Solved Sirefef/ZeroAccess infection on Windows 7

Ludden

Posts: 19   +0
Hi!
I seriosly need help! I have a Sirefef/ZeroAccess infection on my Win7/64 laptop and I can't get rid of it. My antivirus software (F-secure) detects a number of Sirefef and ZeroAccess variants, but fails to remove it permanently. I've tried MBAM and a number of other tools, but no success so far.
Per your instructions I'm adding the requested log and also logs from Farber (FRST and search).

GMER didn't write anything in the log.

MBAM: (sorry for the Swedish, but it didn't find anything)
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Databasversion: v2012.09.22.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anna och Fredrik :: HELGE2 [administratör]
2012-09-22 14:20:45
mbam-log-2012-09-22 (14-20-45).txt
Skanningstyp: Snabbskanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 218515
Förfluten tid: 2 minut(er), 18 sekund(er)
Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)
Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)
Upptäckta registernycklar: 0
(Inga skadliga poster hittades)
Upptäckta registervärden: 0
(Inga skadliga poster hittades)
Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)
Upptäckta mappar: 0
(Inga skadliga poster hittades)
Upptäckta filer: 0
(Inga skadliga poster hittades)
(klar)

=====================================================

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Anna och Fredrik at 16:23:20 on 2012-09-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8103.5892 [GMT 2:00]
.
AV: Glocalnet Säkerhetspaket 9.12 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: Glocalnet Säkerhetspaket 9.12 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Glocalnet Säkerhetspaket 9.12 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe
C:\Program Files (x86)\Glocalnet Sakerhetspaket\Common\FSMA32.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\Glocalnet Sakerhetspaket\Common\FSHDLL32.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ExpressGateUtil\VAWinService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Glocalnet Sakerhetspaket\Common\FSHDLL64.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Glocalnet Sakerhetspaket\ORSP Client\fsorsp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\fssm32.exe
C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\fsav32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Program Files (x86)\Glocalnet Sakerhetspaket\Common\FSM32.EXE
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.se/
uDefault_Page_URL = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [F-Secure TNB] "C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [F-Secure Manager] "C:\Program Files (x86)\Glocalnet Sakerhetspaket\Common\FSM32.EXE" /splash
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\FSLSP.DLL
LSP: mswsock.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.se/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.254 192.168.1.1
TCP: Interfaces\{3A7BF545-357A-4260-AB5C-E78692B2AE49} : NameServer = 195.67.199.18 195.67.199.19
TCP: Interfaces\{6507F1B2-E31C-4ED3-8985-77C41F44560D} : NameServer = 195.67.199.18 195.67.199.19
TCP: Interfaces\{99F4509C-05C0-4A3B-894D-033C4B223D32} : DhcpNameServer = 195.54.122.221 195.54.122.211
TCP: Interfaces\{9F6B3EDE-644D-4028-9EA3-527B36C639EE} : DhcpNameServer = 192.168.0.254 192.168.1.1
TCP: Interfaces\{9F6B3EDE-644D-4028-9EA3-527B36C639EE}\642756462796B63702940786F6E656 : DhcpNameServer = 195.54.122.221 195.54.122.211
TCP: Interfaces\{9F6B3EDE-644D-4028-9EA3-527B36C639EE}\64F6C6B656473702845737 : DhcpNameServer = 80.252.223.130 80.252.223.131
TCP: Interfaces\{9F6B3EDE-644D-4028-9EA3-527B36C639EE}\94E64756E6F6F58343 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{326E768D-4182-46FD-9C16-1449A49795F4}
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{8dcb7100-df86-4384-8842-8fa844297b3f}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun-x64: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\Glocalnet Sakerhetspaket\Common\FSM32.EXE" /splash
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun-x64: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2011-8-12 42672]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\Glocalnet Sakerhetspaket\HIPS\drivers\fshs.sys [2012-3-8 58000]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys --> C:\Windows\system32\drivers\fsdfw.sys [?]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\minifilter\fsvista.sys [2012-3-8 14904]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2010-8-19 229376]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe [2012-3-8 219824]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-22 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-22 676936]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-26 2009704]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-26 2656280]
R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-21 77312]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\minifilter\fsgk.sys [2012-3-8 199848]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\Glocalnet Sakerhetspaket\ORSP Client\fsorsp.exe [2012-3-8 61088]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys --> C:\Windows\system32\drivers\fses.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-9 250288]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]
S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 Tdsshbecr;Handelsbanken card reader;C:\Windows\system32\DRIVERS\shbecr.sys --> C:\Windows\system32\DRIVERS\shbecr.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\win2k\fsfilter.sys [2012-3-8 39856]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\win2k\fsrec.sys [2012-3-8 25264]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-09-22 21:30:41 -------- d-----w- C:\FRST
.
==================== Find3M ====================
.
2012-09-22 12:11:34 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-09-22 12:05:49 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-22 12:05:49 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-07 15:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-07 23:30:14 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
.
============= FINISH: 16:25:23,21 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2011-07-11 20:32:53
System Uptime: 2012-09-22 14:17:42 (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | N53SN
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 186 GiB total, 117,246 GiB free.
D: is FIXED (NTFS) - 254 GiB total, 239,976 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: F-Secure Email Scanning Driver
Device ID: ROOT\LEGACY_FSES\0000
Manufacturer:
Name: F-Secure Email Scanning Driver
PNP Device ID: ROOT\LEGACY_FSES\0000
Service: FSES
.
==== System Restore Points ===================
.
RP119: 2012-06-26 15:15:22 - Windows Update
RP120: 2012-07-05 12:26:34 - Windows Update
RP121: 2012-07-08 10:10:49 - Windows Update
RP122: 2012-07-12 21:27:09 - Windows Update
RP123: 2012-07-13 12:24:32 - Windows Update
RP124: 2012-08-08 21:51:46 - Installed SpyHunter
RP125: 2012-09-22 14:46:58 - Schemalagd kontrollpunkt
.
==== Installed Programs ======================
.
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4) - Svenska
Adobe Shockwave Player 11.6
Alcor Micro USB Card Reader
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS WebStorage
ASUS Video Magic
ASUS Virtual Camera
ASUS_Screensaver
AsusVibe2.0
Atheros Client Installation Program
ATK Package
µTorrent
Bamse
BankID säkerhetsprogram 4.18.1
Bing Bar
Bookworm Deluxe
Cooking Dash
CyberLink LabelPrint
CyberLink MediaEspresso
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 10
D3DX10
DivX Setup
ExpressGate Cloud
FCClientPlus_Setup
Game Park Console
Glocalnet Säkerhetspaket
Google Chrome
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker
Handelsbankens kortläsare
HI-TECH C Compiler for the PIC10/12/16 MCUs V9.81PL0
Hotel Dash Suite Success
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Java Auto Updater
Java(TM) 6 Update 29
Jewel Quest 3
Junk Mail filter update
Luxor 3
Mahjongg dimensions
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Office 2010
Microsoft Office Klicka-och-kör 2010
Microsoft Office Starter 2010 - svenska
Microsoft PowerPoint Viewer
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MPLAB Tools v8.73a
MSVCRT
MSVCRT_amd64
Nuance PDF Reader
PICkit 2 v2.61
PieceOfCake 2011
Plants vs Zombies
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Room328Designer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - SVE (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - SVE (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype™ 5.9
SonicMaster
Spotify
Switch King Client
swMSM
syncables desktop SE
Telia mobile broadband
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalleri
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Windows SDK IntellisenseNFX
WinFlash
Wireless Console 3
VLC media player 2.0.1
World of Goo
.
==== End Of File ===========================
 
FRST and search (services.exe)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2012
Ran by SYSTEM at 22-09-2012 16:46:19
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2207848 2011-03-20] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-06-09] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-11-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe [x]
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [371 2012-09-22] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-26] (Apple Inc.)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [40448 2011-02-24] (Windows (R) Win 7 DDK provider)
HKLM-x32\...\Run: [F-Secure TNB] "C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW [1655464 2012-03-08] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] "C:\Program Files (x86)\Glocalnet Sakerhetspaket\Common\FSM32.EXE" /splash [199344 2012-03-08] (F-Secure Corporation)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-03-31] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe [3058304 2011-06-26] (ASUS)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Tcpip\..\Interfaces\{3A7BF545-357A-4260-AB5C-E78692B2AE49}: [NameServer]195.67.199.18 195.67.199.19
Tcpip\..\Interfaces\{6507F1B2-E31C-4ED3-8985-77C41F44560D}: [NameServer]195.67.199.18 195.67.199.19
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk
ShortcutTarget: BankID säkerhetsprogram.lnk -> C:\Program Files (x86)\Personal\bin\Personal.exe (Technology Nexus AB)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
==================== Services (Whitelisted) ===================
2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] ()
2 F-Secure Gatekeeper Handler Starter; "C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe" [219824 2012-03-08] (F-Secure Corporation)
3 FSDFWD; "C:\Program Files (x86)\Glocalnet Sakerhetspaket\FWES\Program\fsdfwd.exe" [844464 2012-03-08] (F-Secure Corporation)
2 FSMA; "C:\Program Files (x86)\Glocalnet Sakerhetspaket\Common\FSMA32.EXE" [187056 2012-03-08] (F-Secure Corporation)
3 FSORSPClient; "C:\Program Files (x86)\Glocalnet Sakerhetspaket\ORSP Client\fsorsp.exe" [61088 2012-03-08] (F-Secure Corporation)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
3 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-04-17] ()
2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] ()
==================== Drivers (Whitelisted) =====================
1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
4 F-Secure Filter; \??\C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\Win2K\FSfilter.sys [39856 2012-03-08] ()
3 F-Secure Gatekeeper; \??\C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\minifilter\fsgk.sys [199848 2012-05-29] ()
1 F-Secure HIPS; \??\C:\Program Files (x86)\Glocalnet Sakerhetspaket\HIPS\drivers\fshs.sys [58000 2012-03-08] (F-Secure Corporation)
4 F-Secure Recognizer; \??\C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\Win2K\FSrec.sys [25264 2012-03-08] ()
3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [81920 2011-02-24] (Fresco Logic)
0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [55960 2012-05-09] ()
0 fsbts; C:\Windows\SysWow64\Drivers\fsbts.sys [42672 2012-03-08] ()
1 FSES; C:\Windows\System32\Drivers\FSES.sys [50384 2012-03-08] (F-Secure Corporation)
1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [92240 2012-03-08] (F-Secure Corporation)
1 fsvista; \??\C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\minifilter\fsvista.sys [14904 2012-03-08] ()
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-22] (Todos Data System AB)
==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========
2012-09-22 13:30 - 2012-09-22 13:30 - 00000000 ____D C:\FRST
2012-09-22 05:47 - 2012-09-22 05:47 - 00000000 ____A C:\Users\Anna och Fredrik\Desktop\gmer.log
2012-09-22 05:40 - 2012-09-22 03:58 - 00607260 ____R (Swearware) C:\Users\Anna och Fredrik\Desktop\dds.com
2012-09-22 05:40 - 2012-09-22 03:57 - 00302592 ____A C:\Users\Anna och Fredrik\Desktop\6dwb9urj.exe
==================== 3 Months Modified Files ==================
2012-09-22 06:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-22 06:44 - 2009-07-13 20:51 - 00073593 ____A C:\Windows\setupact.log
2012-09-22 06:42 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-22 06:42 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-22 06:34 - 2011-06-26 11:59 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-09-22 06:34 - 2011-03-31 14:45 - 00001004 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-22 06:10 - 2011-03-31 14:45 - 00001008 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-22 06:05 - 2012-07-08 23:22 - 00000868 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-22 05:47 - 2012-09-22 05:47 - 00000000 ____A C:\Users\Anna och Fredrik\Desktop\gmer.log
2012-09-22 05:41 - 2011-02-18 19:49 - 00690086 ____A C:\Windows\System32\perfh01D.dat
2012-09-22 05:41 - 2011-02-18 19:49 - 00153632 ____A C:\Windows\System32\perfc01D.dat
2012-09-22 05:41 - 2009-07-13 21:13 - 01656406 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-22 04:17 - 2011-03-31 14:29 - 00581198 ____A C:\Windows\PFRO.log
2012-09-22 04:11 - 2011-06-26 11:49 - 00001563 ____A C:\Windows\System32\ServiceFilter.ini
2012-09-22 04:05 - 2012-07-08 23:22 - 00696240 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-09-22 04:05 - 2011-08-05 05:01 - 00073136 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-09-22 04:04 - 2012-08-07 14:13 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-22 03:58 - 2012-09-22 05:40 - 00607260 ____R (Swearware) C:\Users\Anna och Fredrik\Desktop\dds.com
2012-09-22 03:57 - 2012-09-22 05:40 - 00302592 ____A C:\Users\Anna och Fredrik\Desktop\6dwb9urj.exe
2012-09-07 07:04 - 2012-08-07 14:13 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-08 11:57 - 2012-08-08 11:52 - 00002278 ____A C:\Users\Anna och Fredrik\Desktop\SpyHunter.lnk
2012-08-08 11:53 - 2012-08-08 11:53 - 00725408 ____A (Enigma Software Group USA, LLC.) C:\Users\Anna och Fredrik\Downloads\SpyHunter-Installer.exe
2012-08-07 15:31 - 2009-07-13 21:08 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-07 15:30 - 2012-08-07 15:30 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-08-07 15:23 - 2012-08-07 15:23 - 01805736 ____A (Symantec Corporation) C:\Users\Anna och Fredrik\Downloads\FixZeroAccess.exe
2012-08-07 15:04 - 2012-08-07 15:00 - 00078565 ____A C:\Users\Anna och Fredrik\Downloads\junctions.txt
2012-08-07 14:59 - 2012-08-07 14:59 - 00079623 ____A C:\Users\Anna och Fredrik\Downloads\Junction.zip
2012-08-07 14:43 - 2011-06-26 11:49 - 00002430 ____A C:\Windows\System32\AutoRunFilter.ini
2012-08-07 14:09 - 2012-08-07 14:09 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Anna och Fredrik\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-07 12:53 - 2012-08-07 12:53 - 04171056 ____A (F-Secure Corporation) C:\Users\Anna och Fredrik\Downloads\fseasyclean.exe
2012-07-15 10:48 - 2011-06-26 11:29 - 01268472 ____A C:\Windows\WindowsUpdate.log
2012-07-15 00:59 - 2012-07-15 00:59 - 00287984 ____A C:\Windows\Minidump\071512-26005-01.dmp
2012-07-15 00:59 - 2011-07-11 22:51 - 631623905 ____A C:\Windows\MEMORY.DMP
2012-07-13 02:47 - 2009-07-13 20:45 - 00277992 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-13 02:26 - 2011-07-18 11:38 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-08 23:21 - 2012-07-08 23:21 - 00001752 ____A C:\Users\Public\Desktop\Val av webbläsare.lnk
ZeroAccess:
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L\00000004.@
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000004.$
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000008.$
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.$
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000000.$
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000032.@
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000064.@
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
ZeroAccess:
C:\Users\Anna och Fredrik\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}
C:\Users\Anna och Fredrik\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\@
C:\Users\Anna och Fredrik\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L
C:\Users\Anna och Fredrik\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2012-06-26 05:15:42
Restore point made on: 2012-07-05 02:26:59
Restore point made on: 2012-07-08 00:11:52
Restore point made on: 2012-07-12 11:27:29
Restore point made on: 2012-07-13 02:24:51
Restore point made on: 2012-08-08 11:52:00
Restore point made on: 2012-09-22 04:47:07
==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 8103.08 MB
Available physical RAM: 7335.87 MB
Total Pagefile: 8101.23 MB
Available Pagefile: 7325.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
==================== Partitions =============================
1 Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:117.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:239.98 GB) NTFS
4 Drive f: () (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 1912 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 186 GB 25 GB
Partition 0 Extended 254 GB 211 GB
Partition 3 Logical 254 GB 211 GB
==================================================================================
Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No
There is no volume associated with this partition.
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 186 GB Healthy
=========================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 254 GB Healthy
=========================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1912 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1912 MB Healthy
=========================================================
Last Boot: 2012-09-22 04:40
==================== End Of Log =============================


Farbar Recovery Scan Tool (x64) Version: 22-09-2012
Ran by SYSTEM at 2012-09-22 17:36:45
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____N (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

===============================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 

Attachments

  • fixlist.txt
    464 bytes · Views: 1
Here is the result of running FRST fix. TDSSKiller is next.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-09-2012
Ran by SYSTEM at 2012-09-22 21:29:51 Run:1
Running from F:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Users\Anna och Fredrik\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====
 
21:36:55.0329 2612 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:36:55.0563 2612 ============================================================
21:36:55.0563 2612 Current date / time: 2012/09/22 21:36:55.0563
21:36:55.0563 2612 SystemInfo:
21:36:55.0563 2612
21:36:55.0563 2612 OS Version: 6.1.7601 ServicePack: 1.0
21:36:55.0563 2612 Product type: Workstation
21:36:55.0563 2612 ComputerName: HELGE2
21:36:55.0563 2612 UserName: Anna och Fredrik
21:36:55.0563 2612 Windows directory: C:\Windows
21:36:55.0563 2612 System windows directory: C:\Windows
21:36:55.0563 2612 Running under WOW64
21:36:55.0563 2612 Processor architecture: Intel x64
21:36:55.0563 2612 Number of processors: 8
21:36:55.0563 2612 Page size: 0x1000
21:36:55.0563 2612 Boot type: Normal boot
21:36:55.0563 2612 ============================================================
21:36:58.0043 2612 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:36:58.0059 2612 ============================================================
21:36:58.0059 2612 \Device\Harddisk0\DR0:
21:36:58.0059 2612 MBR partitions:
21:36:58.0059 2612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749C000
21:36:58.0074 2612 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
21:36:58.0074 2612 ============================================================
21:36:58.0152 2612 C: <-> \Device\Harddisk0\DR0\Partition1
21:36:58.0184 2612 D: <-> \Device\Harddisk0\DR0\Partition2
21:36:58.0184 2612 ============================================================
21:36:58.0184 2612 Initialize success
21:36:58.0184 2612 ============================================================
21:37:05.0765 6836 ============================================================
21:37:05.0765 6836 Scan started
21:37:05.0765 6836 Mode: Manual;
21:37:05.0765 6836 ============================================================
21:37:07.0887 6836 ================ Scan system memory ========================
21:37:07.0887 6836 System memory - ok
21:37:07.0887 6836 ================ Scan services =============================
21:37:08.0214 6836 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:37:08.0230 6836 1394ohci - ok
21:37:08.0277 6836 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:37:08.0277 6836 ACPI - ok
21:37:08.0308 6836 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:37:08.0308 6836 AcpiPmi - ok
21:37:08.0386 6836 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:37:08.0402 6836 AdobeARMservice - ok
21:37:08.0526 6836 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:37:08.0526 6836 AdobeFlashPlayerUpdateSvc - ok
21:37:08.0558 6836 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:37:08.0573 6836 adp94xx - ok
21:37:08.0589 6836 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:37:08.0589 6836 adpahci - ok
21:37:08.0620 6836 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:37:08.0620 6836 adpu320 - ok
21:37:08.0636 6836 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:37:08.0636 6836 AeLookupSvc - ok
21:37:08.0667 6836 [ 6E79A119B0CE418FE44E0C824BF3F039 ] AFBAgent C:\Windows\system32\FBAgent.exe
21:37:08.0667 6836 AFBAgent - ok
21:37:08.0729 6836 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:37:08.0729 6836 AFD - ok
21:37:08.0745 6836 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:37:08.0745 6836 agp440 - ok
21:37:08.0760 6836 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:37:08.0760 6836 ALG - ok
21:37:08.0776 6836 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:37:08.0792 6836 aliide - ok
21:37:08.0807 6836 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:37:08.0807 6836 amdide - ok
21:37:08.0807 6836 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:37:08.0823 6836 AmdK8 - ok
21:37:08.0823 6836 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:37:08.0823 6836 AmdPPM - ok
21:37:08.0854 6836 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:37:08.0854 6836 amdsata - ok
21:37:08.0870 6836 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:37:08.0870 6836 amdsbs - ok
21:37:08.0885 6836 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:37:08.0885 6836 amdxata - ok
21:37:08.0901 6836 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
21:37:08.0916 6836 AmUStor - ok
21:37:08.0932 6836 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:37:08.0932 6836 AppID - ok
21:37:08.0948 6836 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:37:08.0948 6836 AppIDSvc - ok
21:37:08.0963 6836 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:37:08.0979 6836 Appinfo - ok
21:37:09.0026 6836 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:37:09.0026 6836 Apple Mobile Device - ok
21:37:09.0041 6836 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:37:09.0041 6836 arc - ok
21:37:09.0057 6836 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:37:09.0057 6836 arcsas - ok
21:37:09.0119 6836 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
21:37:09.0119 6836 ASLDRService - ok
21:37:09.0135 6836 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
21:37:09.0135 6836 ASMMAP64 - ok
21:37:09.0260 6836 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:37:09.0306 6836 aspnet_state - ok
21:37:09.0322 6836 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:37:09.0322 6836 AsyncMac - ok
21:37:09.0353 6836 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:37:09.0353 6836 atapi - ok
21:37:09.0369 6836 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
21:37:09.0369 6836 AthBTPort - ok
21:37:09.0416 6836 [ 4C4A576818EA028257C624AE36FF7A03 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
21:37:09.0416 6836 Atheros Bt&Wlan Coex Agent - ok
21:37:09.0431 6836 [ 21753130331188C4B474E1D3B396E629 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
21:37:09.0431 6836 AtherosSvc - ok
21:37:09.0478 6836 [ B4174564AD5834A1680610572477878C ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:37:09.0525 6836 athr - ok
21:37:09.0540 6836 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
21:37:09.0540 6836 ATKGFNEXSrv - ok
21:37:09.0572 6836 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
21:37:09.0572 6836 ATKWMIACPIIO - ok
21:37:09.0618 6836 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:37:09.0618 6836 AudioEndpointBuilder - ok
21:37:09.0634 6836 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:37:09.0634 6836 AudioSrv - ok
21:37:09.0681 6836 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:37:09.0681 6836 AxInstSV - ok
21:37:09.0696 6836 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:37:09.0712 6836 b06bdrv - ok
21:37:09.0743 6836 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:37:09.0743 6836 b57nd60a - ok
21:37:09.0806 6836 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:37:09.0806 6836 BBSvc - ok
21:37:09.0821 6836 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:37:09.0821 6836 BDESVC - ok
21:37:09.0837 6836 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:37:09.0837 6836 Beep - ok
21:37:09.0852 6836 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:37:09.0852 6836 blbdrive - ok
21:37:09.0946 6836 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:37:09.0946 6836 Bonjour Service - ok
21:37:09.0977 6836 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:37:09.0977 6836 bowser - ok
21:37:09.0993 6836 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:37:09.0993 6836 BrFiltLo - ok
21:37:09.0993 6836 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:37:09.0993 6836 BrFiltUp - ok
21:37:10.0008 6836 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
21:37:10.0008 6836 Browser - ok
21:37:10.0024 6836 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:37:10.0040 6836 Brserid - ok
21:37:10.0055 6836 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:37:10.0055 6836 BrSerWdm - ok
21:37:10.0055 6836 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:37:10.0055 6836 BrUsbMdm - ok
21:37:10.0071 6836 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:37:10.0071 6836 BrUsbSer - ok
21:37:10.0102 6836 [ FE70889A85C57A9268101B2DB0474509 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
21:37:10.0102 6836 BTATH_A2DP - ok
21:37:10.0118 6836 [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
21:37:10.0118 6836 BTATH_BUS - ok
21:37:10.0133 6836 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
21:37:10.0133 6836 BTATH_HCRP - ok
21:37:10.0164 6836 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:37:10.0164 6836 BTATH_LWFLT - ok
21:37:10.0164 6836 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
21:37:10.0164 6836 BTATH_RCP - ok
21:37:10.0211 6836 [ AA0F5AFCF077C5246589B32ECEEAE566 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
21:37:10.0211 6836 BtFilter - ok
21:37:10.0242 6836 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:37:10.0242 6836 BthEnum - ok
21:37:10.0258 6836 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:37:10.0258 6836 BTHMODEM - ok
21:37:10.0274 6836 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:37:10.0274 6836 BthPan - ok
21:37:10.0305 6836 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:37:10.0305 6836 BTHPORT - ok
21:37:10.0336 6836 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:37:10.0352 6836 bthserv - ok
21:37:10.0352 6836 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:37:10.0352 6836 BTHUSB - ok
21:37:10.0367 6836 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:37:10.0367 6836 cdfs - ok
21:37:10.0398 6836 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:37:10.0398 6836 cdrom - ok
21:37:10.0430 6836 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:37:10.0430 6836 CertPropSvc - ok
21:37:10.0445 6836 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:37:10.0461 6836 circlass - ok
21:37:10.0492 6836 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:37:10.0492 6836 CLFS - ok
21:37:10.0586 6836 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:37:10.0586 6836 clr_optimization_v2.0.50727_32 - ok
21:37:10.0632 6836 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:37:10.0648 6836 clr_optimization_v2.0.50727_64 - ok
21:37:10.0710 6836 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:37:10.0851 6836 clr_optimization_v4.0.30319_32 - ok
21:37:10.0882 6836 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:37:10.0882 6836 clr_optimization_v4.0.30319_64 - ok
21:37:10.0913 6836 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:37:10.0913 6836 CmBatt - ok
21:37:10.0929 6836 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:37:10.0929 6836 cmdide - ok
21:37:10.0976 6836 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:37:10.0976 6836 CNG - ok
21:37:10.0991 6836 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:37:10.0991 6836 Compbatt - ok
21:37:11.0007 6836 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:37:11.0007 6836 CompositeBus - ok
21:37:11.0022 6836 COMSysApp - ok
21:37:11.0178 6836 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:37:11.0194 6836 cphs - ok
21:37:11.0210 6836 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:37:11.0210 6836 crcdisk - ok
21:37:11.0241 6836 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:37:11.0272 6836 CryptSvc - ok
21:37:11.0350 6836 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:37:11.0366 6836 cvhsvc - ok
21:37:11.0412 6836 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:37:11.0428 6836 DcomLaunch - ok
21:37:11.0490 6836 [ 3B604417EBAE4E1E66E6ABD8CC55FD76 ] DCService.exe C:\ProgramData\DatacardService\DCService.exe
21:37:11.0490 6836 DCService.exe - ok
21:37:11.0553 6836 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:37:11.0568 6836 defragsvc - ok
21:37:11.0600 6836 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:37:11.0600 6836 DfsC - ok
21:37:11.0631 6836 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:37:11.0631 6836 Dhcp - ok
21:37:11.0662 6836 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:37:11.0662 6836 discache - ok
21:37:11.0693 6836 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:37:11.0693 6836 Disk - ok
21:37:11.0724 6836 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:37:11.0724 6836 Dnscache - ok
21:37:11.0740 6836 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:37:11.0740 6836 dot3svc - ok
21:37:11.0756 6836 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:37:11.0756 6836 DPS - ok
21:37:11.0771 6836 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:37:11.0787 6836 drmkaud - ok
21:37:11.0818 6836 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:37:11.0818 6836 DXGKrnl - ok
21:37:11.0849 6836 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:37:11.0849 6836 EapHost - ok
21:37:11.0927 6836 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:37:11.0974 6836 ebdrv - ok
21:37:12.0021 6836 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:37:12.0021 6836 EFS - ok
21:37:12.0083 6836 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:37:12.0099 6836 ehRecvr - ok
21:37:12.0099 6836 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:37:12.0114 6836 ehSched - ok
21:37:12.0146 6836 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:37:12.0146 6836 elxstor - ok
21:37:12.0161 6836 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:37:12.0177 6836 ErrDev - ok
21:37:12.0239 6836 [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
21:37:12.0270 6836 esgiguard - ok
21:37:12.0302 6836 [ 05B0DCDA418E297A1B4CD8D7B8ADE403 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
21:37:12.0302 6836 ETD - ok
21:37:12.0333 6836 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:37:12.0333 6836 EventSystem - ok
21:37:12.0364 6836 [ D83EB7ADE99D99A4CD6568AC1261D35E ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
21:37:12.0364 6836 ewusbnet - ok
21:37:12.0395 6836 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
21:37:12.0395 6836 ew_hwusbdev - ok
21:37:12.0458 6836 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:37:12.0458 6836 exfat - ok
21:37:12.0551 6836 [ BC604B21AB1B9160083A3ED8915EF67C ] F-Secure Filter C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\Win2K\FSfilter.sys
21:37:12.0551 6836 F-Secure Filter - ok
21:37:12.0598 6836 [ 169897DE484A79120AF8C201883EFDC4 ] F-Secure Gatekeeper C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\minifilter\fsgk.sys
21:37:12.0598 6836 F-Secure Gatekeeper - ok
21:37:12.0629 6836 [ 4F35DCF3D03B27408D20A10684DC66F3 ] F-Secure Gatekeeper Handler Starter C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe
21:37:12.0629 6836 F-Secure Gatekeeper Handler Starter - ok
21:37:12.0660 6836 [ 4C65DB6B44784A0E991072662D15B85B ] F-Secure HIPS C:\Program Files (x86)\Glocalnet Sakerhetspaket\HIPS\drivers\fshs.sys
21:37:12.0660 6836 F-Secure HIPS - ok
21:37:12.0676 6836 [ FF7D55C539D922C109E4EB1DF48EC706 ] F-Secure Recognizer C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\Win2K\FSrec.sys
21:37:12.0676 6836 F-Secure Recognizer - ok
21:37:12.0692 6836 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:37:12.0707 6836 fastfat - ok
21:37:12.0738 6836 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:37:12.0754 6836 Fax - ok
21:37:12.0785 6836 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:37:12.0785 6836 fdc - ok
21:37:12.0801 6836 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:37:12.0801 6836 fdPHost - ok
21:37:12.0816 6836 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:37:12.0816 6836 FDResPub - ok
21:37:12.0832 6836 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:37:12.0832 6836 FileInfo - ok
21:37:12.0848 6836 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:37:12.0848 6836 Filetrace - ok
21:37:12.0863 6836 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:37:12.0863 6836 flpydisk - ok
21:37:12.0879 6836 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:37:12.0879 6836 FltMgr - ok
21:37:12.0910 6836 [ 10B5AB16C34D4E316EDB825386F57DA6 ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys
21:37:12.0910 6836 FLxHCIc - ok
21:37:12.0941 6836 [ 66DE264C2DEFE746CB2E71F3A5EB5C2C ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys
21:37:12.0941 6836 FLxHCIh - ok
21:37:12.0972 6836 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:37:13.0004 6836 FontCache - ok
21:37:13.0066 6836 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:37:13.0066 6836 FontCache3.0.0.0 - ok
21:37:13.0113 6836 [ D5C492752FCCB61BFFAE361C82F914AC ] fsbts C:\Windows\system32\Drivers\fsbts.sys
21:37:13.0113 6836 fsbts - ok
21:37:13.0128 6836 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:37:13.0128 6836 FsDepends - ok
21:37:13.0206 6836 [ 5B43A49D94D2EFAFDD7058295167FDBC ] FSDFWD C:\Program Files (x86)\Glocalnet Sakerhetspaket\FWES\Program\fsdfwd.exe
21:37:13.0238 6836 FSDFWD - ok
21:37:13.0253 6836 [ 06C487127857CA7DD0BB6051D454DD90 ] FSES C:\Windows\system32\drivers\fses.sys
21:37:13.0253 6836 FSES - ok
21:37:13.0300 6836 [ C38968EA0718945530DCD37AA7825E05 ] FSFW C:\Windows\system32\drivers\fsdfw.sys
21:37:13.0300 6836 FSFW - ok
21:37:13.0331 6836 [ D7EED9A3B28C479AA9D84BB900E813CA ] FSMA C:\Program Files (x86)\Glocalnet Sakerhetspaket\Common\FSMA32.EXE
21:37:13.0331 6836 FSMA - ok
21:37:13.0362 6836 [ 42AEF6A385354ACA65FC210CE7CE4D7C ] FSORSPClient C:\Program Files (x86)\Glocalnet Sakerhetspaket\ORSP Client\fsorsp.exe
21:37:13.0378 6836 FSORSPClient - ok
21:37:13.0394 6836 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:37:13.0394 6836 fssfltr - ok
21:37:13.0456 6836 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:37:13.0487 6836 fsssvc - ok
21:37:13.0518 6836 [ C4A467CD8BB6B66A3A304EA37141FFFB ] fsvista C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\minifilter\fsvista.sys
21:37:13.0518 6836 fsvista - ok
21:37:13.0534 6836 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:37:13.0534 6836 Fs_Rec - ok
21:37:13.0565 6836 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:37:13.0565 6836 fvevol - ok
21:37:13.0596 6836 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:37:13.0596 6836 gagp30kx - ok
21:37:13.0612 6836 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:37:13.0612 6836 GEARAspiWDM - ok
21:37:13.0674 6836 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:37:13.0690 6836 gpsvc - ok
21:37:13.0768 6836 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:37:13.0768 6836 gupdate - ok
21:37:13.0784 6836 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:37:13.0784 6836 gupdatem - ok
21:37:13.0799 6836 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:37:13.0799 6836 gusvc - ok
21:37:13.0815 6836 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:37:13.0815 6836 hcw85cir - ok
21:37:13.0846 6836 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:37:13.0846 6836 HdAudAddService - ok
21:37:13.0877 6836 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:37:13.0877 6836 HDAudBus - ok
21:37:13.0877 6836 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:37:13.0893 6836 HidBatt - ok
21:37:13.0908 6836 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:37:13.0908 6836 HidBth - ok
21:37:13.0924 6836 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:37:13.0924 6836 HidIr - ok
21:37:13.0955 6836 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:37:13.0955 6836 hidserv - ok
21:37:13.0986 6836 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:37:13.0986 6836 HidUsb - ok
21:37:14.0002 6836 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:37:14.0002 6836 hkmsvc - ok
21:37:14.0033 6836 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:37:14.0033 6836 HomeGroupListener - ok
21:37:14.0064 6836 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:37:14.0064 6836 HomeGroupProvider - ok
21:37:14.0080 6836 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:37:14.0080 6836 HpSAMD - ok
21:37:14.0096 6836 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:37:14.0096 6836 HTTP - ok
21:37:14.0111 6836 [ 09AF4D7563EFC283BEDDDAFE60FAF168 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
21:37:14.0111 6836 huawei_enumerator - ok
21:37:14.0142 6836 [ 6E05228393CD614B983568EC40C262C3 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:37:14.0142 6836 hwdatacard - ok
21:37:14.0158 6836 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:37:14.0158 6836 hwpolicy - ok
21:37:14.0174 6836 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:37:14.0174 6836 i8042prt - ok
21:37:14.0205 6836 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:37:14.0205 6836 iaStor - ok
21:37:14.0236 6836 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:37:14.0236 6836 iaStorV - ok
21:37:14.0283 6836 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:37:14.0314 6836 idsvc - ok
21:37:14.0844 6836 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:37:15.0063 6836 igfx - ok
21:37:15.0110 6836 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:37:15.0110 6836 iirsp - ok
21:37:15.0156 6836 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:37:15.0172 6836 IKEEXT - ok
21:37:15.0250 6836 [ 177B4E48C7A288E70779B42AB81D2D06 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:37:15.0266 6836 IntcAzAudAddService - ok
21:37:15.0297 6836 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:37:15.0297 6836 IntcDAud - ok
21:37:15.0312 6836 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:37:15.0328 6836 intelide - ok
21:37:15.0344 6836 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:37:15.0344 6836 intelppm - ok
21:37:15.0375 6836 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:37:15.0375 6836 IPBusEnum - ok
21:37:15.0375 6836 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:37:15.0375 6836 IpFilterDriver - ok
21:37:15.0390 6836 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:37:15.0390 6836 IPMIDRV - ok
21:37:15.0422 6836 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:37:15.0422 6836 IPNAT - ok
21:37:15.0468 6836 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:37:15.0500 6836 iPod Service - ok
21:37:15.0515 6836 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:37:15.0515 6836 IRENUM - ok
21:37:15.0531 6836 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:37:15.0531 6836 isapnp - ok
21:37:15.0546 6836 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:37:15.0546 6836 iScsiPrt - ok
21:37:15.0578 6836 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:37:15.0578 6836 kbdclass - ok
21:37:15.0578 6836 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:37:15.0578 6836 kbdhid - ok
21:37:15.0609 6836 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
21:37:15.0609 6836 kbfiltr - ok
21:37:15.0624 6836 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:37:15.0624 6836 KeyIso - ok
21:37:15.0656 6836 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:37:15.0656 6836 KSecDD - ok
21:37:15.0687 6836 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:37:15.0687 6836 KSecPkg - ok
21:37:15.0702 6836 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:37:15.0702 6836 ksthunk - ok
21:37:15.0749 6836 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:37:15.0780 6836 KtmRm - ok
21:37:15.0796 6836 [ 033B4AED2C5519072C0D81E00804D003 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
21:37:15.0812 6836 L1C - ok
21:37:15.0843 6836 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:37:15.0843 6836 LanmanServer - ok
21:37:15.0874 6836 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:37:15.0874 6836 LanmanWorkstation - ok
21:37:15.0921 6836 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:37:15.0921 6836 lltdio - ok
21:37:15.0952 6836 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:37:15.0952 6836 lltdsvc - ok
21:37:15.0968 6836 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:37:15.0968 6836 lmhosts - ok
21:37:16.0014 6836 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:37:16.0014 6836 LMS - ok
21:37:16.0046 6836 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:37:16.0046 6836 LSI_FC - ok
21:37:16.0061 6836 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:37:16.0061 6836 LSI_SAS - ok
21:37:16.0061 6836 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:37:16.0061 6836 LSI_SAS2 - ok
21:37:16.0077 6836 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:37:16.0077 6836 LSI_SCSI - ok
21:37:16.0092 6836 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:37:16.0092 6836 luafv - ok
21:37:16.0124 6836 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:37:16.0124 6836 MBAMProtector - ok
21:37:16.0202 6836 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:37:16.0202 6836 MBAMScheduler - ok
21:37:16.0233 6836 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:37:16.0233 6836 MBAMService - ok
21:37:16.0264 6836 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:37:16.0264 6836 Mcx2Svc - ok
21:37:16.0280 6836 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:37:16.0280 6836 megasas - ok
21:37:16.0295 6836 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:37:16.0311 6836 MegaSR - ok
21:37:16.0327 6836 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:37:16.0327 6836 MEIx64 - ok
21:37:16.0342 6836 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:37:16.0342 6836 MMCSS - ok
21:37:16.0342 6836 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:37:16.0342 6836 Modem - ok
21:37:16.0358 6836 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:37:16.0358 6836 monitor - ok
21:37:16.0389 6836 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
 
21:37:16.0389 6836 mouclass - ok
21:37:16.0405 6836 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:37:16.0405 6836 mouhid - ok
21:37:16.0420 6836 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:37:16.0420 6836 mountmgr - ok
21:37:16.0436 6836 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:37:16.0436 6836 mpio - ok
21:37:16.0451 6836 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:37:16.0451 6836 mpsdrv - ok
21:37:16.0467 6836 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:37:16.0467 6836 MRxDAV - ok
21:37:16.0498 6836 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:37:16.0498 6836 mrxsmb - ok
21:37:16.0529 6836 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:37:16.0529 6836 mrxsmb10 - ok
21:37:16.0545 6836 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:37:16.0545 6836 mrxsmb20 - ok
21:37:16.0561 6836 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:37:16.0561 6836 msahci - ok
21:37:16.0576 6836 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:37:16.0576 6836 msdsm - ok
21:37:16.0592 6836 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:37:16.0592 6836 MSDTC - ok
21:37:16.0607 6836 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:37:16.0607 6836 Msfs - ok
21:37:16.0623 6836 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:37:16.0623 6836 mshidkmdf - ok
21:37:16.0639 6836 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:37:16.0639 6836 msisadrv - ok
21:37:16.0670 6836 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:37:16.0670 6836 MSiSCSI - ok
21:37:16.0670 6836 msiserver - ok
21:37:16.0701 6836 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:37:16.0701 6836 MSKSSRV - ok
21:37:16.0701 6836 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:37:16.0701 6836 MSPCLOCK - ok
21:37:16.0717 6836 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:37:16.0717 6836 MSPQM - ok
21:37:16.0732 6836 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:37:16.0732 6836 MsRPC - ok
21:37:16.0732 6836 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:37:16.0732 6836 mssmbios - ok
21:37:16.0748 6836 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:37:16.0748 6836 MSTEE - ok
21:37:16.0763 6836 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:37:16.0763 6836 MTConfig - ok
21:37:16.0779 6836 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:37:16.0779 6836 Mup - ok
21:37:16.0795 6836 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:37:16.0810 6836 napagent - ok
21:37:16.0826 6836 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:37:16.0826 6836 NativeWifiP - ok
21:37:16.0857 6836 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:37:16.0873 6836 NDIS - ok
21:37:16.0888 6836 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:37:16.0904 6836 NdisCap - ok
21:37:16.0904 6836 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:37:16.0904 6836 NdisTapi - ok
21:37:16.0919 6836 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:37:16.0919 6836 Ndisuio - ok
21:37:16.0935 6836 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:37:16.0935 6836 NdisWan - ok
21:37:16.0951 6836 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:37:16.0951 6836 NDProxy - ok
21:37:16.0997 6836 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
21:37:16.0997 6836 Netaapl - ok
21:37:17.0013 6836 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:37:17.0029 6836 NetBIOS - ok
21:37:17.0044 6836 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:37:17.0044 6836 NetBT - ok
21:37:17.0060 6836 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:37:17.0060 6836 Netlogon - ok
21:37:17.0107 6836 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:37:17.0107 6836 Netman - ok
21:37:17.0169 6836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:37:17.0200 6836 NetMsmqActivator - ok
21:37:17.0200 6836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:37:17.0200 6836 NetPipeActivator - ok
21:37:17.0247 6836 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:37:17.0263 6836 netprofm - ok
21:37:17.0278 6836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:37:17.0278 6836 NetTcpActivator - ok
21:37:17.0278 6836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:37:17.0278 6836 NetTcpPortSharing - ok
21:37:17.0309 6836 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:37:17.0325 6836 nfrd960 - ok
21:37:17.0341 6836 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:37:17.0341 6836 NlaSvc - ok
21:37:17.0341 6836 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:37:17.0341 6836 Npfs - ok
21:37:17.0356 6836 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:37:17.0356 6836 nsi - ok
21:37:17.0372 6836 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:37:17.0372 6836 nsiproxy - ok
21:37:17.0419 6836 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:37:17.0434 6836 Ntfs - ok
21:37:17.0434 6836 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:37:17.0434 6836 Null - ok
21:37:17.0824 6836 [ 7328528DAF9B8A486E16595A35043DB0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:37:17.0887 6836 nvlddmkm - ok
21:37:17.0918 6836 [ 8AE5A124F3B65C3EC531D251A3E9C87F ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
21:37:17.0918 6836 nvpciflt - ok
21:37:17.0965 6836 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:37:17.0965 6836 nvraid - ok
21:37:17.0980 6836 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:37:17.0980 6836 nvstor - ok
21:37:18.0043 6836 [ CEA3416907C17BB6623D9CB1E015B3C4 ] NVSvc C:\Windows\system32\nvvsvc.exe
21:37:18.0043 6836 NVSvc - ok
21:37:18.0167 6836 [ 741688E5A65CC43567BCC329AE130075 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:37:18.0167 6836 nvUpdatusService - ok
21:37:18.0230 6836 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:37:18.0230 6836 nv_agp - ok
21:37:18.0245 6836 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:37:18.0245 6836 ohci1394 - ok
21:37:18.0277 6836 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:37:18.0277 6836 ose - ok
21:37:18.0479 6836 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:37:18.0557 6836 osppsvc - ok
21:37:18.0604 6836 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:37:18.0604 6836 p2pimsvc - ok
21:37:18.0620 6836 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:37:18.0635 6836 p2psvc - ok
21:37:18.0651 6836 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:37:18.0651 6836 Parport - ok
21:37:18.0667 6836 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:37:18.0667 6836 partmgr - ok
21:37:18.0682 6836 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:37:18.0698 6836 PcaSvc - ok
21:37:18.0713 6836 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:37:18.0713 6836 pci - ok
21:37:18.0729 6836 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:37:18.0729 6836 pciide - ok
21:37:18.0745 6836 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:37:18.0760 6836 pcmcia - ok
21:37:18.0776 6836 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:37:18.0776 6836 pcw - ok
21:37:18.0791 6836 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:37:18.0791 6836 PEAUTH - ok
21:37:18.0869 6836 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:37:18.0885 6836 PerfHost - ok
21:37:18.0916 6836 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:37:18.0947 6836 pla - ok
21:37:18.0979 6836 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:37:18.0979 6836 PlugPlay - ok
21:37:18.0994 6836 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:37:18.0994 6836 PNRPAutoReg - ok
21:37:19.0010 6836 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:37:19.0010 6836 PNRPsvc - ok
21:37:19.0041 6836 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:37:19.0041 6836 PolicyAgent - ok
21:37:19.0088 6836 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:37:19.0088 6836 Power - ok
21:37:19.0119 6836 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:37:19.0119 6836 PptpMiniport - ok
21:37:19.0119 6836 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:37:19.0135 6836 Processor - ok
21:37:19.0166 6836 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:37:19.0166 6836 ProfSvc - ok
21:37:19.0166 6836 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:37:19.0166 6836 ProtectedStorage - ok
21:37:19.0197 6836 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:37:19.0197 6836 Psched - ok
21:37:19.0244 6836 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:37:19.0275 6836 ql2300 - ok
21:37:19.0291 6836 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:37:19.0291 6836 ql40xx - ok
21:37:19.0306 6836 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:37:19.0322 6836 QWAVE - ok
21:37:19.0322 6836 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:37:19.0337 6836 QWAVEdrv - ok
21:37:19.0337 6836 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:37:19.0337 6836 RasAcd - ok
21:37:19.0369 6836 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:37:19.0369 6836 RasAgileVpn - ok
21:37:19.0384 6836 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:37:19.0384 6836 RasAuto - ok
21:37:19.0400 6836 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:37:19.0400 6836 Rasl2tp - ok
21:37:19.0431 6836 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:37:19.0447 6836 RasMan - ok
21:37:19.0447 6836 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:37:19.0447 6836 RasPppoe - ok
21:37:19.0462 6836 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:37:19.0462 6836 RasSstp - ok
21:37:19.0478 6836 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:37:19.0478 6836 rdbss - ok
21:37:19.0493 6836 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:37:19.0493 6836 rdpbus - ok
21:37:19.0540 6836 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:37:19.0540 6836 RDPCDD - ok
21:37:19.0556 6836 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:37:19.0556 6836 RDPENCDD - ok
21:37:19.0556 6836 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:37:19.0571 6836 RDPREFMP - ok
21:37:19.0587 6836 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:37:19.0665 6836 RDPWD - ok
21:37:19.0681 6836 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:37:19.0681 6836 rdyboost - ok
21:37:19.0727 6836 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:37:19.0727 6836 RemoteAccess - ok
21:37:19.0743 6836 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:37:19.0743 6836 RemoteRegistry - ok
21:37:19.0774 6836 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:37:19.0774 6836 RFCOMM - ok
21:37:19.0868 6836 [ 616F6E52CAE254727A886BA8EDA1BEEA ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
21:37:19.0868 6836 RichVideo - ok
21:37:19.0868 6836 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:37:19.0883 6836 RpcEptMapper - ok
21:37:19.0899 6836 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:37:19.0899 6836 RpcLocator - ok
21:37:19.0915 6836 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:37:19.0915 6836 RpcSs - ok
21:37:19.0930 6836 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:37:19.0946 6836 rspndr - ok
21:37:19.0993 6836 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:37:19.0993 6836 RTL8167 - ok
21:37:20.0008 6836 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:37:20.0008 6836 SamSs - ok
21:37:20.0008 6836 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:37:20.0024 6836 sbp2port - ok
21:37:20.0024 6836 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:37:20.0039 6836 SCardSvr - ok
21:37:20.0039 6836 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:37:20.0055 6836 scfilter - ok
21:37:20.0071 6836 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:37:20.0102 6836 Schedule - ok
21:37:20.0117 6836 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:37:20.0117 6836 SCPolicySvc - ok
21:37:20.0133 6836 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:37:20.0133 6836 SDRSVC - ok
21:37:20.0180 6836 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:37:20.0180 6836 SeaPort - ok
21:37:20.0195 6836 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:37:20.0195 6836 secdrv - ok
21:37:20.0195 6836 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:37:20.0211 6836 seclogon - ok
21:37:20.0227 6836 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:37:20.0242 6836 SENS - ok
21:37:20.0242 6836 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:37:20.0258 6836 SensrSvc - ok
21:37:20.0273 6836 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:37:20.0273 6836 Serenum - ok
21:37:20.0289 6836 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:37:20.0289 6836 Serial - ok
21:37:20.0305 6836 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:37:20.0305 6836 sermouse - ok
21:37:20.0320 6836 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:37:20.0320 6836 SessionEnv - ok
21:37:20.0336 6836 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:37:20.0336 6836 sffdisk - ok
21:37:20.0351 6836 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:37:20.0351 6836 sffp_mmc - ok
21:37:20.0367 6836 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:37:20.0367 6836 sffp_sd - ok
21:37:20.0383 6836 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:37:20.0383 6836 sfloppy - ok
21:37:20.0414 6836 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
21:37:20.0414 6836 Sftfs - ok
21:37:20.0476 6836 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:37:20.0492 6836 sftlist - ok
21:37:20.0507 6836 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:37:20.0507 6836 Sftplay - ok
21:37:20.0523 6836 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:37:20.0523 6836 Sftredir - ok
21:37:20.0539 6836 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
21:37:20.0539 6836 Sftvol - ok
21:37:20.0570 6836 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:37:20.0570 6836 sftvsa - ok
21:37:20.0617 6836 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:37:20.0632 6836 ShellHWDetection - ok
21:37:20.0663 6836 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
21:37:20.0663 6836 SiSGbeLH - ok
21:37:20.0679 6836 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:37:20.0679 6836 SiSRaid2 - ok
21:37:20.0695 6836 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:37:20.0695 6836 SiSRaid4 - ok
21:37:20.0741 6836 [ C70AEBD3608ED9FCEA2A1BAE83567FFC ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:37:20.0741 6836 SkypeUpdate - ok
21:37:20.0757 6836 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:37:20.0773 6836 Smb - ok
21:37:20.0804 6836 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:37:20.0804 6836 SNMPTRAP - ok
21:37:20.0804 6836 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:37:20.0819 6836 spldr - ok
21:37:20.0835 6836 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
21:37:20.0835 6836 Spooler - ok
21:37:20.0913 6836 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:37:20.0975 6836 sppsvc - ok
21:37:20.0991 6836 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:37:20.0991 6836 sppuinotify - ok
21:37:21.0022 6836 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:37:21.0022 6836 srv - ok
21:37:21.0038 6836 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:37:21.0053 6836 srv2 - ok
21:37:21.0069 6836 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:37:21.0069 6836 srvnet - ok
21:37:21.0100 6836 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:37:21.0100 6836 SSDPSRV - ok
21:37:21.0116 6836 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:37:21.0116 6836 SstpSvc - ok
21:37:21.0256 6836 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:37:21.0256 6836 stexstor - ok
21:37:21.0350 6836 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:37:21.0365 6836 stisvc - ok
21:37:21.0365 6836 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:37:21.0365 6836 swenum - ok
21:37:21.0381 6836 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:37:21.0397 6836 swprv - ok
21:37:21.0428 6836 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:37:21.0475 6836 SysMain - ok
21:37:21.0475 6836 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:37:21.0490 6836 TabletInputService - ok
21:37:21.0506 6836 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:37:21.0506 6836 TapiSrv - ok
21:37:21.0521 6836 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:37:21.0521 6836 TBS - ok
21:37:21.0615 6836 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:37:21.0646 6836 Tcpip - ok
21:37:21.0709 6836 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:37:21.0709 6836 TCPIP6 - ok
21:37:21.0724 6836 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:37:21.0740 6836 tcpipreg - ok
21:37:21.0755 6836 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:37:21.0755 6836 TDPIPE - ok
21:37:21.0787 6836 [ 03E62CD83A62859F4F796434EE6C385E ] Tdsshbecr C:\Windows\system32\DRIVERS\shbecr.sys
21:37:21.0787 6836 Tdsshbecr - ok
21:37:21.0818 6836 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:37:21.0818 6836 TDTCP - ok
21:37:21.0833 6836 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:37:21.0833 6836 tdx - ok
21:37:21.0849 6836 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:37:21.0849 6836 TermDD - ok
21:37:21.0880 6836 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:37:21.0880 6836 TermService - ok
21:37:21.0896 6836 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:37:21.0896 6836 Themes - ok
21:37:21.0911 6836 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:37:21.0911 6836 THREADORDER - ok
21:37:21.0927 6836 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:37:21.0927 6836 TrkWks - ok
21:37:21.0974 6836 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:37:21.0974 6836 TrustedInstaller - ok
21:37:22.0005 6836 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:37:22.0005 6836 tssecsrv - ok
21:37:22.0021 6836 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:37:22.0021 6836 TsUsbFlt - ok
21:37:22.0052 6836 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:37:22.0052 6836 TsUsbGD - ok
21:37:22.0083 6836 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:37:22.0083 6836 tunnel - ok
21:37:22.0114 6836 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
21:37:22.0114 6836 TurboB - ok
21:37:22.0145 6836 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:37:22.0145 6836 TurboBoost - ok
21:37:22.0161 6836 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:37:22.0161 6836 uagp35 - ok
21:37:22.0177 6836 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:37:22.0177 6836 udfs - ok
21:37:22.0208 6836 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:37:22.0208 6836 UI0Detect - ok
21:37:22.0239 6836 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:37:22.0239 6836 uliagpkx - ok
21:37:22.0239 6836 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:37:22.0255 6836 umbus - ok
21:37:22.0270 6836 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:37:22.0270 6836 UmPass - ok
21:37:22.0426 6836 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:37:22.0442 6836 UNS - ok
21:37:22.0457 6836 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:37:22.0457 6836 upnphost - ok
21:37:22.0489 6836 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:37:22.0504 6836 USBAAPL64 - ok
21:37:22.0535 6836 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:37:22.0535 6836 usbaudio - ok
21:37:22.0582 6836 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:37:22.0582 6836 usbccgp - ok
21:37:22.0613 6836 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:37:22.0613 6836 usbcir - ok
21:37:22.0629 6836 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:37:22.0629 6836 usbehci - ok
21:37:22.0676 6836 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:37:22.0676 6836 usbhub - ok
21:37:22.0676 6836 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:37:22.0676 6836 usbohci - ok
21:37:22.0691 6836 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:37:22.0691 6836 usbprint - ok
21:37:22.0707 6836 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:37:22.0707 6836 USBSTOR - ok
21:37:22.0723 6836 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:37:22.0738 6836 usbuhci - ok
21:37:22.0738 6836 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:37:22.0738 6836 usbvideo - ok
21:37:22.0769 6836 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:37:22.0769 6836 UxSms - ok
21:37:22.0785 6836 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:37:22.0785 6836 VaultSvc - ok
21:37:22.0785 6836 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:37:22.0785 6836 vdrvroot - ok
21:37:22.0816 6836 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:37:22.0816 6836 vds - ok
21:37:22.0832 6836 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:37:22.0847 6836 vga - ok
21:37:22.0847 6836 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:37:22.0847 6836 VgaSave - ok
21:37:22.0863 6836 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:37:22.0879 6836 vhdmp - ok
21:37:22.0894 6836 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:37:22.0894 6836 viaide - ok
21:37:22.0910 6836 [ 0ADF410187B71C9B855721C8D59CEC7A ] VideAceWindowsService C:\ExpressGateUtil\VAWinService.exe
21:37:22.0910 6836 VideAceWindowsService - ok
21:37:22.0941 6836 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:37:22.0941 6836 volmgr - ok
21:37:22.0957 6836 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:37:22.0957 6836 volmgrx - ok
21:37:22.0972 6836 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:37:22.0972 6836 volsnap - ok
21:37:22.0988 6836 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:37:22.0988 6836 vsmraid - ok
21:37:23.0035 6836 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:37:23.0066 6836 VSS - ok
21:37:23.0081 6836 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:37:23.0081 6836 vwifibus - ok
21:37:23.0097 6836 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:37:23.0128 6836 vwififlt - ok
21:37:23.0237 6836 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:37:23.0237 6836 W32Time - ok
21:37:23.0253 6836 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:37:23.0269 6836 WacomPen - ok
21:37:23.0284 6836 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:37:23.0284 6836 WANARP - ok
21:37:23.0284 6836 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:37:23.0284 6836 Wanarpv6 - ok
21:37:23.0347 6836 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:37:23.0362 6836 WatAdminSvc - ok
21:37:23.0425 6836 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:37:23.0471 6836 wbengine - ok
21:37:23.0487 6836 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:37:23.0487 6836 WbioSrvc - ok
21:37:23.0503 6836 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:37:23.0503 6836 wcncsvc - ok
21:37:23.0518 6836 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:37:23.0518 6836 WcsPlugInService - ok
21:37:23.0534 6836 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:37:23.0534 6836 Wd - ok
21:37:23.0549 6836 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:37:23.0565 6836 Wdf01000 - ok
21:37:23.0581 6836 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:37:23.0581 6836 WdiServiceHost - ok
21:37:23.0581 6836 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:37:23.0581 6836 WdiSystemHost - ok
21:37:23.0596 6836 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:37:23.0596 6836 WebClient - ok
21:37:23.0612 6836 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:37:23.0612 6836 Wecsvc - ok
21:37:23.0627 6836 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:37:23.0627 6836 wercplsupport - ok
21:37:23.0643 6836 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:37:23.0643 6836 WerSvc - ok
21:37:23.0659 6836 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:37:23.0659 6836 WfpLwf - ok
21:37:23.0705 6836 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:37:23.0705 6836 WimFltr - ok
21:37:23.0721 6836 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:37:23.0721 6836 WIMMount - ok
21:37:23.0721 6836 WinHttpAutoProxySvc - ok
21:37:23.0768 6836 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:37:23.0768 6836 Winmgmt - ok
21:37:23.0830 6836 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:37:23.0877 6836 WinRM - ok
21:37:23.0939 6836 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:37:23.0939 6836 WinUsb - ok
21:37:23.0955 6836 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:37:23.0986 6836 Wlansvc - ok
21:37:24.0033 6836 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:37:24.0049 6836 wlcrasvc - ok
21:37:24.0205 6836 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:37:24.0236 6836 wlidsvc - ok
21:37:24.0267 6836 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:37:24.0267 6836 WmiAcpi - ok
21:37:24.0298 6836 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:37:24.0298 6836 wmiApSrv - ok
21:37:24.0314 6836 WMPNetworkSvc - ok
21:37:24.0345 6836 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:37:24.0345 6836 WPCSvc - ok
21:37:24.0361 6836 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:37:24.0361 6836 WPDBusEnum - ok
21:37:24.0361 6836 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:37:24.0361 6836 ws2ifsl - ok
21:37:24.0376 6836 WSearch - ok
21:37:24.0376 6836 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:37:24.0376 6836 WudfPf - ok
21:37:24.0392 6836 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:37:24.0407 6836 WUDFRd - ok
21:37:24.0407 6836 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:37:24.0407 6836 wudfsvc - ok
21:37:24.0423 6836 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:37:24.0439 6836 WwanSvc - ok
21:37:24.0470 6836 ================ Scan global ===============================
21:37:24.0485 6836 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:37:24.0517 6836 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:37:24.0532 6836 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:37:24.0548 6836 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:37:24.0579 6836 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:37:24.0610 6836 [Global] - ok
21:37:24.0610 6836 ================ Scan MBR ==================================
21:37:24.0626 6836 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:37:25.0141 6836 \Device\Harddisk0\DR0 - ok
21:37:25.0141 6836 ================ Scan VBR ==================================
21:37:25.0141 6836 [ B64A48BFD40272B21C9532B283E55DD8 ] \Device\Harddisk0\DR0\Partition1
21:37:25.0156 6836 \Device\Harddisk0\DR0\Partition1 - ok
21:37:25.0203 6836 [ 543E6A1392FBD801B41E2A2F00904487 ] \Device\Harddisk0\DR0\Partition2
21:37:25.0203 6836 \Device\Harddisk0\DR0\Partition2 - ok
21:37:25.0203 6836 ============================================================
21:37:25.0203 6836 Scan finished
21:37:25.0203 6836 ============================================================
21:37:25.0219 6920 Detected object count: 0
21:37:25.0219 6920 Actual detected object count: 0
 
RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Anna och Fredrik [Admin rights]
Mode : Scan -- Date : 09/22/2012 21:54:41
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][SUSP PATH] ASUS Patch 10430001 : C:\Windows\AsPatch10430001.exe -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{3A7BF545-357A-4260-AB5C-E78692B2AE49} : NameServer (195.67.199.18 195.67.199.19) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{6507F1B2-E31C-4ED3-8985-77C41F44560D} : NameServer (195.67.199.18 195.67.199.19) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{3A7BF545-357A-4260-AB5C-E78692B2AE49} : NameServer (195.67.199.18 195.67.199.19) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{6507F1B2-E31C-4ED3-8985-77C41F44560D} : NameServer (195.67.199.18 195.67.199.19) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Anna och Fredrik\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\n.) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 1adc24914383b501ac1193c37206dec8
[BSP] a6dfcef95bdca6f6c690eb797753f4a9 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 190776 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 443140096 | Size: 260562 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Anna och Fredrik [Admin rights]
Mode : Remove -- Date : 09/22/2012 21:55:50
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][SUSP PATH] ASUS Patch 10430001 : C:\Windows\AsPatch10430001.exe -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{3A7BF545-357A-4260-AB5C-E78692B2AE49} : NameServer (195.67.199.18 195.67.199.19) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{6507F1B2-E31C-4ED3-8985-77C41F44560D} : NameServer (195.67.199.18 195.67.199.19) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{3A7BF545-357A-4260-AB5C-E78692B2AE49} : NameServer (195.67.199.18 195.67.199.19) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{6507F1B2-E31C-4ED3-8985-77C41F44560D} : NameServer (195.67.199.18 195.67.199.19) -> NOT REMOVED, USE DNSFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Anna och Fredrik\AppData\Local\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\n.) -> REPLACED (C:\Windows\system32\shell32.dll)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 1adc24914383b501ac1193c37206dec8
[BSP] a6dfcef95bdca6f6c690eb797753f4a9 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 190776 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 443140096 | Size: 260562 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-22 22:01:16
-----------------------------
22:01:16.196 OS Version: Windows x64 6.1.7601 Service Pack 1
22:01:16.196 Number of processors: 8 586 0x2A07
22:01:16.196 ComputerName: HELGE2 UserName:
22:01:17.242 Initialize success
22:07:56.348 AVAST engine defs: 12092200
22:08:26.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:08:26.173 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
22:08:26.223 Disk 0 MBR read successfully
22:08:26.225 Disk 0 MBR scan
22:08:26.293 Disk 0 Windows 7 default MBR code
22:08:26.305 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
22:08:26.327 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 190776 MB offset 52430848
22:08:26.336 Disk 0 Partition - 00 0F Extended LBA 260562 MB offset 443140096
22:08:26.361 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 260561 MB offset 443142144
22:08:26.416 Disk 0 scanning C:\Windows\system32\drivers
22:08:41.477 Service scanning
22:09:03.406 Modules scanning
22:09:03.413 Disk 0 trace - called modules:
22:09:03.451 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:09:03.661 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80080cd790]
22:09:03.666 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8007b50b20]
22:09:03.670 5 ACPI.sys[fffff88000f057a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b54050]
22:09:05.336 AVAST engine scan C:\Windows
22:09:08.185 AVAST engine scan C:\Windows\system32
22:13:53.727 AVAST engine scan C:\Windows\system32\drivers
22:14:06.427 AVAST engine scan C:\Users\Anna och Fredrik
22:21:28.357 Disk 0 MBR has been saved successfully to "C:\Users\Anna och Fredrik\Desktop\MBR.dat"
22:21:28.363 The log file has been saved successfully to "C:\Users\Anna och Fredrik\Desktop\aswMBR.txt"
 
I hope I got everything right so far. The computer seems to run normally and F-secure has not complained about viruses as it did before.:)
 
Good news :)

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix ran without trouble and here is the log:

ComboFix 12-09-23.01 - Anna och Fredrik 2012-09-23 10:28:07.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8103.6307 [GMT 2:00]
Körs från: c:\users\Anna och Fredrik\Desktop\ComboFix.exe
AV: Glocalnet Säkerhetspaket 9.12 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Glocalnet Säkerhetspaket 9.12 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Glocalnet Säkerhetspaket 9.12 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\AsPatch10430001.exe
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((( Filer skapade från 2012-08-23 till 2012-09-23 ))))))))))))))))))))))))))))))
.
.
2012-09-23 08:34 . 2012-09-23 08:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-23 08:34 . 2012-09-23 08:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 21:30 . 2012-09-22 21:30 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-23 08:24 . 2011-06-26 19:59 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-09-22 19:38 . 2012-05-09 08:43 56016 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-09-22 12:05 . 2012-07-09 07:22 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-22 12:05 . 2011-08-05 13:01 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-07 15:04 . 2012-08-07 22:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-08 19:57 . 2012-08-08 19:52 110080 ----a-r- c:\users\Anna och Fredrik\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe
2012-08-08 19:57 . 2012-08-08 19:52 110080 ----a-r- c:\users\Anna och Fredrik\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe
2012-08-08 19:57 . 2012-08-08 19:52 110080 ----a-r- c:\users\Anna och Fredrik\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe
2012-08-07 23:30 . 2012-08-07 23:30 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-07-13 10:26 . 2011-07-18 19:38 59701280 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((( Startpunkter I registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-02-25 40448]
"F-Secure TNB"="c:\program files (x86)\Glocalnet Sakerhetspaket\FSGUI\TNBUtil.exe" [2012-03-08 1655464]
"F-Secure Manager"="c:\program files (x86)\Glocalnet Sakerhetspaket\Common\FSM32.EXE" [2012-03-08 199344]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-03-31 2018032]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-06-26 3058304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-1 549040]
BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2011-7-19 1087896]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-6-26 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-03-08 50384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 250288]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-08-31 256000]
R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 135664]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 Tdsshbecr;Handelsbanken card reader;c:\windows\system32\DRIVERS\shbecr.sys [2008-09-23 50176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-12 1255736]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\Win2K\FSfilter.sys [2012-03-08 39856]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\Win2K\FSrec.sys [2012-03-08 25264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-09-22 56016]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-08 25960]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Glocalnet Sakerhetspaket\HIPS\drivers\fshs.sys [2012-03-08 58000]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-03-08 92240]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\minifilter\fsvista.sys [2012-03-08 14904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-14 2009704]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\minifilter\fsgk.sys [2012-05-29 199848]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-02-25 302592]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-02-25 81920]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Glocalnet Sakerhetspaket\ORSP Client\fsorsp.exe [2012-03-08 61088]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-07-27 86016]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Innehåll I mappen 'Schemalagda aktiviteter':
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 12:05]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 22:45]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-31 22:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.se/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\Glocalnet Sakerhetspaket\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.0.254 192.168.1.1
TCP: Interfaces\{3A7BF545-357A-4260-AB5C-E78692B2AE49}: NameServer = 195.67.199.18 195.67.199.19
TCP: Interfaces\{6507F1B2-E31C-4ED3-8985-77C41F44560D}: NameServer = 195.67.199.18 195.67.199.19
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.se/Genoogle/Components/ActiveX/SearchEngineQuery.dll
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-SessionLogon - c:\expressgateutil\SessionLogon.exe
Toolbar-Locked - (no file)
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andra processer som körs ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe
c:\program files (x86)\Glocalnet Sakerhetspaket\Common\FSMA32.EXE
c:\program files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\FSGK32.EXE
c:\program files (x86)\Glocalnet Sakerhetspaket\Common\FSHDLL32.EXE
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\fssm32.exe
c:\program files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\fsav32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\Glocalnet Sakerhetspaket\FSAUA\program\ih8.exe
c:\program files (x86)\Glocalnet Sakerhetspaket\FSAUA\program\ih8run.exe
c:\program files (x86)\Glocalnet Sakerhetspaket\FSAUA\content\70Software_PSC9_upg_PSC11\5\program\inst\prestub.exe
.
**************************************************************************
.
Sluttid: 2012-09-23 10:46:11 - datorn startades om.
ComboFix-quarantined-files.txt 2012-09-23 08:46
.
Före genomsökningen: 127 658 266 624 byte ledigt
Efter genomsökningen: 128 261 681 152 byte ledigt
.
- - End Of File - - 81C4F3041FB2AE18F65F2F8ACF47C166
 
Looks good :)

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
F-secure wasn't too happy about running OTL but... here we go:

OTL logfile created on: 2012-09-23 21:36:07 - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Anna och Fredrik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

7,91 Gb Total Physical Memory | 5,64 Gb Available Physical Memory | 71,21% Memory free
15,82 Gb Paging File | 13,46 Gb Available in Paging File | 85,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 118,89 Gb Free Space | 63,82% Space Free | Partition Type: NTFS
Drive D: | 254,45 Gb Total Space | 239,98 Gb Free Space | 94,31% Space Free | Partition Type: NTFS

Computer Name: HELGE2 | User Name: Anna och Fredrik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-23 21:30:51 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Anna och Fredrik\Desktop\OTL.exe
PRC - [2012-09-22 21:46:33 | 000,504,520 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSAUA\content\70Software_PSC9_upg_PSC11\5\program\inst\prestub.exe
PRC - [2012-07-27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-05-29 20:16:24 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\fssm32.exe
PRC - [2012-05-29 20:16:23 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\FSGK32.EXE
PRC - [2012-03-08 20:00:17 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\fsav32.exe
PRC - [2012-03-08 19:59:46 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\ORSP Client\fsorsp.exe
PRC - [2012-03-08 19:52:39 | 000,219,824 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe
PRC - [2012-03-08 19:52:37 | 000,199,344 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\Common\FSM32.EXE
PRC - [2012-03-08 19:52:37 | 000,187,056 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\Common\FSMA32.EXE
PRC - [2012-03-08 19:52:37 | 000,088,752 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\Common\FSHDLL32.EXE
PRC - [2011-10-01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011-10-01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011-07-29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011-07-19 07:10:08 | 001,087,896 | ---- | M] (Technology Nexus AB) -- C:\Program Files (x86)\Personal\bin\Personal.exe
PRC - [2011-06-26 21:48:50 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011-03-14 04:39:08 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-03-13 19:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011-02-25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011-01-25 20:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010-12-21 03:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010-12-21 03:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010-11-24 03:31:56 | 000,965,728 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2010-11-15 19:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010-10-07 23:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010-09-24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010-08-21 03:47:58 | 000,077,312 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe
PRC - [2010-08-19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010-08-19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010-08-17 23:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010-08-13 02:52:16 | 000,021,504 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
PRC - [2010-07-10 07:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
PRC - [2010-06-22 12:31:06 | 000,387,760 | ---- | M] (F-Secure) -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSAUA\program\ih8run.exe
PRC - [2010-06-22 12:31:06 | 000,166,576 | ---- | M] (F-Secure) -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSAUA\program\ih8.exe
PRC - [2010-02-03 09:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009-12-15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009-11-02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009-06-19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009-06-19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009-06-16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008-12-23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008-08-14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Modules (No Company Name) ==========

MOD - [2012-03-08 19:52:50 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSGUI\strres.eng
MOD - [2012-03-08 19:52:47 | 000,551,600 | ---- | M] () -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSGUI\gres.dll
MOD - [2012-03-08 19:52:46 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSGUI\fsavures.eng
MOD - [2012-03-08 19:52:45 | 000,441,008 | ---- | M] () -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSGUI\about.dll
MOD - [2012-03-08 19:52:45 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSGUI\flyerres.eng
MOD - [2012-03-08 19:52:45 | 000,088,752 | ---- | M] () -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSGUI\aboutres.dll
MOD - [2011-09-27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-09-27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011-07-29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011-07-29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010-09-24 01:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2010-08-13 02:52:16 | 000,021,504 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
MOD - [2009-11-02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009-11-02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Services (SafeList) ==========

SRV:64bit: - [2011-01-25 23:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010-11-30 00:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010-09-23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012-09-22 14:05:49 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-06-05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-03-19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-03-08 19:59:46 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2012-03-08 19:52:44 | 000,844,464 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2012-03-08 19:52:39 | 000,219,824 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2012-03-08 19:52:37 | 000,187,056 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\Common\FSMA32.EXE -- (FSMA)
SRV - [2011-10-01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011-10-01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011-03-14 04:39:08 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-03-13 19:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011-03-13 19:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011-03-02 06:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011-02-25 19:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010-12-21 03:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010-12-21 03:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010-08-21 03:47:58 | 000,077,312 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
SRV - [2010-08-19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-12-15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009-06-16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-09-22 21:38:06 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2012-03-19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-03-08 20:15:44 | 000,050,384 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2012-03-08 19:52:44 | 000,092,240 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-10-07 11:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011-10-01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011-10-01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011-10-01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011-10-01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011-08-02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011-03-13 19:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011-03-13 19:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011-03-13 19:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011-03-13 19:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011-03-13 19:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011-03-13 19:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011-03-13 19:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-03-08 07:35:22 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011-03-02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2011-02-25 02:01:14 | 000,302,592 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2011-02-25 02:01:14 | 000,081,920 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2011-02-16 11:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-11-30 00:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010-11-20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-11-05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010-10-20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-10-14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010-09-23 09:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010-09-08 13:39:32 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010-08-31 18:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010-08-11 08:11:26 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010-08-07 17:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010-07-27 15:26:34 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010-07-27 09:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009-07-20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008-09-23 08:24:00 | 000,050,176 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\shbecr.sys -- (Tdsshbecr)
DRV:64bit: - [2008-05-24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012-05-29 20:16:49 | 000,199,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2012-03-08 20:02:38 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts)
DRV - [2012-03-08 19:52:57 | 000,058,000 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2012-03-08 19:52:40 | 000,039,856 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter)
DRV - [2012-03-08 19:52:40 | 000,025,264 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer)
DRV - [2012-03-08 19:52:40 | 000,014,904 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Glocalnet Sakerhetspaket\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2010-07-26 22:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-206811873-1161547385-2694278228-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-206811873-1161547385-2694278228-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKU\S-1-5-21-206811873-1161547385-2694278228-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-206811873-1161547385-2694278228-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-206811873-1161547385-2694278228-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-206811873-1161547385-2694278228-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKU\S-1-5-21-206811873-1161547385-2694278228-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-206811873-1161547385-2694278228-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-206811873-1161547385-2694278228-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-206811873-1161547385-2694278228-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Anna och Fredrik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-05-17 20:01:40 | 000,000,000 | ---D | M]
 
O1 HOSTS File: ([2012-09-23 10:42:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-206811873-1161547385-2694278228-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Glocalnet Sakerhetspaket\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-21-206811873-1161547385-2694278228-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-206811873-1161547385-2694278228-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-206811873-1161547385-2694278228-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-206811873-1161547385-2694278228-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-206811873-1161547385-2694278228-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-206811873-1161547385-2694278228-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-206811873-1161547385-2694278228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-206811873-1161547385-2694278228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Glocalnet Sakerhetspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.se/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A7BF545-357A-4260-AB5C-E78692B2AE49}: NameServer = 195.67.199.18 195.67.199.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6507F1B2-E31C-4ED3-8985-77C41F44560D}: NameServer = 195.67.199.18 195.67.199.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99F4509C-05C0-4A3B-894D-033C4B223D32}: DhcpNameServer = 195.54.122.221 195.54.122.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F6B3EDE-644D-4028-9EA3-527B36C639EE}: DhcpNameServer = 192.168.0.254 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-09-23 21:30:51 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Anna och Fredrik\Desktop\OTL.exe
[2012-09-23 20:45:15 | 000,000,000 | R--D | C] -- C:\Users\Anna och Fredrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012-09-23 10:46:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-09-23 10:42:25 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012-09-23 10:26:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-09-23 10:26:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-09-23 10:26:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-09-23 10:19:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-09-23 10:19:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-09-23 10:11:03 | 004,755,310 | R--- | C] (Swearware) -- C:\Users\Anna och Fredrik\Desktop\ComboFix.exe
[2012-09-22 23:30:41 | 000,000,000 | ---D | C] -- C:\FRST
[2012-09-22 22:00:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Anna och Fredrik\Desktop\aswMBR.exe
[2012-09-22 21:54:04 | 000,000,000 | ---D | C] -- C:\Users\Anna och Fredrik\Desktop\RK_Quarantine
[2012-09-22 15:40:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Anna och Fredrik\Desktop\dds.com
[2012-09-22 14:13:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012-09-17 19:25:14 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Anna och Fredrik\Desktop\TDSSKiller.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-09-23 21:30:51 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Anna och Fredrik\Desktop\OTL.exe
[2012-09-23 21:11:23 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-09-23 21:05:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-09-23 20:56:02 | 000,001,004 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-09-23 20:51:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-09-23 20:51:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-09-23 20:45:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-09-23 12:22:58 | 2077,552,639 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-23 10:42:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-09-23 10:24:09 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012-09-23 10:11:08 | 004,755,310 | R--- | M] (Swearware) -- C:\Users\Anna och Fredrik\Desktop\ComboFix.exe
[2012-09-22 22:21:28 | 000,000,512 | ---- | M] () -- C:\Users\Anna och Fredrik\Desktop\MBR.dat
[2012-09-22 22:00:43 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Anna och Fredrik\Desktop\aswMBR.exe
[2012-09-22 21:53:24 | 001,388,032 | ---- | M] () -- C:\Users\Anna och Fredrik\Desktop\RogueKiller.exe
[2012-09-22 21:38:06 | 000,056,016 | ---- | M] () -- C:\Windows\SysNative\drivers\fsbts.sys
[2012-09-22 21:35:43 | 002,193,278 | ---- | M] () -- C:\Users\Anna och Fredrik\Desktop\tdsskiller.zip
[2012-09-22 15:41:06 | 001,656,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-09-22 15:41:06 | 000,690,086 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2012-09-22 15:41:06 | 000,680,886 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-09-22 15:41:06 | 000,153,632 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2012-09-22 15:41:06 | 000,133,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-09-22 14:11:25 | 000,001,563 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012-09-22 14:04:57 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-09-22 13:58:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Anna och Fredrik\Desktop\dds.com
[2012-09-22 13:57:22 | 000,302,592 | ---- | M] () -- C:\Users\Anna och Fredrik\Desktop\6dwb9urj.exe
[2012-09-17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Anna och Fredrik\Desktop\TDSSKiller.exe
[2012-09-07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-09-23 10:26:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-09-23 10:26:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-09-23 10:26:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-09-23 10:26:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-09-23 10:26:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-09-22 22:21:28 | 000,000,512 | ---- | C] () -- C:\Users\Anna och Fredrik\Desktop\MBR.dat
[2012-09-22 21:53:24 | 001,388,032 | ---- | C] () -- C:\Users\Anna och Fredrik\Desktop\RogueKiller.exe
[2012-09-22 21:35:43 | 002,193,278 | ---- | C] () -- C:\Users\Anna och Fredrik\Desktop\tdsskiller.zip
[2012-09-22 15:40:09 | 000,302,592 | ---- | C] () -- C:\Users\Anna och Fredrik\Desktop\6dwb9urj.exe
[2012-03-19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012-03-19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012-03-19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-03-19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011-11-27 19:40:25 | 000,798,720 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.dll
[2011-11-27 19:40:25 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\FCPlayer.exe
[2011-11-27 19:40:25 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\FCSDK.dll
[2011-11-27 19:40:24 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\FCNetLib.dll
[2011-08-12 22:18:21 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011-07-19 08:38:08 | 001,676,954 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-06-22 12:49:00 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\MPMapTrace.dll
[2011-06-22 12:03:44 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\mpPathan.dll
[2011-04-12 04:21:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2011-07-11 21:57:47 | 000,000,000 | ---D | M] -- C:\Users\Anna och Fredrik\AppData\Roaming\ASUS WebStorage
[2012-03-10 18:26:13 | 000,000,000 | ---D | M] -- C:\Users\Anna och Fredrik\AppData\Roaming\F-Secure
[2012-03-08 20:53:53 | 000,000,000 | ---D | M] -- C:\Users\Anna och Fredrik\AppData\Roaming\Microchip
[2011-07-19 07:28:01 | 000,000,000 | ---D | M] -- C:\Users\Anna och Fredrik\AppData\Roaming\Personal
[2012-04-13 10:38:35 | 000,000,000 | ---D | M] -- C:\Users\Anna och Fredrik\AppData\Roaming\SoftGrid Client
[2012-06-17 23:45:21 | 000,000,000 | ---D | M] -- C:\Users\Anna och Fredrik\AppData\Roaming\Spotify
[2011-07-19 08:39:09 | 000,000,000 | ---D | M] -- C:\Users\Anna och Fredrik\AppData\Roaming\TP
[2012-02-14 20:13:45 | 000,000,000 | ---D | M] -- C:\Users\Anna och Fredrik\AppData\Roaming\uTorrent
[2011-07-31 22:21:24 | 000,000,000 | ---D | M] -- C:\Users\Anna och Fredrik\AppData\Roaming\Windows Live Writer
[2011-07-19 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\Anna och Fredrik\AppData\Roaming\WinZip
[2012-04-10 20:04:49 | 000,000,000 | ---D | M] -- C:\Users\Anna och Fredrik\AppData\Roaming\Withings

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:5D458568
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:029E021F
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >
 
OTL Extras logfile created on: 2012-09-23 21:36:07 - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Anna och Fredrik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

7,91 Gb Total Physical Memory | 5,64 Gb Available Physical Memory | 71,21% Memory free
15,82 Gb Paging File | 13,46 Gb Available in Paging File | 85,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 118,89 Gb Free Space | 63,82% Space Free | Partition Type: NTFS
Drive D: | 254,45 Gb Total Space | 239,98 Gb Free Space | 94,31% Space Free | Partition Type: NTFS

Computer Name: HELGE2 | User Name: Anna och Fredrik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{58B1C341-6DD6-4D0F-A953-53C335DC2F56}" = Windows Live Family Safety
"{5B9F1BB4-4C06-41E8-877D-B458742B0D0A}" = Fresco Logic USB3.0 Host Controller
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6D8CEB72-EF89-3670-8133-966AF0CCDA86}" = Microsoft .NET Framework 4 Extended SVE Language Pack
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{856A0713-BB96-4192-B48A-2488A0B871E1}" = Windows Live Family Safety
"{88387B3B-B110-392F-B919-1A15B48F21D4}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-041D-1000-0000000FF1CE}" = Microsoft Office Klicka-och-kör 2010
"{927F223D-51AC-468B-8997-92E2F4B042D6}" = Windows Live Family Safety
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{96CC6DCC-8EBA-3F85-899B-933F599C4142}" = Microsoft .NET Framework 4 Client Profile SVE Language Pack
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{A2C55034-8DAF-3755-BA85-CC321707FE99}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.54
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C9}" = WinZip 16.0
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D0F8B50E-0D86-4E49-9540-DF785CCAC5A5}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{F1C4B89A-8BF0-3D7C-8095-BAE412FBEA3F}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{F896D026-9016-4122-B9BD-957FF092FFE9}" = SpyHunter
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Elantech" = ETDWare PS/2-x64 7.0.5.16_WHQL
"Matlab R2011b" = MATLAB R2011b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile SVE Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - SVE
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended SVE Language Pack" = Microsoft .NET Framework 4 Extended Language Pack - SVE
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003F0946-46C7-4EDD-93E7-021B1F80D26F}" = MPLAB Tools v8.73a
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B2748C3-E209-4163-9E87-110237B7F0F4}" = Switch King Client
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{21F342AD-E827-48AD-9D67-8D5183A5E639}" = FCClientPlus_Setup
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2818ADC7-C1FB-40A8-BE6B-36B62682E9E8}" = PICkit 2 v2.61
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35C938B6-F72A-4D92-B8B5-A1F0F9B1DC76}" = Handelsbankens kortläsare
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140011-0066-041D-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - svenska
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-041D-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1053-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Svenska
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ASUS WebStorage" = ASUS WebStorage
"Asus Vibe2.0" = AsusVibe2.0
"ASUS_Screensaver" = ASUS_Screensaver
"Bamse1.0" = Bamse
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"DivX Setup" = DivX Setup
"F-Secure Product 277" = Glocalnet Säkerhetspaket
"Google Chrome" = Google Chrome
"Governor of Poker" = Governor of Poker
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"InstallShield_{003F0946-46C7-4EDD-93E7-021B1F80D26F}" = MPLAB Tools v8.73a
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
"InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"Jewel Quest 3" = Jewel Quest 3
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Office14.Click2Run" = Microsoft Office Klicka-och-kör 2010
"Personal" = BankID säkerhetsprogram 4.18.1
"PICC 9.81" = HI-TECH C Compiler for the PIC10/12/16 MCUs V9.81PL0
"PieceOfCake 2011" = PieceOfCake 2011
"Plants vs Zombies" = Plants vs Zombies
"Room328Designer" = Room328Designer
"Spotify" = Spotify
"Telia mobile broadband" = Telia mobile broadband
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"VLC media player" = VLC media player 2.0.1
"World of Goo" = World of Goo

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-206811873-1161547385-2694278228-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012-08-08 16:08:15 | Computer Name = Helge2 | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 867 2012-08-08 22:08:15+02:00 HELGE2 Helge2\Anna och Fredrik
F-Secure Anti-Virus Malicious code found in file C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000008.$.
Infection: Trojan.Sirefef.GZ

Error - 2012-08-08 16:08:16 | Computer Name = Helge2 | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 868 2012-08-08 22:08:16+02:00 HELGE2 Helge2\Anna och Fredrik
F-Secure Anti-Virus Malicious code found in file C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000004.$.
Infection: Trojan.Sirefef.GY

Error - 2012-08-08 16:08:17 | Computer Name = Helge2 | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 869 2012-08-08 22:08:17+02:00 HELGE2 Helge2\Anna och Fredrik
F-Secure Anti-Virus Malicious code found in file C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.$.
Infection: Trojan:W64/Zaccess.G

Error - 2012-08-08 16:08:18 | Computer Name = Helge2 | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 870 2012-08-08 22:08:18+02:00 HELGE2 Helge2\Anna och Fredrik
F-Secure Anti-Virus Malicious code found in file C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000000.$.
Infection: Trojan:W64/Zaccess.R

Error - 2012-08-08 16:08:21 | Computer Name = Helge2 | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 871 2012-08-08 22:08:21+02:00 HELGE2 Helge2\Anna och Fredrik
F-Secure Anti-Virus Malicious code found in file C:\Windows\System32\services.exe.
Infection: Virus:W64/ZeroAccess.B

Error - 2012-08-08 16:08:21 | Computer Name = Helge2 | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 872 2012-08-08 22:08:21+02:00 HELGE2 Helge2\Anna och Fredrik
F-Secure Anti-Virus Malicious code found in file C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000064.$.
Infection: Trojan.Sirefef.II

Error - 2012-08-08 16:08:23 | Computer Name = Helge2 | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 873 2012-08-08 22:08:23+02:00 HELGE2 Helge2\Anna och Fredrik
F-Secure Anti-Virus Malicious code found in file C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000000.$.
Infection: Trojan:W64/Zaccess.R

Error - 2012-08-08 16:08:23 | Computer Name = Helge2 | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 874 2012-08-08 22:08:23+02:00 HELGE2 Helge2\Anna och Fredrik
F-Secure Anti-Virus Malicious code found in file C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000004.$.
Infection: Trojan.Sirefef.GY

Error - 2012-08-08 16:08:23 | Computer Name = Helge2 | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 875 2012-08-08 22:08:23+02:00 HELGE2 Helge2\Anna och Fredrik
F-Secure Anti-Virus Malicious code found in file C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.$.
Infection: Trojan:W64/Zaccess.G

Error - 2012-08-08 16:08:29 | Computer Name = Helge2 | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 876 2012-08-08 22:08:29+02:00 HELGE2 Helge2\Anna och Fredrik
F-Secure Anti-Virus Malicious code found in file C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000064.$.
Infection: Trojan.Sirefef.II

Error - 2012-08-08 16:08:29 | Computer Name = Helge2 | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 877 2012-08-08 22:08:29+02:00 HELGE2 Helge2\Anna och Fredrik
F-Secure Anti-Virus Malicious code found in file C:\Windows\Installer\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.$.
Infection: Trojan:W64/Zaccess.G

[ Media Center Events ]
Error - 2012-08-07 15:46:22 | Computer Name = Helge2 | Source = MCUpdate | ID = 0
Description = 21:46:19 - Ett fel inträffade under anslutningen till Internet. 21:46:19
- Det gick inte att kontakta servern..

Error - 2012-08-07 16:46:27 | Computer Name = Helge2 | Source = MCUpdate | ID = 0
Description = 22:46:27 - Ett fel inträffade under anslutningen till Internet. 22:46:27
- Det gick inte att kontakta servern..

Error - 2012-08-07 16:46:36 | Computer Name = Helge2 | Source = MCUpdate | ID = 0
Description = 22:46:32 - Ett fel inträffade under anslutningen till Internet. 22:46:32
- Det gick inte att kontakta servern..

Error - 2012-08-07 17:46:56 | Computer Name = Helge2 | Source = MCUpdate | ID = 0
Description = 23:46:56 - Kunde inte hämta MCESpotlight-2.cab (Fel: BITS 0x80070424)

Error - 2012-08-07 17:46:58 | Computer Name = Helge2 | Source = MCUpdate | ID = 0
Description = 23:46:57 - Kunde inte hämta UpdateableMarkup-2.cab (Fel: BITS 0x80070424)

Error - 2012-08-07 18:50:10 | Computer Name = Helge2 | Source = MCUpdate | ID = 0
Description = 00:50:10 - Kunde inte hämta MCESpotlight-2.cab (Fel: BITS 0x80070424)

Error - 2012-08-07 18:50:16 | Computer Name = Helge2 | Source = MCUpdate | ID = 0
Description = 00:50:12 - Kunde inte hämta UpdateableMarkup-2.cab (Fel: BITS 0x80070424)

Error - 2012-08-08 15:25:14 | Computer Name = Helge2 | Source = MCUpdate | ID = 0
Description = 21:25:14 - Kunde inte hämta MCESpotlight-2.cab (Fel: BITS 0x80070424)

Error - 2012-08-08 15:25:17 | Computer Name = Helge2 | Source = MCUpdate | ID = 0
Description = 21:25:17 - Kunde inte hämta UpdateableMarkup-2.cab (Fel: BITS 0x80070424)

Error - 2012-09-22 07:57:27 | Computer Name = Helge2 | Source = MCUpdate | ID = 0
Description = 13:57:24 - Ett fel inträffade under anslutningen till Internet. 13:57:24
- Det gick inte att kontakta servern..

[ System Events ]
Error - 2012-08-08 15:14:46 | Computer Name = Helge2 | Source = Service Control Manager | ID = 7001
Description = Tjänsten Computer Browser är beroende av tjänsten Server. Den sistnämnda
kunde inte starta på grund av följande fel: %%1068

Error - 2012-08-08 15:14:46 | Computer Name = Helge2 | Source = Service Control Manager | ID = 7003
Description = Tjänsten IKE and AuthIP IPsec Keying Modules är beroende av följande
tjänst: bfe. Tjänsten är kanske inte installerad.

Error - 2012-08-08 15:14:46 | Computer Name = Helge2 | Source = Service Control Manager | ID = 7003
Description = Tjänsten IPsec Policy Agent är beroende av följande tjänst: bfe. Tjänsten
är kanske inte installerad.

Error - 2012-08-08 15:14:50 | Computer Name = Helge2 | Source = Service Control Manager | ID = 7001
Description = Tjänsten Client Virtualization Handler är beroende av tjänsten Application
Virtualization Client. Den sistnämnda kunde inte starta på grund av följande fel:
%%1068

Error - 2012-08-08 15:14:53 | Computer Name = Helge2 | Source = Service Control Manager | ID = 7026
Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av
fel under start: ATKWMIACPIIO discache FSES FSFW spldr Wanarpv6

Error - 2012-08-08 15:15:26 | Computer Name = Helge2 | Source = DCOM | ID = 10005
Description =

Error - 2012-08-08 15:15:31 | Computer Name = Helge2 | Source = DCOM | ID = 10005
Description =

Error - 2012-08-08 15:15:32 | Computer Name = Helge2 | Source = DCOM | ID = 10005
Description =

Error - 2012-08-08 15:15:32 | Computer Name = Helge2 | Source = DCOM | ID = 10005
Description =

Error - 2012-08-08 15:15:33 | Computer Name = Helge2 | Source = Service Control Manager | ID = 7001
Description = Tjänsten HomeGroup Provider är beroende av tjänsten Function Discovery
Provider Host. Den sistnämnda kunde inte starta på grund av följande fel: %%1068


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\S-1-5-21-206811873-1161547385-2694278228-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
    [2012-09-22 23:30:41 | 000,000,000 | ---D | C] -- C:\FRST
    [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "ThreadingModel" = Both
    "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\wbemess.dll
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:41099CE9
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:5D458568
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:029E021F
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-206811873-1161547385-2694278228-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.
C:\FRST\Quarantine\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U folder moved successfully.
C:\FRST\Quarantine\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L folder moved successfully.
C:\FRST\Quarantine\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\{648c7366-661d-8c7c-a2b5-bfc01b210a94} folder moved successfully.
C:\FRST\Quarantine\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U folder moved successfully.
C:\FRST\Quarantine\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\L folder moved successfully.
C:\FRST\Quarantine\{648c7366-661d-8c7c-a2b5-bfc01b210a94} folder moved successfully.
Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
ADS C:\ProgramData\Temp:41099CE9 deleted successfully.
ADS C:\ProgramData\Temp:5D458568 deleted successfully.
ADS C:\ProgramData\Temp:029E021F deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anna och Fredrik
->Temp folder emptied: 196508 bytes
->Temporary Internet Files folder emptied: 518553105 bytes
->Java cache emptied: 783699 bytes
->Flash cache emptied: 127140 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1524277 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10980 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 5700162 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50416 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 503,00 mb


[EMPTYJAVA]

User: All Users

User: Anna och Fredrik
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Anna och Fredrik
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.66.0 log created on 09232012_222148
Files\Folders moved on Reboot...
File\Folder C:\FRST\Quarantine not found!
C:\Users\Anna och Fredrik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Anna och Fredrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UXIFXDVX\ads[2].htm moved successfully.
C:\Users\Anna och Fredrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Anna och Fredrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Glocalnet S„kerhetspaket 9.12
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java(TM) 6 Update 29
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X (10.1.4)
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Glocalnet Sakerhetspaket Anti-Virus fsgk32st.exe
Glocalnet Sakerhetspaket Anti-Virus FSGK32.EXE
Glocalnet Sakerhetspaket Anti-Virus fssm32.exe
Glocalnet Sakerhetspaket Anti-Virus fsav32.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 19-09-2012
Ran by Anna och Fredrik (administrator) on 23-09-2012 at 22:40:01
Running from "C:\Users\Anna och Fredrik\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
# AdwCleaner v2.003 - Logfile created 09/23/2012 at 22:48:14
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Anna och Fredrik - HELGE2
# Boot Mode : Normal
# Running from : C:\Users\Anna och Fredrik\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\ProgramData\Partner
***** [Registry] *****

***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-206811873-1161547385-2694278228-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
*************************
AdwCleaner[S1].txt - [1234 octets] - [23/09/2012 22:48:14]
########## EOF - C:\AdwCleaner[S1].txt - [1294 octets] ##########
 
Results from scanning with ESET:

C:\_OTL\MovedFiles\09232012_222148\C_\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
C:\_OTL\MovedFiles\09232012_222148\C_FRST\Quarantine\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000004.$ Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\09232012_222148\C_FRST\Quarantine\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\00000008.$ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\09232012_222148\C_FRST\Quarantine\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\000000cb.$ Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\09232012_222148\C_FRST\Quarantine\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000000.$ Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\09232012_222148\C_FRST\Quarantine\{648c7366-661d-8c7c-a2b5-bfc01b210a94}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
 
Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

====================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

13. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anna och Fredrik
->Temp folder emptied: 1023530 bytes
->Temporary Internet Files folder emptied: 27660073 bytes
->Java cache emptied: 3751 bytes
->Flash cache emptied: 492 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5070 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 27,00 mb


[EMPTYFLASH]

User: All Users

User: Anna och Fredrik
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Anna och Fredrik
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.66.0 log created on 09242012_015414
Files\Folders moved on Reboot...
C:\Users\Anna och Fredrik\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Anna och Fredrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A7OW1CDJ\ads[6].htm moved successfully.
C:\Users\Anna och Fredrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Anna och Fredrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
Back