All processes killed
========== OTL ==========
Error: No service named iWinTrusted was found to stop!
Service\Driver key iWinTrusted not found.
File C:\Program Files\iWin Games\iWinTrusted.exe not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{acd5502e-a742-4cf9-90d5-3959c330053f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{acd5502e-a742-4cf9-90d5-3959c330053f}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{acd5502e-a742-4cf9-90d5-3959c330053f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{acd5502e-a742-4cf9-90d5-3959c330053f}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "http://search.babylon.com/?babsrc=HP_ss&affID=101240&mntrId=23ee16fd000000000000000000000000" removed from browser.startup.homepage
Prefs.js: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 removed from extensions.enabledItems
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\bbrs_002@blabbers.com\components folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\bbrs_002@blabbers.com\chrome\content\cache folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\bbrs_002@blabbers.com\chrome\content folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\bbrs_002@blabbers.com\chrome folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\bbrs_002@blabbers.com folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\Barbro\AppData\Roaming\Mozilla\Firefox\Profiles\ox3qfrey.default\searchplugins\askcom.xml moved successfully.
C:\Users\Barbro\AppData\Roaming\Mozilla\Firefox\Profiles\ox3qfrey.default\searchplugins\SweetIM Search.xml moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
File C:\Program Files\Uninstall myWebFace.dll not found.
C:\Windows\Tasks\At1.job moved successfully.
ADS C:\ProgramData\Temp:65929158 deleted successfully.
ADS C:\ProgramData\Temp:D48500F8 deleted successfully.
ADS C:\ProgramData\Temp:DF462FF6 deleted successfully.
ADS C:\ProgramData\Temp:2D133896 deleted successfully.
ADS C:\ProgramData\Temp:9195103F deleted successfully.
ADS C:\ProgramData\Temp:32D562A3 deleted successfully.
ADS C:\ProgramData\Temp:54380FEC deleted successfully.
ADS C:\ProgramData\Temp:2652902F deleted successfully.
ADS C:\ProgramData\Temp:65C4D44A deleted successfully.
ADS C:\ProgramData\Temp:012BC84F deleted successfully.
ADS C:\ProgramData\Temp:C5CE2DF6 deleted successfully.
ADS C:\ProgramData\Temp:1B389835 deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files\iWin Games not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: All Users
User: Barbro
->Temp folder emptied: 5919318 bytes
->Temporary Internet Files folder emptied: 6974927 bytes
->Java cache emptied: 31830243 bytes
->FireFox cache emptied: 42934318 bytes
->Google Chrome cache emptied: 94503994 bytes
->Flash cache emptied: 962 bytes
User: Barbros andra konto
->Temp folder emptied: 934 bytes
->Temporary Internet Files folder emptied: 804 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gäst
->Temp folder emptied: 4831832 bytes
->Temporary Internet Files folder emptied: 17556270 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6859348 bytes
->Flash cache emptied: 2157 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 768262 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 575561795 bytes
Total Files Cleaned = 751,00 mb
OTL by OldTimer - Version 3.2.48.0 log created on 06112012_225203
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Och här kommer OTL.txt
OTL logfile created on: 2012-06-11 23:05:16 - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Barbro\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd
2,75 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 53,46% Memory free
5,69 Gb Paging File | 4,32 Gb Available in Paging File | 75,93% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,11 Gb Total Space | 120,84 Gb Free Space | 54,40% Space Free | Partition Type: NTFS
Drive D: | 10,77 Gb Total Space | 1,27 Gb Free Space | 11,84% Space Free | Partition Type: NTFS
Computer Name: LILLFJÖSA | User Name: Barbro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Barbro\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Personal\bin\Personal.exe (Technology Nexus AB)
PRC - C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ekort\ekort.exe (Orbiscom Ltd. All rights reserved.)
PRC - C:\Windows\System32\OBroker.exe ()
PRC - C:\Program Files\SMINST\BLService.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Users\Barbro\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Barbro\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll ()
MOD - C:\Users\Barbro\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll ()
MOD - C:\Users\Barbro\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll ()
MOD - C:\Users\Barbro\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll ()
MOD - C:\Users\Barbro\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll ()
MOD - C:\Users\Barbro\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll ()
MOD - C:\Users\Barbro\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll ()
MOD - C:\Users\Barbro\AppData\Local\Google\Chrome\APPLIC~1\190108~1.52\gcswf32.dll ()
MOD - C:\Windows\System32\OBroker.exe ()
MOD - C:\Program Files\ekort\EkortRes.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
========== Win32 Services (SafeList) ==========
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (CronService) -- C:\Prey\platform\windows\cronsvc.exe (Fork Ltd.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (cpuz134) -- C:\Users\Barbro\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (CpqDfw) -- system32\drivers\CpqDfw.sys File not found
DRV - (adfs) -- File not found
DRV - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (Tdsshbecr) -- C:\Windows\System32\drivers\shbecr.sys (Todos Data System AB)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (TdsNordecr) -- C:\Windows\System32\drivers\nordecr.sys (Todos Data System AB)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (cmusbser) -- C:\Windows\System32\drivers\cmusbser.sys (Cmotech Co.,Ltd)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...resario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{187177AA-32E0-4B7D-BD86-02AA8E35F858}: "URL" =
http://se.kelkoopart...tnerId=96913934
IE - HKLM\..\SearchScopes\{5829A8D3-4B0A-4239-8F28-D125CE413ABA}: "URL" =
http://slirsredirect...hpcnnbie7-sv-se
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{B30ECFC4-6992-427B-B323-48C291D7121E}: "URL" =
http://se.search.yah...p06&type=ie2008
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...resario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 87 1A A5 64 ED CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {F177DC02-4BBF-47AF-9610-E26362C6760F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5848BDB9-7642-420C-80CE-4084BAB6CA6A}: "URL" =
http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{845D1E69-6B58-4E7F-BEDE-77DD66630188}: "URL" =
http://search.imgag....q={searchTerms}
IE - HKCU\..\SearchScopes\{A5666666-D91D-4FCE-B90C-B71C8978D5F0}: "URL" =
http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{F177DC02-4BBF-47AF-9610-E26362C6760F}: "URL" =
http://www.google.se...1I7ADFA_svSE368
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "http://search.myheritage.com/"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Barbro\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Barbro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Barbro\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2010-09-24 09:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barbro\AppData\Roaming\mozilla\Extensions
[2012-06-11 22:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions
[2010-09-25 14:40:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
File not found (No name found) -- C:\USERS\BARBRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OX3QFREY.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
File not found (No name found) -- C:\USERS\BARBRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OX3QFREY.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
========== Chrome ==========
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url =
http://search.condui...&ctid=CT3196716
CHR - default_search_provider: suggest_url =
http://search.conduit.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Barbro\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Barbro\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Barbro\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Barbro\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: (Enabled) = C:\Users\Barbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program Files\Personal\bin\np_prsnl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Barbro\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Barbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: WiseConvert = C:\Users\Barbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm\2.3.10.3_0\
CHR - Extension: S\u00F6k p\u00E5 Google = C:\Users\Barbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Barbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Gmail = C:\Users\Barbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2010-03-13 23:15:32 | 000,000,743 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (e-kort Helper Class) - {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program Files\ekort\EKortHelper.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (e-kort Toolbar) - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program Files\ekort\EKortToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [e-kort] C:\PROGRA~1\ekort\ekort.exe /dontopenmycards /Autostart File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O8 - Extra context menu item: &AOL Verktygsfalt Sök - C:\ProgramData\AOL\ieToolbar\resources\sv-SE\local\search.html ()
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([maps] http in Tillförlitliga platser)
O15 - HKCU\..Trusted Domains: google.com ([www] * in Tillförlitliga platser)
O15 - HKCU\..Trusted Domains: svenskaspel.se ([]https in Tillförlitliga platser)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In
https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.150.135.210 195.58.103.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1245F13-1352-4F6D-A807-46D3C726C612}: DhcpNameServer = 213.150.135.210 195.58.103.21
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Barbro\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivbordsunderlägg från Windows Fotogalleri.jpg
O24 - Desktop BackupWallPaper: C:\Users\Barbro\AppData\Roaming\Microsoft\Windows Photo Gallery\Skrivbordsunderlägg från Windows Fotogalleri.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1e0252c3-b6a1-11de-a975-001f16dc2123}\Shell - "" = AutoRun
O33 - MountPoints2\{68001cba-b1ff-11de-8eae-001f16dc2123}\Shell - "" = AutoRun
O33 - MountPoints2\{de4e503a-b1fa-11de-a0e2-001f16dc2123}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012-06-11 22:52:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-06-11 01:01:12 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Barbro\Desktop\OTL (1).exe
[2012-06-11 00:48:43 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Barbro\Desktop\OTL.exe
[2012-06-10 20:11:07 | 000,000,000 | ---D | C] -- C:\Users\Barbro\Desktop\nytt spel
[2012-06-10 18:44:44 | 000,758,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\cohelper.dll
[2012-06-10 18:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012-06-08 20:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadManager
[2012-06-08 14:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012-06-06 21:58:47 | 000,000,000 | ---D | C] -- C:\Users\Barbro\AppData\Roaming\tabagames
[2012-06-06 21:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Foxy Games
[2012-06-06 16:06:20 | 000,000,000 | ---D | C] -- C:\Users\Barbro\Desktop\trädgården i buan
[2012-06-05 09:31:22 | 000,181,432 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012-06-05 09:31:22 | 000,080,824 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012-06-05 09:29:40 | 000,000,000 | ---D | C] -- C:\Users\Barbro\{ac239467-752b-4e9e-97b9-01050995d697}
[2012-06-05 03:20:58 | 000,000,000 | ---D | C] -- C:\Users\Barbro\{e076e13d-ca7c-4fbc-8201-fa62df3d30c2}
[2012-06-05 02:33:08 | 000,000,000 | ---D | C] -- C:\Users\Barbro\{055a0c07-33c1-479f-97c5-343c47c70a52}
[2012-06-05 01:49:01 | 000,000,000 | ---D | C] -- C:\Users\Barbro\{123fdbe3-e81f-4e5c-9bd1-e04db044595d}
[2012-06-05 01:19:09 | 000,000,000 | ---D | C] -- C:\Users\Barbro\AppData\Local\CRE
[2012-06-03 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\Barbro\AppData\Roaming\FlyWheelGames
[2012-06-02 22:44:30 | 000,000,000 | ---D | C] -- C:\Users\Barbro\AppData\Roaming\Boomzap
[2012-06-02 20:28:32 | 000,000,000 | ---D | C] -- C:\Users\Barbro\Documents\meja
[2012-05-28 22:28:27 | 000,000,000 | ---D | C] -- C:\Users\Barbro\AppData\Roaming\AlawarEntertainment
[2012-05-25 21:49:52 | 000,000,000 | ---D | C] -- C:\Users\Barbro\AppData\Roaming\Deep Shadows
[2012-05-22 00:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Fenomen Games
[1 C:\Users\Barbro\Desktop\*.tmp files -> C:\Users\Barbro\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012-06-11 23:15:26 | 000,000,029 | ---- | M] () -- C:\Windows\System32\TempWmicBatchFile.bat
[2012-06-11 23:07:03 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2228199297-1119499972-301306468-1000UA.job
[2012-06-11 22:57:43 | 000,000,248 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012-06-11 22:57:24 | 000,130,914 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012-06-11 22:56:01 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-11 22:55:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-06-11 22:55:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-06-11 22:55:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-06-11 22:35:01 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-11 22:31:12 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8DAEF6AF-A4E9-4804-A7EA-2C39C42154A9}.job
[2012-06-11 01:01:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Barbro\Desktop\OTL (1).exe
[2012-06-11 00:48:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Barbro\Desktop\OTL.exe
[2012-06-11 00:06:18 | 000,095,112 | ---- | M] () -- C:\Users\Barbro\Desktop\0134.gif
[2012-06-11 00:04:18 | 000,028,886 | ---- | M] () -- C:\Users\Barbro\Desktop\0064.gif
[2012-06-11 00:03:32 | 000,006,421 | ---- | M] () -- C:\Users\Barbro\Desktop\0047.gif
[2012-06-11 00:02:18 | 000,013,023 | ---- | M] () -- C:\Users\Barbro\Desktop\0008.gif
[2012-06-10 23:47:56 | 000,055,835 | ---- | M] () -- C:\Users\Barbro\Desktop\422970_10150531359224856_1073514613_n.jpg
[2012-06-10 23:39:11 | 000,736,560 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
[2012-06-10 23:39:11 | 000,565,506 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2012-06-10 23:39:11 | 000,550,808 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2012-06-10 23:39:11 | 000,173,530 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
[2012-06-10 23:39:11 | 000,131,514 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2012-06-10 23:39:10 | 000,709,488 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-06-10 23:39:10 | 000,578,168 | ---- | M] () -- C:\Windows\System32\perfh006.dat
[2012-06-10 23:39:10 | 000,153,720 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-06-10 23:39:10 | 000,136,998 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2012-06-10 23:39:10 | 000,132,796 | ---- | M] () -- C:\Windows\System32\perfc006.dat
[2012-06-10 20:42:57 | 000,002,254 | ---- | M] () -- C:\Users\Barbro\Desktop\Fabled Legends The Dark Piper CE.lnk
[2012-06-10 18:23:58 | 000,008,484 | ---- | M] () -- C:\Users\Barbro\AppData\Local\d3d9caps.dat
[2012-06-06 21:00:57 | 000,174,419 | ---- | M] () -- C:\Users\Barbro\Desktop\Scan001 (1).pdf
[2012-06-05 02:16:40 | 092,022,784 | ---- | M] () -- C:\Users\Barbro\Desktop\Samsung Kies.msi
[2012-06-05 02:16:28 | 000,003,584 | ---- | M] () -- C:\Users\Barbro\Desktop\1033.MST
[2012-06-05 02:16:26 | 000,021,494 | ---- | M] () -- C:\Users\Barbro\Desktop\0x0409.ini
[2012-06-04 16:07:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2228199297-1119499972-301306468-1000Core.job
[2012-06-04 15:01:23 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012-05-30 19:42:27 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBarbro.job
[2012-05-28 16:48:28 | 000,001,648 | ---- | M] () -- C:\Users\Barbro\Desktop\WS_FTP95 - genväg (2).lnk
[2012-05-28 16:14:41 | 000,203,264 | ---- | M] () -- C:\Users\Barbro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-05-24 01:35:10 | 000,013,280 | ---- | M] () -- C:\Users\Barbro\Desktop\315289_20120509_920968201.pdf
[2012-05-23 23:34:02 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012-05-23 18:50:06 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2012-05-21 04:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2012-05-21 04:09:00 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2012-05-13 15:52:04 | 002,504,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Barbro\Desktop\*.tmp files -> C:\Users\Barbro\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012-06-11 00:06:21 | 000,095,112 | ---- | C] () -- C:\Users\Barbro\Desktop\0134.gif
[2012-06-11 00:04:23 | 000,028,886 | ---- | C] () -- C:\Users\Barbro\Desktop\0064.gif
[2012-06-11 00:03:35 | 000,006,421 | ---- | C] () -- C:\Users\Barbro\Desktop\0047.gif
[2012-06-11 00:02:23 | 000,013,023 | ---- | C] () -- C:\Users\Barbro\Desktop\0008.gif
[2012-06-10 23:48:06 | 000,055,835 | ---- | C] () -- C:\Users\Barbro\Desktop\422970_10150531359224856_1073514613_n.jpg
[2012-06-10 20:42:57 | 000,002,254 | ---- | C] () -- C:\Users\Barbro\Desktop\Fabled Legends The Dark Piper CE.lnk
[2012-06-06 21:00:57 | 000,174,419 | ---- | C] () -- C:\Users\Barbro\Desktop\Scan001 (1).pdf
[2012-06-05 02:17:02 | 000,021,494 | ---- | C] () -- C:\Users\Barbro\Desktop\0x0409.ini
[2012-06-05 02:17:02 | 000,003,584 | ---- | C] () -- C:\Users\Barbro\Desktop\1033.MST
[2012-06-05 02:17:01 | 092,022,784 | ---- | C] () -- C:\Users\Barbro\Desktop\Samsung Kies.msi
[2012-05-28 16:48:28 | 000,001,648 | ---- | C] () -- C:\Users\Barbro\Desktop\WS_FTP95 - genväg (2).lnk
[2012-05-24 01:35:10 | 000,013,280 | ---- | C] () -- C:\Users\Barbro\Desktop\315289_20120509_920968201.pdf
[2011-11-29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011-11-29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011-11-29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011-11-29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011-10-22 02:14:07 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011-10-22 02:14:07 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011-10-11 19:34:14 | 000,001,660 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2011-10-02 21:56:40 | 000,000,272 | ---- | C] () -- C:\Windows\reimage.ini
[2011-06-25 18:16:47 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011-06-25 18:16:47 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010-06-13 23:40:34 | 000,323,072 | ---- | C] () -- C:\Windows\System32\WgaTray.exe
[2010-06-13 23:40:34 | 000,190,976 | ---- | C] () -- C:\Windows\System32\WgaLogon.dll
< End of report >
Jag skall kolla hur datorn fungerar nu och återkommer imorgon. Men jag såg att Babylon fanns kvar. Hur får man bort den? /Barbro
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Cecilia, den 11 jun 2012, 12:21, sa:
Avinstallera "iWin Games" pga av kommentarerna på
http://www.mywot.com...recard/iwin.com
Flytta OTL från mappen C:\Users\Barbro\Contacts\Downloads till skrivbordet.
Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.
Hur? Se
http://www.bleepingc...opic114351.html
Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).
Kopiera alla raderna i rutan:
:OTL
SRV - (iWinTrusted) -- C:\Program Files\iWin Games\iWinTrusted.exe (iWin Inc.)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware....php?rvs=hompag
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\SearchScopes\{acd5502e-a742-4cf9-90d5-3959c330053f}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000000000000000
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000000000000000
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...F-00EDBD599455
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpr...q={searchTerms}
IE - HKCU\..\SearchScopes\{acd5502e-a742-4cf9-90d5-3959c330053f}: "URL" = http://search.mywebs...r={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_ss&affID=101240&mntrId=23ee16fd000000000000000000000000"
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
[2011-12-11 01:35:10 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011-12-13 07:02:13 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\bbrs_002@blabbers.com
[2012-06-10 16:47:52 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Barbro\AppData\Roaming\mozilla\Firefox\Profiles\ox3qfrey.default\extensions\ffxtlbr@babylon.com
[2011-11-17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Barbro\AppData\Roaming\Mozilla\Firefox\Profiles\ox3qfrey.default\searchplugins\askcom.xml
[2011-07-29 22:06:22 | 000,003,915 | ---- | M] () -- C:\Users\Barbro\AppData\Roaming\Mozilla\Firefox\Profiles\ox3qfrey.default\searchplugins\SweetIM Search.xml
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...&ctid=CT3196716
CHR - default_search_provider: suggest_url = http://search.conduit.com/
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
[2012-06-11 00:51:40 | 000,675,840 | ---- | C] (myWebFace) -- C:\Program Files\Uninstall myWebFace.dll
[2012-06-04 14:17:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job
@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:65929158
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:D48500F8
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:DF462FF6
@Alternate Data Stream - 177 bytes -> C:\ProgramData\Temp:2D133896
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:9195103F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:32D562A3
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:54380FEC
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2652902F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:65C4D44A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:012BC84F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:C5CE2DF6
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:1B389835
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:CB0AACC9
:Reg
:Files
C:\Program Files\iWin Games
:Commands
[CREATERESTOREPOINT]
[EMPTYTEMP]
[REBOOT]
Klistra in dem i rutan Custom Scans/Fixes. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.
Tryck på Run Fix.
Om du blir tillfrågad om att starta om datorn så gör det.
Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.
Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.
Se till att aktivera antivirusprogram mm innan du ansluter datorn till internet.
Kör OTL på samma sätt som första gången och klistra in OTL.txt.
Hur är datorn nu?
Logga in
Bli medlem
Attach.txt (18,5Kb)
Citera flera inlägg
