Origin
    "PunkBusterSvc" = PunkBuster Services
    "Steam App 1250" = Killing Floor
    "Steam App 220" = Half-Life 2
    "Steam App 340" = Half-Life 2: Lost Coast
    "Steam App 35420" = Killing Floor Mod: Defence Alliance 2
    "Steam App 380" = Half-Life 2: Episode One
    "Steam App 420" = Half-Life 2: Episode Two
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.9

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1667449165-3236139713-1594889806-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "TeamSpeak 3 Client" = TeamSpeak 3 Client

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 17-01-2012 13:53:25 | Computer Name = pioneer | Source = SideBySide | ID = 16842827
    Description = Aktiveringskontekstgenereringen mislykkedes for "C:\Program Files
    (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Der er en fejl
    i manifestet eller politikfilen "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe" i linje 2. Flere requestedPrivileges-elementer
    er ikke tilladt i manifest.

    Error - 17-01-2012 13:55:46 | Computer Name = pioneer | Source = SideBySide | ID = 16842785
    Description = Aktiveringskontekstgenereringen mislykkedes for "D:\Programmer\Showcase
    installation\Showcase 2012\python\Lib\distutils\command\wininst-8_d.exe". Afhængig
    samling Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    blev ikke fundet. Anvend sxstrace.exe til detaljeret diagnose.

    Error - 17-01-2012 13:56:29 | Computer Name = pioneer | Source = SideBySide | ID = 16842824
    Description = Aktiveringskontekstgenereringen mislykkedes for "c:\program files\microsoft
    security client\MSESysprep.dll". Der er en fejl i manifestet eller politikfilen
    "c:\program files\microsoft security client\MSESysprep.dll" i linje 10. Elementet
    imaging vises som et underordnet element for element urn:schemas-microsoft-com:asm.v1^assembly,
    som ikke understøttes i denne version af Windows.

    Error - 17-01-2012 14:54:18 | Computer Name = pioneer | Source = Application Error | ID = 1000
    Description = Navn på program med fejl: LolClient.exe, version: 2.0.2.12610, tidsstempel:
    0x4c00573a Navn på modul med fejl: Adobe AIR.dll, version: 2.5.0.16600, tidsstempel:
    0x4ca30e16 Undtagelseskode: 0xc0000005 Forskydning med fejl 0x000121da Proces-id 0xa30
    Programmets
    starttidspunkt 0x01ccd548b1c98887 Programsti: D:\Spil\LOL installeret\League of
    Legends\RADS\projects\lol_air_client\releases\0.0.0.118\deploy\LolClient.exe Modulsti:
    D:\Spil\LOL installeret\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.118\deploy\Adobe
    AIR\Versions\1.0\Adobe AIR.dll Rapport-id: a877659b-413c-11e1-91ff-20cf303d08e1

    Error - 18-01-2012 06:23:55 | Computer Name = pioneer | Source = Application Error | ID = 1000
    Description = Navn på program med fejl: oiu0.7056360859836214.exe, version: 0.0.0.0,
    tidsstempel: 0x4f169d10 Navn på modul med fejl: unknown, version: 0.0.0.0, tidsstempel:
    0x00000000 Undtagelseskode: 0xc0000005 Forskydning med fejl 0x00545b79 Proces-id 0xd4c
    Programmets
    starttidspunkt 0x01ccd5caf8085118 Programsti: C:\Users\RASMUS~1\AppData\Local\Temp\oiu0.7056360859836214.exe
    Modulsti:
    unknown Rapport-id: 85dd80d9-41be-11e1-b6ea-20cf303d08e1

    Error - 18-01-2012 08:40:40 | Computer Name = pioneer | Source = System Restore | ID = 8210
    Description =

    Error - 18-01-2012 10:22:07 | Computer Name = pioneer | Source = SideBySide | ID = 16842827
    Description = Aktiveringskontekstgenereringen mislykkedes for "C:\Program Files
    (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Der er en fejl
    i manifestet eller politikfilen "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe" i linje 2. Flere requestedPrivileges-elementer
    er ikke tilladt i manifest.

    Error - 18-01-2012 10:25:11 | Computer Name = pioneer | Source = SideBySide | ID = 16842785
    Description = Aktiveringskontekstgenereringen mislykkedes for "D:\Programmer\Showcase
    installation\Showcase 2012\python\Lib\distutils\command\wininst-8_d.exe". Afhængig
    samling Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    blev ikke fundet. Anvend sxstrace.exe til detaljeret diagnose.

    Error - 18-01-2012 10:26:03 | Computer Name = pioneer | Source = SideBySide | ID = 16842824
    Description = Aktiveringskontekstgenereringen mislykkedes for "c:\program files\microsoft
    security client\MSESysprep.dll". Der er en fejl i manifestet eller politikfilen
    "c:\program files\microsoft security client\MSESysprep.dll" i linje 10. Elementet
    imaging vises som et underordnet element for element urn:schemas-microsoft-com:asm.v1^assembly,
    som ikke understøttes i denne version af Windows.

    Error - 18-01-2012 11:54:00 | Computer Name = pioneer | Source = Application Error | ID = 1000
    Description = Navn på program med fejl: SUPERAntiSpyware.exe, version: 5.0.0.1142,
    tidsstempel: 0x4ea5d030 Navn på modul med fejl: SUPERAntiSpyware.exe, version: 5.0.0.1142,
    tidsstempel: 0x4ea5d030 Undtagelseskode: 0xc0000005 Forskydning med fejl 0x000769cc
    Proces-id
    0x460 Programmets starttidspunkt 0x01ccd5f934fe3b59 Programsti: C:\Users\Rasmus Melbye\Desktop\SUPERAntiSpyware.exe
    Modulsti:
    C:\Users\Rasmus Melbye\Desktop\SUPERAntiSpyware.exe Rapport-id: a281ce1b-41ec-11e1-945a-00116723ca5d

    [ System Events ]
    Error - 22-08-2011 10:49:28 | Computer Name = pioneer | Source = Microsoft Antimalware | ID = 3002
    Description = %%860-funktionen til fuldtidsbeskyttelse har fundet en fejl og er
    stoppet. Funktion: %%835 Fejlkode: 0x80004005 Fejlbeskrivelse: Unspecified error Årsag:
    %%842

    Error - 22-08-2011 12:46:16 | Computer Name = pioneer | Source = bowser | ID = 8003
    Description =

    Error - 24-08-2011 11:54:44 | Computer Name = pioneer | Source = Microsoft Antimalware | ID = 3002
    Description = %%860-funktionen til fuldtidsbeskyttelse har fundet en fejl og er
    stoppet. Funktion: %%835 Fejlkode: 0x80004005 Fejlbeskrivelse: Unspecified error Årsag:
    %%842

    Error - 24-08-2011 14:04:27 | Computer Name = pioneer | Source = Microsoft Antimalware | ID = 3002
    Description = %%860-funktionen til fuldtidsbeskyttelse har fundet en fejl og er
    stoppet. Funktion: %%835 Fejlkode: 0x80004005 Fejlbeskrivelse: Unspecified error Årsag:
    %%842


    < End of report >
     
  22. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Good news :)

    OTL log is perfectly clean.

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. rmelbye

    rmelbye TS Rookie Topic Starter Posts: 42

    Security Check

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 30
    Adobe Reader X (10.1.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````
     
  24. rmelbye

    rmelbye TS Rookie Topic Starter Posts: 42

    Farbar Service Scanner Version: 18-01-2012 01
    Ran by Rasmus Melbye (administrator) on 18-01-2012 at 23:43:05
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========
    BITS Service is not running. Checking service configuration:
    The start type of BITS service is OK.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  25. rmelbye

    rmelbye TS Rookie Topic Starter Posts: 42

    it looks like the ESET scan will take a while, i will go to bed and reply back tomorrow, thanks so far!
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...