Just nu i M3-nätverket
Gå till innehåll

KennethT

Medlem
  • Antal inlägg

    17
  • Gick med

  • Senaste besök

Om KennethT

  • Medlemstitel
    Användare

Profil

  • Kön
    Man

Senaste profilbesöken

Blocket med senaste besökare är inaktiverat och visas inte för andra besökare.

  1. Lysande mbgtmari ! Det var Internet Explorer setting for saving encrypted pages to disk (below) som skulle ställas om. Märkligt kan jag tycka men uppenbarligen skiljer sig Office 2010 från 2016 så att detta har betydelse. Hade jag aldrig övervägt. Än en gång Stort Tack!!!
  2. Några skärmbilder. Testade också att i mailtexten lägga in en bild. Det funkade! Så nu...förstår jag ingenting.. 😞
  3. Meddelandet "Det går inte att visa..." i Oulook 2016 irriterar. Nyligen uppdaterat till 2016 från 2010 och detta är en besvikelse. Inga andra inställningar har ändrats t ex rörande viruspgm. Rutan med "Ladda inte ner bilder..." har avmarkerats. Slut på idéer. Tips någon?
  4. Hej Cecilia!

    Den bästa tillgången på nätet när alla andra supporter gått bet...

    Jag har sökt få Microsoft support att hjälpa mig med ett problem i Outlook 2016. Jag har ett Exchange konto till min email. Problemet nu är att bifogade bilder inte visas. Det gjorde det tidigare i Outlook 2010. Inga ändringar har gjorts i mitt Kaspersky eller Malwarebytes. I en inställning under Säkerhetscenter har jag avmarkerat att bifogade bilder inte ska blockas.

    Har även sökt den registerpost som i någon tråd skulle tas bort men registrets sökning hittade inte den. Suck.. Har du någon idé?

    Mvh

    Kenneth

    1. Cecilia

      Cecilia

      Hej Kenneth!

      Jag har inte använt Outlook på minst 15 år så jag har ingen aning. Fråga i forumet i stället.

  5. Nu funkar allt igen Stoooort tack Pelle och Cecilia!
  6. Får följande felmeddelande när jag startar Outlook: fel 0x80040126. Går inte att utföra åtgärden eftersom anslutning till server frånkopplad fel 0x8004102A och fel 0x80041004 när mapphierarkin skulle synkas fel 0x8DE00005 fel vid synk öppna epost på webben. Fel 3219 Min hotmail kan öppnas i webben och webben funkar, så vad betyder "anslutning till server frånkopplad"? Vad ska jag göra? Mvh Kenneth
  7. Hej Nedan OTL, fil bifogas även. Mitt problem med behörighet att läsa mappar, t ex Documents and settings har inte lösts än. Hur kan man göra? Har inte hunnit googla på detta än men ska. Skapande av filen Extras gick inte. Tidigare under dagen har jag dock lyckats. Återkommer. Mvh Kenneth OTL logfile created on: 4/1/2012 12:41:57 AM - Run 6 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Kenneth\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd 3.37 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 47.21% Memory free 6.74 Gb Paging File | 4.80 Gb Available in Paging File | 71.20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 5.57 Gb Free Space | 7.47% Space Free | Partition Type: NTFS Drive D: | 4.02 Gb Total Space | 0.76 Gb Free Space | 18.78% Space Free | Partition Type: NTFS Drive F: | 186.30 Gb Total Space | 42.54 Gb Free Space | 22.83% Space Free | Partition Type: NTFS Drive G: | 1863.02 Gb Total Space | 1138.18 Gb Free Space | 61.09% Space Free | Partition Type: NTFS Computer Name: KENNETH-PC | User Name: Kenneth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/03/30 23:40:47 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kenneth\Desktop\OTL.exe PRC - [2012/01/27 15:23:54 | 002,077,536 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2011/12/17 22:42:20 | 000,296,056 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2011/02/02 14:08:16 | 000,018,656 | -H-- | M] () -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2010/11/26 16:43:44 | 000,725,344 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/09/24 10:01:34 | 000,621,920 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010/07/21 18:36:28 | 000,921,952 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2010/06/25 22:32:34 | 000,515,424 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/06/25 22:32:31 | 000,308,136 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010/06/25 22:32:25 | 001,101,152 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010/06/25 22:32:23 | 000,842,592 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe PRC - [2010/06/09 01:47:48 | 001,531,904 | -H-- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2010/03/31 19:46:56 | 000,644,104 | -H-- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/10/19 04:12:00 | 001,983,816 | -H-- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009/10/14 16:43:06 | 003,217,368 | -H-- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\regmech.exe PRC - [2009/10/14 16:42:38 | 000,583,640 | -H-- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2009/10/14 16:42:38 | 000,104,408 | -H-- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2009/09/23 14:38:18 | 000,935,208 | -H-- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009/07/24 19:38:50 | 000,189,728 | -H-- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/07/14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2006/07/25 18:28:16 | 000,200,704 | -H-- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe PRC - [2006/07/25 18:28:10 | 000,057,344 | -H-- | M] (National Instruments, Inc.) -- C:\Windows\System32\lktsrv.exe PRC - [2006/07/25 18:28:02 | 000,045,056 | -H-- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkads.exe PRC - [2006/06/19 15:01:52 | 000,688,190 | -H-- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkcitdl.exe PRC - [2006/02/06 17:46:42 | 000,049,152 | -H-- | M] (National Instruments Corp.) -- C:\Windows\System32\nisvcloc.exe PRC - [2005/06/02 16:54:34 | 000,086,606 | -H-- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe PRC - [2005/04/11 19:10:22 | 000,065,536 | -H-- | M] (Realtek Semiconductor Corp.) -- C:\Windows\Alcmtr.exe PRC - [1998/08/25 08:17:40 | 000,143,360 | -H-- | M] (TransAction Software GmbH, D 81739 Munich) -- C:\PROGRA~1\COSIDS\tbcd\TBMUX32.EXE ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2012/03/31 10:37:02 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011/06/06 00:17:24 | 001,044,816 | -H-- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/02/02 14:08:16 | 000,018,656 | -H-- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010/07/21 18:36:28 | 000,921,952 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010/06/25 22:32:31 | 000,308,136 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/06/14 15:07:14 | 000,615,936 | -H-- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/05/27 01:40:41 | 001,343,400 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/10/14 16:42:38 | 000,583,640 | -H-- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2009/09/23 14:38:18 | 000,935,208 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/07/24 19:38:50 | 000,189,728 | -H-- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008/07/29 14:10:46 | 003,201,024 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90) SRV - [2006/07/25 18:28:16 | 000,200,704 | -H-- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2006/07/25 18:28:10 | 000,057,344 | -H-- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync) SRV - [2006/07/25 18:28:02 | 000,045,056 | -H-- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkads.exe -- (lkClassAds) SRV - [2006/06/27 20:55:28 | 001,007,616 | -H-- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2006/06/19 15:01:52 | 000,688,190 | -H-- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer) SRV - [2006/02/06 17:46:42 | 000,049,152 | -H-- | M] (National Instruments Corp.) [Auto | Running] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc) SRV - [2005/06/02 16:54:34 | 000,086,606 | -H-- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [1998/08/25 08:17:40 | 000,143,360 | -H-- | M] (TransAction Software GmbH, D 81739 Munich) [Auto | Running] -- C:\PROGRA~1\COSIDS\tbcd\TBMUX32.EXE -- (COSIDS_TB) ========== Driver Services (SafeList) ========== DRV - [2012/03/31 11:12:43 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight) DRV - [2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD) DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pctDS.sys -- (pctDS) DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore) DRV - [2011/09/17 13:28:22 | 000,029,712 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2011/07/06 19:52:42 | 000,041,272 | -H-- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011/06/05 23:20:43 | 000,233,024 | -H-- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/05/22 07:25:24 | 000,243,152 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/12/30 15:29:56 | 000,073,096 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2010/12/29 23:38:31 | 000,047,249 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2010/06/25 22:32:26 | 000,216,400 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/03/31 19:46:22 | 000,042,248 | -H-- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioOzone_DFU.sys -- (MADFUOZONE) DRV - [2010/03/31 19:46:20 | 000,158,344 | -H-- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioOzone.sys -- (MAUSBOZONE) DRV - [2010/03/12 19:22:18 | 000,081,920 | -H-- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2010/03/06 15:42:29 | 000,052,872 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86) DRV - [2010/02/26 14:32:58 | 000,008,192 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010/02/26 14:32:46 | 000,008,192 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010/02/26 14:32:44 | 000,022,528 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010/02/26 14:32:44 | 000,018,176 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009/09/28 10:22:00 | 000,315,392 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/07/14 03:19:10 | 000,175,824 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009/07/14 03:19:10 | 000,040,896 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009/07/14 03:19:10 | 000,028,224 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/14 01:28:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/14 01:28:45 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/14 00:09:17 | 004,194,816 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/09/23 08:24:00 | 000,042,368 | -H-- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\shbecr.sys -- (Tdsshbecr) DRV - [2008/08/26 10:26:12 | 000,018,816 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/10/03 23:55:36 | 000,019,240 | -H-- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2007/10/03 23:55:28 | 000,015,400 | -H-- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil) DRV - [2007/10/03 23:55:08 | 000,080,424 | -H-- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SI3132.sys -- (SI3132) DRV - [2006/07/27 11:00:00 | 000,004,096 | -H-- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv) DRV - [2005/09/24 00:18:32 | 000,171,520 | -H-- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) DRV - [2005/04/25 10:34:52 | 002,937,344 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2004/11/05 12:08:06 | 000,670,208 | -H-- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) DRV - [2004/08/13 10:56:20 | 000,005,810 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E DD 74 FF F5 BC CA 01 [binary data] IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\..\SearchScopes,DefaultScope = {34146BE2-675E-453F-B952-250FA268FEBF} IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\..\SearchScopes\{34146BE2-675E-453F-B952-250FA268FEBF}: "URL" = http://www.google.com/search?hl=sv&q={searchTerms} IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\..\SearchScopes\{797EBDB2-807A-4F2C-85F7-517D6613D597}: "URL" = http://se.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7 IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?affID=10588&tl=gbn187517" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: G:\Skrivare Canon MP 560\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kenneth\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kenneth\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/07/03 00:47:31 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/17 22:42:50 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 00:34:00 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/17 22:42:42 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/07/03 00:47:31 | 000,000,000 | -H-D | M] [2012/03/18 00:34:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Kenneth\AppData\Roaming\mozilla\Extensions [2012/03/30 17:23:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Kenneth\AppData\Roaming\mozilla\Firefox\Profiles\wb9t6b9o.default\extensions [2012/03/30 17:23:08 | 000,000,000 | -H-D | M] (Babylon) -- C:\Users\Kenneth\AppData\Roaming\mozilla\Firefox\Profiles\wb9t6b9o.default\extensions\ffxtlbr@babylon.com [2012/03/18 00:34:00 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions () (No name found) -- C:\USERS\KENNETH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WB9T6B9O.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI () (No name found) -- C:\USERS\KENNETH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WB9T6B9O.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI [2012/03/13 06:38:06 | 000,097,208 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/03/13 09:24:42 | 000,001,470 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allaannonser-sv-SE.xml [2012/03/30 17:21:56 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012/03/13 08:50:43 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/03/13 09:24:42 | 000,002,670 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\prisjakt-sv-SE.xml [2012/03/13 09:24:42 | 000,000,948 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tyda-sv-SE.xml [2012/03/13 09:24:42 | 000,001,174 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sv-SE.xml [2012/03/13 09:24:42 | 000,000,951 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-sv-SE.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kenneth\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kenneth\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kenneth\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Nexus Personal (Enabled) = C:\Program Files\Personal\bin\np_prsnl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = G:\Skrivare Canon MP 560\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\ O1 HOSTS File: ([2010/03/07 01:19:28 | 000,001,306 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O3 - HKU\S-1-5-21-4206820987-348621976-186063536-1000\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found. O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\Windows\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-4206820987-348621976-186063536-1000..\Run: [] File not found O4 - HKU\S-1-5-21-4206820987-348621976-186063536-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-4206820987-348621976-186063536-1000..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\rmtray.exe (PC Tools ) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-4206820987-348621976-186063536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.67.199.21 195.67.199.22 195.67.199.23 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FB42043-6F48-4A25-9A2D-22E1FD28A827}: DhcpNameServer = 195.67.199.21 195.67.199.22 195.67.199.23 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011/07/18 19:11:49 | 000,000,000 | -H-D | M] - G:\AutoCAD dokument -- [ NTFS ] O33 - MountPoints2\{86a89cad-3972-11df-83e4-0013d46fba87}\Shell - "" = AutoRun O33 - MountPoints2\{86a89cad-3972-11df-83e4-0013d46fba87}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/04/01 00:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com [2012/04/01 00:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com [2012/03/31 15:28:22 | 000,000,000 | ---D | C] -- C:\_OTL [2012/03/31 00:41:26 | 000,000,000 | ---D | C] -- C:\Users\Kenneth\Desktop\RK_Quarantine [2012/03/30 23:40:45 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Kenneth\Desktop\OTL.exe [2012/03/30 23:23:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/03/30 17:23:30 | 000,000,000 | -H-D | C] -- C:\Users\Kenneth\AppData\Local\Babylon [2012/03/30 14:08:05 | 000,253,352 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2012/03/30 14:08:05 | 000,107,864 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2012/03/30 14:08:03 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys [2012/03/30 14:08:00 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2012/03/30 13:53:40 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys [2012/03/30 13:53:40 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys [2012/03/30 13:53:38 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2012/03/30 13:53:38 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2012/03/30 13:53:37 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys [2012/03/30 13:52:54 | 000,000,000 | -H-D | C] -- C:\Users\Kenneth\AppData\Roaming\TestApp [2012/03/30 13:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012/03/30 13:48:57 | 000,000,000 | RH-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [2012/03/30 13:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal [2012/03/26 13:41:12 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kenneth\Desktop\TDSSKiller.exe [2012/03/25 17:17:39 | 000,000,000 | -H-D | C] -- C:\Program Files\Adobe CS5.5 Master Collection Content [2012/03/18 20:17:55 | 000,000,000 | -H-D | C] -- C:\Users\Kenneth\Documents\CardRecovery [2012/03/18 17:06:17 | 000,000,000 | -H-D | C] -- C:\Program Files\EASEUS [2012/03/18 16:27:41 | 000,067,312 | -H-- | C] (Just Great Software) -- C:\Windows\UnDeployV.exe [2012/03/18 16:27:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DDR - Memory Card Recovery(Demo) [2012/03/18 00:34:10 | 000,000,000 | -H-D | C] -- C:\Users\Kenneth\AppData\Local\Mozilla [2012/03/18 00:33:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2025/08/31 19:30:31 | 000,796,016 | -H-- | M] (Symantec Corporation) -- C:\cltLMSx.dll [2012/04/01 00:39:19 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/01 00:24:00 | 000,000,984 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/01 00:23:09 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2012/03/31 23:59:00 | 000,001,012 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4206820987-348621976-186063536-1000UA.job [2012/03/31 23:38:25 | 000,000,980 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/03/31 23:38:24 | 000,000,336 | -H-- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012/03/31 23:38:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/03/31 23:38:04 | 2717,212,672 | -HS- | M] () -- C:\hiberfil.sys [2012/03/31 11:12:43 | 000,013,824 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys [2012/03/31 00:07:42 | 000,001,169 | ---- | M] () -- C:\Users\Kenneth\Desktop\Hämtade filer - genväg.lnk [2012/03/30 23:40:47 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kenneth\Desktop\OTL.exe [2012/03/30 17:59:53 | 001,008,141 | ---- | M] () -- C:\rkill (1).com [2012/03/30 17:22:04 | 000,000,250 | ---- | M] () -- C:\user.js [2012/03/30 14:08:03 | 000,002,217 | -H-- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk [2012/03/30 13:52:55 | 000,001,661 | -H-- | M] () -- C:\Users\Kenneth\Desktop\SDAV_Online_aff_GenericRevenueWire_207.exe.lnk [2012/03/30 10:34:58 | 000,716,706 | -H-- | M] () -- C:\Windows\System32\perfh01D.dat [2012/03/30 10:34:58 | 000,707,184 | -H-- | M] () -- C:\Windows\System32\perfh009.dat [2012/03/30 10:34:58 | 000,162,520 | -H-- | M] () -- C:\Windows\System32\perfc01D.dat [2012/03/30 10:34:58 | 000,142,114 | -H-- | M] () -- C:\Windows\System32\perfc009.dat [2012/03/30 08:59:03 | 000,000,960 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4206820987-348621976-186063536-1000Core.job [2012/03/26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kenneth\Desktop\TDSSKiller.exe [2012/03/26 00:23:20 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/26 00:23:19 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/25 18:21:35 | 076,120,362 | -H-- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2012/03/24 20:54:14 | 000,002,369 | -H-- | M] () -- C:\Users\Kenneth\Desktop\Google Chrome.lnk [2012/03/18 17:06:20 | 000,001,317 | -H-- | M] () -- C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Free Edition 5.5.1.lnk [2012/03/18 16:32:14 | 000,000,935 | -H-- | M] () -- C:\Users\Kenneth\RPSTD2010.lic [2012/03/18 16:27:41 | 000,001,302 | -H-- | M] () -- C:\Users\Public\Desktop\DDR - Memory Card Recovery(Demo).lnk [2012/03/18 16:04:59 | 002,551,984 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/03/18 00:34:04 | 000,001,088 | -H-- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2012/04/01 00:23:09 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2012/03/31 22:17:33 | 000,002,656 | -H-- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2012/03/31 22:17:33 | 000,002,511 | -H-- | C] () -- C:\Users\Public\Desktop\SolidWorks 2007 SP0.0.lnk [2012/03/31 22:17:33 | 000,002,300 | -H-- | C] () -- C:\Users\Public\Desktop\Canon MP560 series Onlinehandbok.lnk [2012/03/31 22:17:33 | 000,002,217 | -H-- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk [2012/03/31 22:17:33 | 000,002,138 | -H-- | C] () -- C:\Users\Public\Desktop\MPLAB IDE v8.60.lnk [2012/03/31 22:17:33 | 000,002,102 | -H-- | C] () -- C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk [2012/03/31 22:17:33 | 000,002,069 | -H-- | C] () -- C:\Users\Public\Desktop\Inventor Fusion 2012.lnk [2012/03/31 22:17:33 | 000,002,067 | -H-- | C] () -- C:\Users\Public\Desktop\Lightroom 3.2.lnk [2012/03/31 22:17:33 | 000,002,041 | -H-- | C] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk [2012/03/31 22:17:33 | 000,002,021 | -H-- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk [2012/03/31 22:17:33 | 000,002,012 | -H-- | C] () -- C:\Users\Public\Desktop\Canon MP560 series användarregistrering.LNK [2012/03/31 22:17:33 | 000,001,996 | -H-- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk [2012/03/31 22:17:33 | 000,001,985 | -H-- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk [2012/03/31 22:17:33 | 000,001,984 | -H-- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012/03/31 22:17:33 | 000,001,951 | -H-- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012/03/31 22:17:33 | 000,001,906 | -H-- | C] () -- C:\Users\Public\Desktop\Free Offers.lnk [2012/03/31 22:17:33 | 000,001,901 | -H-- | C] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk [2012/03/31 22:17:33 | 000,001,878 | -H-- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk [2012/03/31 22:17:33 | 000,001,815 | -H-- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/03/31 22:17:33 | 000,001,317 | -H-- | C] () -- C:\Users\Public\Desktop\EASEUS Data Recovery Wizard Free Edition 5.5.1.lnk [2012/03/31 22:17:33 | 000,001,302 | -H-- | C] () -- C:\Users\Public\Desktop\DDR - Memory Card Recovery(Demo).lnk [2012/03/31 22:17:33 | 000,001,250 | -H-- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk [2012/03/31 22:17:33 | 000,001,152 | -H-- | C] () -- C:\Users\Public\Desktop\Pinnacle Studio 12.lnk [2012/03/31 22:17:33 | 000,001,102 | -H-- | C] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk [2012/03/31 22:17:33 | 000,001,088 | -H-- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/03/31 22:17:33 | 000,001,067 | -H-- | C] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk [2012/03/31 22:17:33 | 000,001,067 | -H-- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2012/03/31 22:17:33 | 000,001,063 | -H-- | C] () -- C:\Users\Public\Desktop\WordFinder.lnk [2012/03/31 22:17:33 | 000,001,054 | -H-- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk [2012/03/31 22:17:33 | 000,001,039 | -H-- | C] () -- C:\Users\Public\Desktop\TIS 2000.lnk [2012/03/31 22:17:33 | 000,001,037 | -H-- | C] () -- C:\Users\Public\Desktop\EOS Utility.lnk [2012/03/31 22:17:33 | 000,001,027 | -H-- | C] () -- C:\Users\Public\Desktop\Reason.lnk [2012/03/31 22:17:33 | 000,001,021 | -H-- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk [2012/03/31 22:17:33 | 000,001,012 | -H-- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012/03/31 22:17:33 | 000,000,984 | -H-- | C] () -- C:\Users\Public\Desktop\FLV Player.lnk [2012/03/31 22:17:33 | 000,000,896 | -H-- | C] () -- C:\Users\Public\Desktop\Canon Easy-PhotoPrint EX.lnk [2012/03/31 11:12:43 | 000,013,824 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys [2012/03/31 00:32:37 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/03/31 00:07:42 | 000,001,169 | ---- | C] () -- C:\Users\Kenneth\Desktop\Hämtade filer - genväg.lnk [2012/03/30 18:00:59 | 001,008,141 | ---- | C] () -- C:\rkill (1).com [2012/03/30 17:22:03 | 000,000,250 | ---- | C] () -- C:\user.js [2012/03/30 13:52:55 | 000,001,661 | -H-- | C] () -- C:\Users\Kenneth\Desktop\SDAV_Online_aff_GenericRevenueWire_207.exe.lnk [2012/02/17 23:19:01 | 000,004,316 | -H-- | C] () -- C:\Users\Kenneth\AppData\Roaming\mdbu.bin [2011/11/05 21:26:12 | 000,000,290 | -H-- | C] () -- C:\Windows\INFOMAN.INI [2011/11/05 21:25:41 | 000,000,366 | -H-- | C] () -- C:\Windows\TBWIN.INI [2011/04/09 19:23:42 | 000,027,648 | -H-- | C] () -- C:\Windows\System32\AVSredirect.dll [2011/02/11 15:38:36 | 000,000,118 | -H-- | C] () -- C:\Windows\System32\MRT.INI [2010/12/28 14:41:07 | 000,000,027 | -H-- | C] () -- C:\Windows\MPLAB.INI [2010/12/24 16:47:24 | 000,188,416 | -H-- | C] () -- C:\Windows\System32\ftdiunin.exe [2010/12/24 16:47:24 | 000,000,133 | -H-- | C] () -- C:\Windows\System32\ftdiun2k.ini [2010/10/31 20:02:32 | 000,005,120 | -H-- | C] () -- C:\Users\Kenneth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/04 08:13:36 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\MPMapTrace.dll [2010/10/04 07:22:22 | 000,364,544 | -H-- | C] () -- C:\Windows\System32\mpPathan.dll [2010/07/12 08:20:27 | 000,000,058 | -H-- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2010/07/12 08:20:27 | 000,000,058 | -H-- | C] () -- C:\Users\Kenneth\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2010/04/11 21:05:07 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2010/04/02 22:35:47 | 000,004,866 | -H-- | C] () -- C:\ProgramData\iyqsutdc.bjx ========== LOP Check ========== [2010/12/29 23:41:24 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Arduino [2011/06/06 00:13:36 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Autodesk [2010/03/06 14:18:54 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\AVG9 [2012/03/26 00:22:28 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\BitTorrent [2010/04/17 20:33:11 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Blender Foundation [2010/10/29 17:50:06 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\CadSoft [2010/12/12 12:08:08 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Canon [2011/06/05 23:48:05 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\DAEMON Tools Pro [2010/07/12 08:20:27 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\DonationCoder [2011/06/24 20:59:39 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Garmin [2011/01/05 12:56:13 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\GetRightToGo [2011/10/07 22:44:53 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Graphisoft [2011/10/07 20:18:35 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Install.GS [2010/03/13 00:11:51 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Mathsoft [2012/03/31 11:41:41 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Microchip [2010/11/28 11:25:06 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\National Instruments [2011/07/06 11:30:45 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Nitro PDF [2010/09/19 15:46:25 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Nokia [2010/03/28 22:37:40 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Nokia Ovi Suite [2011/05/22 07:13:11 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\OpenCandy [2010/03/19 16:22:09 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\PC Suite [2011/07/16 05:05:21 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Personal [2010/03/28 17:39:44 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Propellerhead Software [2011/04/10 08:44:17 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Registry Mechanic [2012/03/30 13:52:54 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\TestApp [2010/10/23 14:34:59 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Thinstall [2010/04/11 21:05:06 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Thunderbird [2011/05/22 07:13:12 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Uniblue [2010/07/21 00:17:48 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\VDownloader [2012/03/31 23:38:24 | 000,000,336 | -H-- | M] () -- C:\Windows\Tasks\RegistryBooster.job [2011/10/15 22:44:01 | 000,032,608 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE > [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX0\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX1\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX2\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX3\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX4\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX5\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX6\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX7\procs\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX0\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX1\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX2\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX3\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX4\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX5\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX6\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX7\h\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: SVCHOST.EXE > [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX0\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX1\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX2\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX3\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX4\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX5\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX6\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX7\userinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX0\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX1\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX2\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX3\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX4\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX5\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX6\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX7\winlogon.exe < C:\Windows\assembly\tmp\U\*.* /s > < %Temp%\smtmp\1\*.* > [2010/03/06 23:05:05 | 000,000,939 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\1\BitTorrent.lnk [2009/07/14 06:46:35 | 000,001,282 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\1\Default Programs.lnk [2009/07/14 06:46:35 | 000,000,442 | -HS- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\1\desktop.ini [2010/03/28 00:59:41 | 000,002,615 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\1\New Microsoft Office Document.lnk [2010/03/28 00:59:41 | 000,002,625 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\1\Open Microsoft Office Document.lnk [2009/07/14 06:37:43 | 000,001,266 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\1\Windows Update.lnk < %Temp%\smtmp\2\*.* > < %Temp%\smtmp\3\*.* > < %Temp%\smtmp\4\*.* > [2012/01/13 21:40:39 | 000,001,984 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Adobe Reader 9.lnk [2010/03/27 10:44:55 | 000,001,901 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\AutoCAD 2010 - English.lnk [2011/06/06 00:16:20 | 000,002,102 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\AutoCAD 2012 - English.lnk [2010/11/11 20:20:08 | 000,000,896 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Canon Easy-PhotoPrint EX.lnk [2010/11/11 20:19:39 | 000,002,041 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Canon MP Navigator EX 3.0.lnk [2010/11/11 20:54:20 | 000,002,012 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Canon MP560 series användarregistrering.LNK [2010/11/11 20:19:03 | 000,002,300 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Canon MP560 series Onlinehandbok.lnk [2010/11/11 20:20:17 | 000,001,985 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Canon Solution Menu.lnk [2011/06/05 23:20:35 | 000,001,878 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\DAEMON Tools Pro.lnk [2012/03/18 16:27:41 | 000,001,302 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\DDR - Memory Card Recovery(Demo).lnk [2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\desktop.ini [2010/09/11 17:21:27 | 000,001,102 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Digital Photo Professional.lnk [2012/03/18 17:06:20 | 000,001,317 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\EASEUS Data Recovery Wizard Free Edition 5.5.1.lnk [2010/08/22 10:04:02 | 000,001,037 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\EOS Utility.lnk [2010/05/29 22:58:06 | 000,000,984 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\FLV Player.lnk [2011/12/17 22:43:08 | 000,001,906 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Free Offers.lnk [2011/06/06 00:24:03 | 000,002,069 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Inventor Fusion 2012.lnk [2010/10/29 21:32:43 | 000,002,067 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Lightroom 3.2.lnk [2011/08/07 22:17:57 | 000,001,067 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk [2012/03/18 00:34:04 | 000,001,088 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Mozilla Firefox.lnk [2010/04/11 21:04:55 | 000,001,951 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Mozilla Thunderbird.lnk [2010/12/21 16:34:40 | 000,002,138 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\MPLAB IDE v8.60.lnk [2010/03/13 17:25:09 | 000,002,656 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Nero StartSmart.lnk [2010/07/03 00:49:52 | 000,002,021 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Nokia Ovi Suite.lnk [2010/09/19 15:46:38 | 000,001,996 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Nokia PC Suite.lnk [2012/03/30 14:08:03 | 000,002,217 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\PC Tools Spyware Doctor with AntiVirus.lnk [2010/08/22 10:05:21 | 000,001,067 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Picture Style Editor.lnk [2010/03/07 22:27:07 | 000,001,152 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Pinnacle Studio 12.lnk [2011/10/21 17:05:43 | 000,001,815 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\QuickTime Player.lnk [2011/12/17 22:43:08 | 000,001,012 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\RealPlayer.lnk [2010/03/28 17:32:56 | 000,001,027 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Reason.lnk [2010/03/07 18:48:01 | 000,001,021 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Registry Mechanic.lnk [2011/04/09 18:44:21 | 000,001,054 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\RegistryBooster.lnk [2010/03/12 18:57:29 | 000,002,511 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\SolidWorks 2007 SP0.0.lnk [2011/11/05 21:25:41 | 000,001,039 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\TIS 2000.lnk [2010/11/28 11:05:17 | 000,001,063 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\WordFinder.lnk [2010/08/22 10:06:21 | 000,001,250 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\ZoomBrowser EX.lnk < type c:\diskreport.txt /c > Microsoft DiskPart version 6.1.7600 Copyright © 1999-2008 Microsoft Corporation. Dator: KENNETH-PC Volymnr Enh Etikett Fils. Typ Storlek Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- Volymnr 0 G Stripedisk NTFS Stripe 1863 G Felfri Volymnr 1 E DVD-ROM 0 B Inget med Volymnr 2 H DVD-ROM 0 B Inget med Volymnr 3 F Lokal disk NTFS Partition 186 G Felfri Volymnr 4 C NTFS Partition 74 G Felfri System Volymnr 5 D Lokal disk NTFS Partition 4119 M Felfri ========== Alternate Data Streams ========== @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report >
  8. Hej Såg ditt inlägg först nu, sorry. Har testat men inte sett ngt pgm som kan återställa pgmgenvägar etc. Mvh Kenneth
  9. Hej! Jag använder disken som en slaskdisk, startar normalt inte från den. Några kvarvarande problem: (1) Saknar Favoriter och (2 ) pgmgenvägar. Inte så allvarligt kanske men tar många timmar att skapa manuellt så, går det att få tillbaka dessa månntro? (3) Något har hänt med Registry Mechanic, update som jag måste lösa. Jag inbillar mig ibland att det är ett bra verktyg men lika ofta funderar jag på vad som egentligen tas bort och om det möjligen inte rensas väl hårt ibland. Nåja, den som vet får gärna upplysa mig. (4) Nu en dum fråga. Jag har bestämt för mig att jag som administratör alltid kan gå in i alla mappar. Definitivt borde jag ha access till Documents and Settings. Som adm har jag i nämnda mapp läs- och skrirättigheter. Har för mig, osäker, att jag stött på och löst detta förut men... minnet..Var reglerar jag det? OTL filen från Moved FIles kommer nedan.. Måste bryta nu, sista filen senare! ========== OTL ========== C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD folder moved successfully. File C:\Users\Kenneth\Desktop\SMART_HDD.lnk not found. C:\Users\Kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk moved successfully. ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully. ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully. ========== REGISTRY ========== ========== FILES ========== < ipconfig /flushdns /c > IP-konfiguration f”r Windows DNS-matcharens cacheminne har rensats. C:\Users\Kenneth\Downloads\cmd.bat deleted successfully. C:\Users\Kenneth\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== OTL by OldTimer - Version 3.2.39.2 log created on 03312012_152822
  10. Hej! Jodå, nu är mycket bra men en del saknas. T ex är saknas pgm på startmenyn, finns dessa i någon fil som kan återställas? Vidare saknas Favoriter vilket väl också borde gå att återställa? Bifogar nedan de RKreport jag har och gjorde igår resp nu på morgonen (notera datum/tid). Den påstådda felaktigheten i Rogue om USER ctrl är något jag valt av praktiska skäl. Stort tack så här långt! RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User: Kenneth [Admin rights] Mode: Scan -- Date: 03/31/2012 00:44:19 ¤¤¤ Bad processes: 4 ¤¤¤ [sUSP PATH] Alcmtr.exe -- C:\Windows\Alcmtr.exe -> KILLED [TermProc] [HJ NAME] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc] [sUSP PATH] FP_AX_CAB_INSTALLER64.exe -- C:\Users\Kenneth\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe -> KILLED [TermProc] [sUSP PATH] InstallFlashPlayer.exe -- C:\Users\Kenneth\AppData\Local\Temp\{0BF63E75-8A74-4219-8529-B45194583BEB}\InstallFlashPlayer.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 19 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SP2004C ATA Device +++++ --- User --- [MBR] 83a8069805965c96c24fac2e3ea6f3e4 [bSP] 60135b0a1e79e8f0183f575c30dd0ff6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190772 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD10EADS-00M2B0 ATA Device +++++ --- User --- [MBR] 936c7b282d04db7181667882a2b5de8c [bSP] f943248c64614d7c09d55ba1eb778969 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: SAMSUNG HD080HJ ATA Device +++++ --- User --- [MBR] a62cb3c46360b67d489003f611ca6abe [bSP] 8a899b3dc42d84ba55607bfc3bab792a : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: WDC WD1001FALS-00E3A0 ATA Device +++++ --- User --- [MBR] 3eb5777b02e8885bacfa1d9f15810cb6 [bSP] 15897b8f140fc3e589ada850d193fdb3 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive4: FUJITSU MPB3043ATU SCSI Disk Device +++++ --- User --- [MBR] 498b4344b917173c6dada272703776c6 [bSP] 326148b95bedba35487aa20b4fb74352 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 4119 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User: Kenneth [Admin rights] Mode: Remove -- Date: 03/31/2012 00:49:38 ¤¤¤ Bad processes: 4 ¤¤¤ [sUSP PATH] Alcmtr.exe -- C:\Windows\Alcmtr.exe -> KILLED [TermProc] [HJ NAME] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc] [sUSP PATH] FP_AX_CAB_INSTALLER64.exe -- C:\Users\Kenneth\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe -> KILLED [TermProc] [sUSP PATH] InstallFlashPlayer.exe -- C:\Users\Kenneth\AppData\Local\Temp\{0BF63E75-8A74-4219-8529-B45194583BEB}\InstallFlashPlayer.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 19 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg) [HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1) [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1) [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SP2004C ATA Device +++++ --- User --- [MBR] 83a8069805965c96c24fac2e3ea6f3e4 [bSP] 60135b0a1e79e8f0183f575c30dd0ff6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190772 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD10EADS-00M2B0 ATA Device +++++ --- User --- [MBR] 936c7b282d04db7181667882a2b5de8c [bSP] f943248c64614d7c09d55ba1eb778969 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: SAMSUNG HD080HJ ATA Device +++++ --- User --- [MBR] a62cb3c46360b67d489003f611ca6abe [bSP] 8a899b3dc42d84ba55607bfc3bab792a : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: WDC WD1001FALS-00E3A0 ATA Device +++++ --- User --- [MBR] 3eb5777b02e8885bacfa1d9f15810cb6 [bSP] 15897b8f140fc3e589ada850d193fdb3 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive4: FUJITSU MPB3043ATU SCSI Disk Device +++++ --- User --- [MBR] 498b4344b917173c6dada272703776c6 [bSP] 326148b95bedba35487aa20b4fb74352 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 4119 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User: Kenneth [Admin rights] Mode: Remove -- Date: 03/31/2012 00:54:14 ¤¤¤ Bad processes: 4 ¤¤¤ [sUSP PATH] Alcmtr.exe -- C:\Windows\Alcmtr.exe -> KILLED [TermProc] [HJ NAME] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc] [sUSP PATH] FP_AX_CAB_INSTALLER64.exe -- C:\Users\Kenneth\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe -> KILLED [TermProc] [sUSP PATH] InstallFlashPlayer.exe -- C:\Users\Kenneth\AppData\Local\Temp\{0BF63E75-8A74-4219-8529-B45194583BEB}\InstallFlashPlayer.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SP2004C ATA Device +++++ --- User --- [MBR] 83a8069805965c96c24fac2e3ea6f3e4 [bSP] 60135b0a1e79e8f0183f575c30dd0ff6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190772 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD10EADS-00M2B0 ATA Device +++++ --- User --- [MBR] 936c7b282d04db7181667882a2b5de8c [bSP] f943248c64614d7c09d55ba1eb778969 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: SAMSUNG HD080HJ ATA Device +++++ --- User --- [MBR] a62cb3c46360b67d489003f611ca6abe [bSP] 8a899b3dc42d84ba55607bfc3bab792a : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: WDC WD1001FALS-00E3A0 ATA Device +++++ --- User --- [MBR] 3eb5777b02e8885bacfa1d9f15810cb6 [bSP] 15897b8f140fc3e589ada850d193fdb3 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive4: FUJITSU MPB3043ATU SCSI Disk Device +++++ --- User --- [MBR] 498b4344b917173c6dada272703776c6 [bSP] 326148b95bedba35487aa20b4fb74352 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 4119 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User: Kenneth [Admin rights] Mode: Remove -- Date: 03/31/2012 00:55:48 ¤¤¤ Bad processes: 4 ¤¤¤ [sUSP PATH] Alcmtr.exe -- C:\Windows\Alcmtr.exe -> KILLED [TermProc] [HJ NAME] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc] [sUSP PATH] FP_AX_CAB_INSTALLER64.exe -- C:\Users\Kenneth\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe -> KILLED [TermProc] [sUSP PATH] InstallFlashPlayer.exe -- C:\Users\Kenneth\AppData\Local\Temp\{0BF63E75-8A74-4219-8529-B45194583BEB}\InstallFlashPlayer.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SP2004C ATA Device +++++ --- User --- [MBR] 83a8069805965c96c24fac2e3ea6f3e4 [bSP] 60135b0a1e79e8f0183f575c30dd0ff6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190772 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD10EADS-00M2B0 ATA Device +++++ --- User --- [MBR] 936c7b282d04db7181667882a2b5de8c [bSP] f943248c64614d7c09d55ba1eb778969 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: SAMSUNG HD080HJ ATA Device +++++ --- User --- [MBR] a62cb3c46360b67d489003f611ca6abe [bSP] 8a899b3dc42d84ba55607bfc3bab792a : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: WDC WD1001FALS-00E3A0 ATA Device +++++ --- User --- [MBR] 3eb5777b02e8885bacfa1d9f15810cb6 [bSP] 15897b8f140fc3e589ada850d193fdb3 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive4: FUJITSU MPB3043ATU SCSI Disk Device +++++ --- User --- [MBR] 498b4344b917173c6dada272703776c6 [bSP] 326148b95bedba35487aa20b4fb74352 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 4119 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User: Kenneth [Admin rights] Mode: Scan -- Date: 03/31/2012 00:57:35 ¤¤¤ Bad processes: 4 ¤¤¤ [sUSP PATH] Alcmtr.exe -- C:\Windows\Alcmtr.exe -> KILLED [TermProc] [HJ NAME] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc] [sUSP PATH] FP_AX_CAB_INSTALLER64.exe -- C:\Users\Kenneth\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe -> KILLED [TermProc] [sUSP PATH] InstallFlashPlayer.exe -- C:\Users\Kenneth\AppData\Local\Temp\{0BF63E75-8A74-4219-8529-B45194583BEB}\InstallFlashPlayer.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SP2004C ATA Device +++++ --- User --- [MBR] 83a8069805965c96c24fac2e3ea6f3e4 [bSP] 60135b0a1e79e8f0183f575c30dd0ff6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190772 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD10EADS-00M2B0 ATA Device +++++ --- User --- [MBR] 936c7b282d04db7181667882a2b5de8c [bSP] f943248c64614d7c09d55ba1eb778969 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: SAMSUNG HD080HJ ATA Device +++++ --- User --- [MBR] a62cb3c46360b67d489003f611ca6abe [bSP] 8a899b3dc42d84ba55607bfc3bab792a : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: WDC WD1001FALS-00E3A0 ATA Device +++++ --- User --- [MBR] 3eb5777b02e8885bacfa1d9f15810cb6 [bSP] 15897b8f140fc3e589ada850d193fdb3 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive4: FUJITSU MPB3043ATU SCSI Disk Device +++++ --- User --- [MBR] 498b4344b917173c6dada272703776c6 [bSP] 326148b95bedba35487aa20b4fb74352 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 4119 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[5].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User: Kenneth [Admin rights] Mode: Scan -- Date: 03/31/2012 11:17:05 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] Alcmtr.exe -- C:\Windows\Alcmtr.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SP2004C ATA Device +++++ --- User --- [MBR] 83a8069805965c96c24fac2e3ea6f3e4 [bSP] 60135b0a1e79e8f0183f575c30dd0ff6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190772 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD10EADS-00M2B0 ATA Device +++++ --- User --- [MBR] 936c7b282d04db7181667882a2b5de8c [bSP] f943248c64614d7c09d55ba1eb778969 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: SAMSUNG HD080HJ ATA Device +++++ --- User --- [MBR] a62cb3c46360b67d489003f611ca6abe [bSP] 8a899b3dc42d84ba55607bfc3bab792a : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: WDC WD1001FALS-00E3A0 ATA Device +++++ --- User --- [MBR] 3eb5777b02e8885bacfa1d9f15810cb6 [bSP] 15897b8f140fc3e589ada850d193fdb3 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive4: FUJITSU MPB3043ATU SCSI Disk Device +++++ --- User --- [MBR] 498b4344b917173c6dada272703776c6 [bSP] 326148b95bedba35487aa20b4fb74352 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 4119 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[6].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User: Kenneth [Admin rights] Mode: Remove -- Date: 03/31/2012 11:19:19 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] Alcmtr.exe -- C:\Windows\Alcmtr.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SP2004C ATA Device +++++ --- User --- [MBR] 83a8069805965c96c24fac2e3ea6f3e4 [bSP] 60135b0a1e79e8f0183f575c30dd0ff6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190772 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD10EADS-00M2B0 ATA Device +++++ --- User --- [MBR] 936c7b282d04db7181667882a2b5de8c [bSP] f943248c64614d7c09d55ba1eb778969 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: SAMSUNG HD080HJ ATA Device +++++ --- User --- [MBR] a62cb3c46360b67d489003f611ca6abe [bSP] 8a899b3dc42d84ba55607bfc3bab792a : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: WDC WD1001FALS-00E3A0 ATA Device +++++ --- User --- [MBR] 3eb5777b02e8885bacfa1d9f15810cb6 [bSP] 15897b8f140fc3e589ada850d193fdb3 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive4: FUJITSU MPB3043ATU SCSI Disk Device +++++ --- User --- [MBR] 498b4344b917173c6dada272703776c6 [bSP] 326148b95bedba35487aa20b4fb74352 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 4119 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[7].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User: Kenneth [Admin rights] Mode: Scan -- Date: 03/31/2012 11:21:36 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] Alcmtr.exe -- C:\Windows\Alcmtr.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SP2004C ATA Device +++++ --- User --- [MBR] 83a8069805965c96c24fac2e3ea6f3e4 [bSP] 60135b0a1e79e8f0183f575c30dd0ff6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190772 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD10EADS-00M2B0 ATA Device +++++ --- User --- [MBR] 936c7b282d04db7181667882a2b5de8c [bSP] f943248c64614d7c09d55ba1eb778969 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: SAMSUNG HD080HJ ATA Device +++++ --- User --- [MBR] a62cb3c46360b67d489003f611ca6abe [bSP] 8a899b3dc42d84ba55607bfc3bab792a : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: WDC WD1001FALS-00E3A0 ATA Device +++++ --- User --- [MBR] 3eb5777b02e8885bacfa1d9f15810cb6 [bSP] 15897b8f140fc3e589ada850d193fdb3 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive4: FUJITSU MPB3043ATU SCSI Disk Device +++++ --- User --- [MBR] 498b4344b917173c6dada272703776c6 [bSP] 326148b95bedba35487aa20b4fb74352 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 4119 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[8].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt
  11. Hej Cecilia Du får ursäkta hoppet till annan tråd och att jag inte kunde följa instruktionen. I vissa lägen fungerade inga pgm alls, eller låsningar inträffade. OTL gick bara att köra en gång, DDS kopplades ihop med AutoCAD ....Rouge stannade.. jag tror all inträffade. Men, nu har det börjat lugna sig en del. Bifogar rpt mm. Hoppas jag nu fått med allt Går och knoppar in nu.. STORT TACK FÖR HJÄLPEN !!!!! Mvh Kenneth RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User: Kenneth [Admin rights] Mode: Scan -- Date: 03/31/2012 00:57:35 ¤¤¤ Bad processes: 4 ¤¤¤ [sUSP PATH] Alcmtr.exe -- C:\Windows\Alcmtr.exe -> KILLED [TermProc] [HJ NAME] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc] [sUSP PATH] FP_AX_CAB_INSTALLER64.exe -- C:\Users\Kenneth\AppData\Local\Temp\ICD3.tmp\FP_AX_CAB_INSTALLER64.exe -> KILLED [TermProc] [sUSP PATH] InstallFlashPlayer.exe -- C:\Users\Kenneth\AppData\Local\Temp\{0BF63E75-8A74-4219-8529-B45194583BEB}\InstallFlashPlayer.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SP2004C ATA Device +++++ --- User --- [MBR] 83a8069805965c96c24fac2e3ea6f3e4 [bSP] 60135b0a1e79e8f0183f575c30dd0ff6 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190772 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD10EADS-00M2B0 ATA Device +++++ --- User --- [MBR] 936c7b282d04db7181667882a2b5de8c [bSP] f943248c64614d7c09d55ba1eb778969 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: SAMSUNG HD080HJ ATA Device +++++ --- User --- [MBR] a62cb3c46360b67d489003f611ca6abe [bSP] 8a899b3dc42d84ba55607bfc3bab792a : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive3: WDC WD1001FALS-00E3A0 ATA Device +++++ --- User --- [MBR] 3eb5777b02e8885bacfa1d9f15810cb6 [bSP] 15897b8f140fc3e589ada850d193fdb3 : Windows 7 MBR Code Partition table: 0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive4: FUJITSU MPB3043ATU SCSI Disk Device +++++ --- User --- [MBR] 498b4344b917173c6dada272703776c6 [bSP] 326148b95bedba35487aa20b4fb74352 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 4119 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[5].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt OTL OTL logfile created on: 3/31/2012 1:14:27 AM - Run 3 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Kenneth\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd 3.37 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 36.46% Memory free 6.74 Gb Paging File | 4.07 Gb Available in Paging File | 60.27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 4.88 Gb Free Space | 6.55% Space Free | Partition Type: NTFS Drive D: | 4.02 Gb Total Space | 0.76 Gb Free Space | 18.78% Space Free | Partition Type: NTFS Drive F: | 186.30 Gb Total Space | 42.54 Gb Free Space | 22.83% Space Free | Partition Type: NTFS Drive G: | 1863.02 Gb Total Space | 1138.18 Gb Free Space | 61.09% Space Free | Partition Type: NTFS Computer Name: KENNETH-PC | User Name: Kenneth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/03/31 00:40:59 | 001,261,056 | ---- | M] () -- C:\Users\Kenneth\Downloads\RogueKiller.exe PRC - [2012/03/30 23:40:47 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kenneth\Downloads\OTL.exe PRC - [2012/01/27 15:23:54 | 002,077,536 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe PRC - [2011/12/17 22:42:20 | 000,296,056 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2011/02/02 14:08:16 | 000,018,656 | -H-- | M] () -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2010/11/26 16:43:44 | 000,725,344 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/09/24 10:01:34 | 000,621,920 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe PRC - [2010/07/21 18:36:28 | 000,921,952 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe PRC - [2010/06/25 22:32:34 | 000,515,424 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/06/25 22:32:31 | 000,308,136 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe PRC - [2010/06/25 22:32:25 | 001,101,152 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010/06/25 22:32:23 | 000,842,592 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe PRC - [2010/06/09 01:47:48 | 001,531,904 | -H-- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2010/03/31 19:46:56 | 000,644,104 | -H-- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/10/19 04:12:00 | 001,983,816 | -H-- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2009/10/14 16:43:06 | 003,217,368 | -H-- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\regmech.exe PRC - [2009/10/14 16:42:38 | 000,583,640 | -H-- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2009/10/14 16:42:38 | 000,104,408 | -H-- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2009/09/23 14:38:18 | 000,935,208 | -H-- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009/07/24 19:38:50 | 000,189,728 | -H-- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/07/14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe PRC - [2009/07/14 03:14:28 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe PRC - [2009/07/14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2006/07/25 18:28:16 | 000,200,704 | -H-- | M] (National Instruments, Inc.) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe PRC - [2006/07/25 18:28:10 | 000,057,344 | -H-- | M] (National Instruments, Inc.) -- C:\Windows\System32\lktsrv.exe PRC - [2006/07/25 18:28:02 | 000,045,056 | -H-- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkads.exe PRC - [2006/06/19 15:01:52 | 000,688,190 | -H-- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkcitdl.exe PRC - [2006/02/06 17:46:42 | 000,049,152 | -H-- | M] (National Instruments Corp.) -- C:\Windows\System32\nisvcloc.exe PRC - [2005/06/02 16:54:34 | 000,086,606 | -H-- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe PRC - [1998/08/25 08:17:40 | 000,143,360 | -H-- | M] (TransAction Software GmbH, D 81739 Munich) -- C:\PROGRA~1\COSIDS\tbcd\TBMUX32.EXE ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2012/03/31 00:32:35 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011/06/06 00:17:24 | 001,044,816 | -H-- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/02/02 14:08:16 | 000,018,656 | -H-- | M] () [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010/07/21 18:36:28 | 000,921,952 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010/06/25 22:32:31 | 000,308,136 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/06/14 15:07:14 | 000,615,936 | -H-- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/05/27 01:40:41 | 001,343,400 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/10/14 16:42:38 | 000,583,640 | -H-- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2009/09/23 14:38:18 | 000,935,208 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/07/24 19:38:50 | 000,189,728 | -H-- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008/07/29 14:10:46 | 003,201,024 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90) SRV - [2006/07/25 18:28:16 | 000,200,704 | -H-- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2006/07/25 18:28:10 | 000,057,344 | -H-- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync) SRV - [2006/07/25 18:28:02 | 000,045,056 | -H-- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkads.exe -- (lkClassAds) SRV - [2006/06/27 20:55:28 | 001,007,616 | -H-- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2006/06/19 15:01:52 | 000,688,190 | -H-- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer) SRV - [2006/02/06 17:46:42 | 000,049,152 | -H-- | M] (National Instruments Corp.) [Auto | Running] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc) SRV - [2005/06/02 16:54:34 | 000,086,606 | -H-- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [1998/08/25 08:17:40 | 000,143,360 | -H-- | M] (TransAction Software GmbH, D 81739 Munich) [Auto | Running] -- C:\PROGRA~1\COSIDS\tbcd\TBMUX32.EXE -- (COSIDS_TB) ========== Driver Services (SafeList) ========== DRV - [2012/03/31 00:41:42 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight) DRV - [2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD) DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pctDS.sys -- (pctDS) DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore) DRV - [2011/09/17 13:28:22 | 000,029,712 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2011/07/06 19:52:42 | 000,041,272 | -H-- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011/06/05 23:20:43 | 000,233,024 | -H-- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/05/22 07:25:24 | 000,243,152 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/12/30 15:29:56 | 000,073,096 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2010/12/29 23:38:31 | 000,047,249 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2010/06/25 22:32:26 | 000,216,400 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/03/31 19:46:22 | 000,042,248 | -H-- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioOzone_DFU.sys -- (MADFUOZONE) DRV - [2010/03/31 19:46:20 | 000,158,344 | -H-- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioOzone.sys -- (MAUSBOZONE) DRV - [2010/03/12 19:22:18 | 000,081,920 | -H-- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2010/03/06 15:42:29 | 000,052,872 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86) DRV - [2010/02/26 14:32:58 | 000,008,192 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010/02/26 14:32:46 | 000,008,192 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010/02/26 14:32:44 | 000,022,528 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010/02/26 14:32:44 | 000,018,176 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009/09/28 10:22:00 | 000,315,392 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/07/14 03:19:10 | 000,175,824 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009/07/14 03:19:10 | 000,040,896 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009/07/14 03:19:10 | 000,028,224 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/14 01:28:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/14 01:28:45 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/14 00:09:17 | 004,194,816 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/09/23 08:24:00 | 000,042,368 | -H-- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\shbecr.sys -- (Tdsshbecr) DRV - [2008/08/26 10:26:12 | 000,018,816 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/10/03 23:55:36 | 000,019,240 | -H-- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2007/10/03 23:55:28 | 000,015,400 | -H-- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil) DRV - [2007/10/03 23:55:08 | 000,080,424 | -H-- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SI3132.sys -- (SI3132) DRV - [2006/07/27 11:00:00 | 000,004,096 | -H-- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv) DRV - [2005/09/24 00:18:32 | 000,171,520 | -H-- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) DRV - [2005/04/25 10:34:52 | 002,937,344 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2004/11/05 12:08:06 | 000,670,208 | -H-- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) DRV - [2004/08/13 10:56:20 | 000,005,810 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E DD 74 FF F5 BC CA 01 [binary data] IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\..\SearchScopes,DefaultScope = {34146BE2-675E-453F-B952-250FA268FEBF} IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\..\SearchScopes\{34146BE2-675E-453F-B952-250FA268FEBF}: "URL" = http://www.google.com/search?hl=sv&q={searchTerms} IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\..\SearchScopes\{797EBDB2-807A-4F2C-85F7-517D6613D597}: "URL" = http://se.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7 IE - HKU\S-1-5-21-4206820987-348621976-186063536-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?affID=10588&tl=gbn187517" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: G:\Skrivare Canon MP 560\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kenneth\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kenneth\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/07/03 00:47:31 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/17 22:42:50 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 00:34:00 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/17 22:42:42 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/07/03 00:47:31 | 000,000,000 | -H-D | M] [2012/03/18 00:34:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Kenneth\AppData\Roaming\mozilla\Extensions [2012/03/30 17:23:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Kenneth\AppData\Roaming\mozilla\Firefox\Profiles\wb9t6b9o.default\extensions [2012/03/30 17:23:08 | 000,000,000 | -H-D | M] (Babylon) -- C:\Users\Kenneth\AppData\Roaming\mozilla\Firefox\Profiles\wb9t6b9o.default\extensions\ffxtlbr@babylon.com [2012/03/18 00:34:00 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions () (No name found) -- C:\USERS\KENNETH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WB9T6B9O.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI () (No name found) -- C:\USERS\KENNETH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WB9T6B9O.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI [2012/03/13 06:38:06 | 000,097,208 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/03/13 09:24:42 | 000,001,470 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allaannonser-sv-SE.xml [2012/03/30 17:21:56 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012/03/13 08:50:43 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/03/13 09:24:42 | 000,002,670 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\prisjakt-sv-SE.xml [2012/03/13 09:24:42 | 000,000,948 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tyda-sv-SE.xml [2012/03/13 09:24:42 | 000,001,174 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sv-SE.xml [2012/03/13 09:24:42 | 000,000,951 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-sv-SE.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kenneth\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kenneth\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kenneth\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Nexus Personal (Enabled) = C:\Program Files\Personal\bin\np_prsnl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = G:\Skrivare Canon MP 560\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\ O1 HOSTS File: ([2010/03/07 01:19:28 | 000,001,306 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O3 - HKU\S-1-5-21-4206820987-348621976-186063536-1000\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found. O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\Windows\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-4206820987-348621976-186063536-1000..\Run: [] File not found O4 - HKU\S-1-5-21-4206820987-348621976-186063536-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-4206820987-348621976-186063536-1000..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\rmtray.exe (PC Tools ) O4 - HKU\S-1-5-21-4206820987-348621976-186063536-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-4206820987-348621976-186063536-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.67.199.21 195.67.199.22 195.67.199.23 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FB42043-6F48-4A25-9A2D-22E1FD28A827}: DhcpNameServer = 195.67.199.21 195.67.199.22 195.67.199.23 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011/07/18 19:11:49 | 000,000,000 | -H-D | M] - G:\AutoCAD dokument -- [ NTFS ] O33 - MountPoints2\{86a89cad-3972-11df-83e4-0013d46fba87}\Shell - "" = AutoRun O33 - MountPoints2\{86a89cad-3972-11df-83e4-0013d46fba87}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT[/code] Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/03/31 00:41:26 | 000,000,000 | ---D | C] -- C:\Users\Kenneth\Desktop\RK_Quarantine [2012/03/30 23:23:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/03/30 17:23:30 | 000,000,000 | -H-D | C] -- C:\Users\Kenneth\AppData\Local\Babylon [2012/03/30 14:08:05 | 000,253,352 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2012/03/30 14:08:05 | 000,107,864 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2012/03/30 14:08:03 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys [2012/03/30 14:08:00 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2012/03/30 13:53:40 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys [2012/03/30 13:53:40 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys [2012/03/30 13:53:38 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2012/03/30 13:53:38 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2012/03/30 13:53:37 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys [2012/03/30 13:52:54 | 000,000,000 | -H-D | C] -- C:\Users\Kenneth\AppData\Roaming\TestApp [2012/03/30 13:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012/03/30 13:48:57 | 000,000,000 | RH-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [2012/03/30 13:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal [2012/03/30 10:06:12 | 000,000,000 | -H-D | C] -- C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD [2012/03/25 17:17:39 | 000,000,000 | -H-D | C] -- C:\Program Files\Adobe CS5.5 Master Collection Content [2012/03/18 20:17:55 | 000,000,000 | -H-D | C] -- C:\Users\Kenneth\Documents\CardRecovery [2012/03/18 17:06:17 | 000,000,000 | -H-D | C] -- C:\Program Files\EASEUS [2012/03/18 16:27:41 | 000,067,312 | -H-- | C] (Just Great Software) -- C:\Windows\UnDeployV.exe [2012/03/18 16:27:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DDR - Memory Card Recovery(Demo) [2012/03/18 00:34:10 | 000,000,000 | -H-D | C] -- C:\Users\Kenneth\AppData\Local\Mozilla [2012/03/18 00:33:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2025/08/31 19:30:31 | 000,796,016 | -H-- | M] (Symantec Corporation) -- C:\cltLMSx.dll [2012/03/31 00:59:00 | 000,001,012 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4206820987-348621976-186063536-1000UA.job [2012/03/31 00:41:42 | 000,013,824 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys [2012/03/31 00:39:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/03/31 00:24:04 | 000,000,984 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/03/31 00:07:42 | 000,001,169 | ---- | M] () -- C:\Users\Kenneth\Desktop\Hämtade filer - genväg.lnk [2012/03/30 23:57:01 | 000,000,980 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/03/30 23:56:56 | 000,000,336 | -H-- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012/03/30 23:56:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/03/30 23:56:30 | 2717,212,672 | -HS- | M] () -- C:\hiberfil.sys [2012/03/30 17:59:53 | 001,008,141 | ---- | M] () -- C:\rkill (1).com [2012/03/30 17:22:04 | 000,000,250 | ---- | M] () -- C:\user.js [2012/03/30 13:52:55 | 000,001,661 | -H-- | M] () -- C:\Users\Kenneth\Desktop\SDAV_Online_aff_GenericRevenueWire_207.exe.lnk [2012/03/30 10:34:58 | 000,716,706 | -H-- | M] () -- C:\Windows\System32\perfh01D.dat [2012/03/30 10:34:58 | 000,707,184 | -H-- | M] () -- C:\Windows\System32\perfh009.dat [2012/03/30 10:34:58 | 000,162,520 | -H-- | M] () -- C:\Windows\System32\perfc01D.dat [2012/03/30 10:34:58 | 000,142,114 | -H-- | M] () -- C:\Windows\System32\perfc009.dat [2012/03/30 10:06:12 | 000,000,671 | -H-- | M] () -- C:\Users\Kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk [2012/03/30 08:59:03 | 000,000,960 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4206820987-348621976-186063536-1000Core.job [2012/03/26 00:23:20 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/26 00:23:19 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/25 18:21:35 | 076,120,362 | -H-- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2012/03/24 20:54:14 | 000,002,369 | -H-- | M] () -- C:\Users\Kenneth\Desktop\Google Chrome.lnk [2012/03/18 16:32:14 | 000,000,935 | -H-- | M] () -- C:\Users\Kenneth\RPSTD2010.lic [2012/03/18 16:04:59 | 002,551,984 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/03/31 00:41:42 | 000,013,824 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys [2012/03/31 00:32:37 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/03/31 00:07:42 | 000,001,169 | ---- | C] () -- C:\Users\Kenneth\Desktop\Hämtade filer - genväg.lnk [2012/03/30 18:00:59 | 001,008,141 | ---- | C] () -- C:\rkill (1).com [2012/03/30 17:22:03 | 000,000,250 | ---- | C] () -- C:\user.js [2012/03/30 13:52:55 | 000,001,661 | -H-- | C] () -- C:\Users\Kenneth\Desktop\SDAV_Online_aff_GenericRevenueWire_207.exe.lnk [2012/03/30 10:06:12 | 000,000,671 | -H-- | C] () -- C:\Users\Kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk [2012/02/17 23:19:01 | 000,004,316 | -H-- | C] () -- C:\Users\Kenneth\AppData\Roaming\mdbu.bin [2011/11/05 21:26:12 | 000,000,290 | -H-- | C] () -- C:\Windows\INFOMAN.INI [2011/11/05 21:25:41 | 000,000,366 | -H-- | C] () -- C:\Windows\TBWIN.INI [2011/04/09 19:23:42 | 000,027,648 | -H-- | C] () -- C:\Windows\System32\AVSredirect.dll [2011/02/11 15:38:36 | 000,000,118 | -H-- | C] () -- C:\Windows\System32\MRT.INI [2010/12/28 14:41:07 | 000,000,027 | -H-- | C] () -- C:\Windows\MPLAB.INI [2010/12/24 16:47:24 | 000,188,416 | -H-- | C] () -- C:\Windows\System32\ftdiunin.exe [2010/12/24 16:47:24 | 000,000,133 | -H-- | C] () -- C:\Windows\System32\ftdiun2k.ini [2010/10/31 20:02:32 | 000,005,120 | -H-- | C] () -- C:\Users\Kenneth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/04 08:13:36 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\MPMapTrace.dll [2010/10/04 07:22:22 | 000,364,544 | -H-- | C] () -- C:\Windows\System32\mpPathan.dll [2010/07/12 08:20:27 | 000,000,058 | -H-- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2010/07/12 08:20:27 | 000,000,058 | -H-- | C] () -- C:\Users\Kenneth\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2010/04/11 21:05:07 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2010/04/02 22:35:47 | 000,004,866 | -H-- | C] () -- C:\ProgramData\iyqsutdc.bjx ========== LOP Check ========== [2010/12/29 23:41:24 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Arduino [2011/06/06 00:13:36 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Autodesk [2010/03/06 14:18:54 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\AVG9 [2012/03/26 00:22:28 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\BitTorrent [2010/04/17 20:33:11 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Blender Foundation [2010/10/29 17:50:06 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\CadSoft [2010/12/12 12:08:08 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Canon [2011/06/05 23:48:05 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\DAEMON Tools Pro [2010/07/12 08:20:27 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\DonationCoder [2011/06/24 20:59:39 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Garmin [2011/01/05 12:56:13 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\GetRightToGo [2011/10/07 22:44:53 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Graphisoft [2011/10/07 20:18:35 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Install.GS [2010/03/13 00:11:51 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Mathsoft [2012/03/30 23:42:22 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Microchip [2010/11/28 11:25:06 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\National Instruments [2011/07/06 11:30:45 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Nitro PDF [2010/09/19 15:46:25 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Nokia [2010/03/28 22:37:40 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Nokia Ovi Suite [2011/05/22 07:13:11 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\OpenCandy [2010/03/19 16:22:09 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\PC Suite [2011/07/16 05:05:21 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Personal [2010/03/28 17:39:44 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Propellerhead Software [2011/04/10 08:44:17 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Registry Mechanic [2012/03/30 13:52:54 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\TestApp [2010/10/23 14:34:59 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Thinstall [2010/04/11 21:05:06 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Thunderbird [2011/05/22 07:13:12 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Uniblue [2010/07/21 00:17:48 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\VDownloader [2012/03/30 23:56:56 | 000,000,336 | -H-- | M] () -- C:\Windows\Tasks\RegistryBooster.job [2011/10/15 22:44:01 | 000,032,608 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE > [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX1\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX2\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX3\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX4\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX5\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX6\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX7\procs\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX0\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX1\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX2\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX3\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX4\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX5\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX6\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX7\h\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | -H-- | M] () Unable to obtain MD5 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX0\procs\explorer.exe [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe < MD5 for: SVCHOST.EXE > [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX0\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX1\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX2\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX3\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX4\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX5\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX6\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX7\userinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX0\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX1\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX3\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX4\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX5\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX6\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX7\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | -H-- | M] (NirSoft) Unable to obtain MD5 -- C:\Users\Kenneth\AppData\Local\Temp\RarSFX2\winlogon.exe < C:\Windows\assembly\tmp\U\*.* /s > < %Temp%\smtmp\1\*.* > [2010/03/06 23:05:05 | 000,000,939 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\1\BitTorrent.lnk [2009/07/14 06:46:35 | 000,001,282 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\1\Default Programs.lnk [2009/07/14 06:46:35 | 000,000,442 | -HS- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\1\desktop.ini [2010/03/28 00:59:41 | 000,002,615 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\1\New Microsoft Office Document.lnk [2010/03/28 00:59:41 | 000,002,625 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\1\Open Microsoft Office Document.lnk [2009/07/14 06:37:43 | 000,001,266 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\1\Windows Update.lnk < %Temp%\smtmp\2\*.* > < %Temp%\smtmp\3\*.* > < %Temp%\smtmp\4\*.* > [2012/01/13 21:40:39 | 000,001,984 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Adobe Reader 9.lnk [2010/03/27 10:44:55 | 000,001,901 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\AutoCAD 2010 - English.lnk [2011/06/06 00:16:20 | 000,002,102 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\AutoCAD 2012 - English.lnk [2010/11/11 20:20:08 | 000,000,896 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Canon Easy-PhotoPrint EX.lnk [2010/11/11 20:19:39 | 000,002,041 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Canon MP Navigator EX 3.0.lnk [2010/11/11 20:54:20 | 000,002,012 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Canon MP560 series användarregistrering.LNK [2010/11/11 20:19:03 | 000,002,300 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Canon MP560 series Onlinehandbok.lnk [2010/11/11 20:20:17 | 000,001,985 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Canon Solution Menu.lnk [2011/06/05 23:20:35 | 000,001,878 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\DAEMON Tools Pro.lnk [2012/03/18 16:27:41 | 000,001,302 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\DDR - Memory Card Recovery(Demo).lnk [2009/07/14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\desktop.ini [2010/09/11 17:21:27 | 000,001,102 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Digital Photo Professional.lnk [2012/03/18 17:06:20 | 000,001,317 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\EASEUS Data Recovery Wizard Free Edition 5.5.1.lnk [2010/08/22 10:04:02 | 000,001,037 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\EOS Utility.lnk [2010/05/29 22:58:06 | 000,000,984 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\FLV Player.lnk [2011/12/17 22:43:08 | 000,001,906 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Free Offers.lnk [2011/06/06 00:24:03 | 000,002,069 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Inventor Fusion 2012.lnk [2010/10/29 21:32:43 | 000,002,067 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Lightroom 3.2.lnk [2011/08/07 22:17:57 | 000,001,067 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Malwarebytes' Anti-Malware.lnk [2012/03/18 00:34:04 | 000,001,088 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Mozilla Firefox.lnk [2010/04/11 21:04:55 | 000,001,951 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Mozilla Thunderbird.lnk [2010/12/21 16:34:40 | 000,002,138 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\MPLAB IDE v8.60.lnk [2010/03/13 17:25:09 | 000,002,656 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Nero StartSmart.lnk [2010/07/03 00:49:52 | 000,002,021 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Nokia Ovi Suite.lnk [2010/09/19 15:46:38 | 000,001,996 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Nokia PC Suite.lnk [2012/03/30 14:08:03 | 000,002,217 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\PC Tools Spyware Doctor with AntiVirus.lnk [2010/08/22 10:05:21 | 000,001,067 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Picture Style Editor.lnk [2010/03/07 22:27:07 | 000,001,152 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Pinnacle Studio 12.lnk [2011/10/21 17:05:43 | 000,001,815 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\QuickTime Player.lnk [2011/12/17 22:43:08 | 000,001,012 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\RealPlayer.lnk [2010/03/28 17:32:56 | 000,001,027 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Reason.lnk [2010/03/07 18:48:01 | 000,001,021 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\Registry Mechanic.lnk [2011/04/09 18:44:21 | 000,001,054 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\RegistryBooster.lnk [2010/03/12 18:57:29 | 000,002,511 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\SolidWorks 2007 SP0.0.lnk [2011/11/05 21:25:41 | 000,001,039 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\TIS 2000.lnk [2010/11/28 11:05:17 | 000,001,063 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\WordFinder.lnk [2010/08/22 10:06:21 | 000,001,250 | -H-- | M] () -- C:\Users\Kenneth\AppData\Local\Temp\smtmp\4\ZoomBrowser EX.lnk < type c:\diskreport.txt /c > Microsoft DiskPart version 6.1.7600 Copyright © 1999-2008 Microsoft Corporation. Dator: KENNETH-PC Volymnr Enh Etikett Fils. Typ Storlek Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- Volymnr 0 G Stripedisk NTFS Stripe 1863 G Felfri Volymnr 1 E DVD-ROM 0 B Inget med Volymnr 2 H DVD-ROM 0 B Inget med Volymnr 3 F Lokal disk NTFS Partition 186 G Felfri Volymnr 4 C NTFS Partition 74 G Felfri System Volymnr 5 D Lokal disk NTFS Partition 4119 M Felfri ========== Alternate Data Streams ========== @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Extras.Txt
  12. Hej Tar mig friheten att gå in i denna tråd då mitt problem väldigt mycket liknar det som "Kapad " råkat ut för. Kopierat in OTL.txt nedan. Hittar nu inte i tröttheten hur att bifoga Extras.txt Mvh Kenneth OTL logfile created on: 3/30/2012 11:40:56 PM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Kenneth\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Sweden | Language: SVE | Date Format: yyyy-MM-dd 3.37 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 75.25% Memory free 6.74 Gb Paging File | 5.95 Gb Available in Paging File | 88.20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 4.89 Gb Free Space | 6.56% Space Free | Partition Type: NTFS Drive D: | 4.02 Gb Total Space | 0.76 Gb Free Space | 18.78% Space Free | Partition Type: NTFS Drive F: | 186.30 Gb Total Space | 42.54 Gb Free Space | 22.83% Space Free | Partition Type: NTFS Drive G: | 1863.02 Gb Total Space | 1138.18 Gb Free Space | 61.09% Space Free | Partition Type: NTFS Computer Name: KENNETH-PC | User Name: Kenneth | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/03/30 23:40:47 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kenneth\Downloads\OTL.exe PRC - [2012/03/26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kenneth\Downloads\tdsskiller\TDSSKiller.exe PRC - [2011/07/06 19:52:38 | 001,047,656 | -H-- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe PRC - [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/07/14 03:14:21 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2011/06/06 00:17:24 | 001,044,816 | -H-- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/02/02 14:08:16 | 000,018,656 | -H-- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010/07/21 18:36:28 | 000,921,952 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010/06/25 22:32:31 | 000,308,136 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/06/14 15:07:14 | 000,615,936 | -H-- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/05/27 01:40:41 | 001,343,400 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/10/14 16:42:38 | 000,583,640 | -H-- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2009/09/23 14:38:18 | 000,935,208 | -H-- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/07/24 19:38:50 | 000,189,728 | -H-- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008/07/29 14:10:46 | 003,201,024 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90) SRV - [2006/07/25 18:28:16 | 000,200,704 | -H-- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService) SRV - [2006/07/25 18:28:10 | 000,057,344 | -H-- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync) SRV - [2006/07/25 18:28:02 | 000,045,056 | -H-- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Windows\System32\lkads.exe -- (lkClassAds) SRV - [2006/06/27 20:55:28 | 001,007,616 | -H-- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager) SRV - [2006/06/19 15:01:52 | 000,688,190 | -H-- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer) SRV - [2006/02/06 17:46:42 | 000,049,152 | -H-- | M] (National Instruments Corp.) [Auto | Stopped] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc) SRV - [2005/06/02 16:54:34 | 000,086,606 | -H-- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [1998/08/25 08:17:40 | 000,143,360 | -H-- | M] (TransAction Software GmbH, D 81739 Munich) [Auto | Stopped] -- C:\PROGRA~1\COSIDS\tbcd\TBMUX32.EXE -- (COSIDS_TB) ========== Driver Services (SafeList) ========== DRV - [2012/02/24 10:36:44 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\PCTSD.sys -- (PCTSD) DRV - [2011/12/01 16:07:06 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pctDS.sys -- (pctDS) DRV - [2011/11/14 15:12:26 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore) DRV - [2011/09/17 13:28:22 | 000,029,712 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2011/06/05 23:20:43 | 000,233,024 | -H-- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011/05/22 07:25:24 | 000,243,152 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/12/30 15:29:56 | 000,073,096 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2010/12/29 23:38:31 | 000,047,249 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2010/06/25 22:32:26 | 000,216,400 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/03/31 19:46:22 | 000,042,248 | -H-- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioOzone_DFU.sys -- (MADFUOZONE) DRV - [2010/03/31 19:46:20 | 000,158,344 | -H-- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioOzone.sys -- (MAUSBOZONE) DRV - [2010/03/12 19:22:18 | 000,081,920 | -H-- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2010/03/06 15:42:29 | 000,052,872 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86) DRV - [2010/02/26 14:32:58 | 000,008,192 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010/02/26 14:32:46 | 000,008,192 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010/02/26 14:32:44 | 000,022,528 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010/02/26 14:32:44 | 000,018,176 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009/09/28 10:22:00 | 000,315,392 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/07/14 03:19:10 | 000,175,824 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009/07/14 03:19:10 | 000,040,896 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009/07/14 03:19:10 | 000,028,224 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/14 01:28:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/14 01:28:45 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/14 00:09:17 | 004,194,816 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/09/23 08:24:00 | 000,042,368 | -H-- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\shbecr.sys -- (Tdsshbecr) DRV - [2008/08/26 10:26:12 | 000,018,816 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/10/03 23:55:36 | 000,019,240 | -H-- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2007/10/03 23:55:28 | 000,015,400 | -H-- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil) DRV - [2007/10/03 23:55:08 | 000,080,424 | -H-- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SI3132.sys -- (SI3132) DRV - [2006/07/27 11:00:00 | 000,004,096 | -H-- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv) DRV - [2005/09/24 00:18:32 | 000,171,520 | -H-- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) DRV - [2005/04/25 10:34:52 | 002,937,344 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2004/11/05 12:08:06 | 000,670,208 | -H-- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock) DRV - [2004/08/13 10:56:20 | 000,005,810 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?affID=10588&tl=gbn187517 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E DD 74 FF F5 BC CA 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {34146BE2-675E-453F-B952-250FA268FEBF} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{34146BE2-675E-453F-B952-250FA268FEBF}: "URL" = http://www.google.com/search?hl=sv&q={searchTerms} IE - HKCU\..\SearchScopes\{797EBDB2-807A-4F2C-85F7-517D6613D597}: "URL" = http://se.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?affID=10588&tl=gbn187517" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: G:\Skrivare Canon MP 560\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kenneth\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kenneth\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/07/03 00:47:31 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/17 22:42:50 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 00:34:00 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/12/17 22:42:42 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/07/03 00:47:31 | 000,000,000 | -H-D | M] [2012/03/18 00:34:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Kenneth\AppData\Roaming\mozilla\Extensions [2012/03/30 17:23:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Kenneth\AppData\Roaming\mozilla\Firefox\Profiles\wb9t6b9o.default\extensions [2012/03/30 17:23:08 | 000,000,000 | -H-D | M] (Babylon) -- C:\Users\Kenneth\AppData\Roaming\mozilla\Firefox\Profiles\wb9t6b9o.default\extensions\ffxtlbr@babylon.com [2012/03/18 00:34:00 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions () (No name found) -- C:\USERS\KENNETH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WB9T6B9O.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI () (No name found) -- C:\USERS\KENNETH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WB9T6B9O.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI [2012/03/13 06:38:06 | 000,097,208 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/03/13 09:24:42 | 000,001,470 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allaannonser-sv-SE.xml [2012/03/30 17:21:56 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012/03/13 08:50:43 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/03/13 09:24:42 | 000,002,670 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\prisjakt-sv-SE.xml [2012/03/13 09:24:42 | 000,000,948 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tyda-sv-SE.xml [2012/03/13 09:24:42 | 000,001,174 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sv-SE.xml [2012/03/13 09:24:42 | 000,000,951 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-sv-SE.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kenneth\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kenneth\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kenneth\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Nexus Personal (Enabled) = C:\Program Files\Personal\bin\np_prsnl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = G:\Skrivare Canon MP 560\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kenneth\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\ O1 HOSTS File: ([2010/03/07 01:19:28 | 000,001,306 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found. O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\Windows\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\rmtray.exe (PC Tools ) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.67.199.21 195.67.199.22 195.67.199.23 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FB42043-6F48-4A25-9A2D-22E1FD28A827}: DhcpNameServer = 195.67.199.21 195.67.199.22 195.67.199.23 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | -H-- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011/07/18 19:11:49 | 000,000,000 | -H-D | M] - G:\AutoCAD dokument -- [ NTFS ] O33 - MountPoints2\{86a89cad-3972-11df-83e4-0013d46fba87}\Shell - "" = AutoRun O33 - MountPoints2\{86a89cad-3972-11df-83e4-0013d46fba87}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/03/30 23:23:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/03/30 17:23:30 | 000,000,000 | -H-D | C] -- C:\Users\Kenneth\AppData\Local\Babylon [2012/03/30 14:08:05 | 000,253,352 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys [2012/03/30 14:08:05 | 000,107,864 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys [2012/03/30 14:08:03 | 000,017,848 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys [2012/03/30 14:08:00 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys [2012/03/30 13:53:40 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys [2012/03/30 13:53:40 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys [2012/03/30 13:53:38 | 000,331,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys [2012/03/30 13:53:38 | 000,162,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys [2012/03/30 13:53:37 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys [2012/03/30 13:52:54 | 000,000,000 | -H-D | C] -- C:\Users\Kenneth\AppData\Roaming\TestApp [2012/03/30 13:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012/03/30 13:48:57 | 000,000,000 | RH-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC [2012/03/30 13:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal [2012/03/30 10:06:12 | 000,000,000 | -H-D | C] -- C:\Users\Kenneth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD [2012/03/25 17:17:39 | 000,000,000 | -H-D | C] -- C:\Program Files\Adobe CS5.5 Master Collection Content [2012/03/18 20:17:55 | 000,000,000 | -H-D | C] -- C:\Users\Kenneth\Documents\CardRecovery [2012/03/18 17:06:17 | 000,000,000 | -H-D | C] -- C:\Program Files\EASEUS [2012/03/18 16:27:41 | 000,067,312 | -H-- | C] (Just Great Software) -- C:\Windows\UnDeployV.exe [2012/03/18 16:27:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DDR - Memory Card Recovery(Demo) [2012/03/18 00:34:10 | 000,000,000 | -H-D | C] -- C:\Users\Kenneth\AppData\Local\Mozilla [2012/03/18 00:33:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2025/08/31 19:30:31 | 000,796,016 | -H-- | M] (Symantec Corporation) -- C:\cltLMSx.dll [2012/03/30 21:32:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/03/30 21:32:35 | 2717,212,672 | -HS- | M] () -- C:\hiberfil.sys [2012/03/30 21:27:02 | 000,000,647 | -H-- | M] () -- C:\Users\Kenneth\Desktop\SMART_HDD.lnk [2012/03/30 21:25:13 | 000,000,980 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/03/30 21:25:08 | 000,000,336 | -H-- | M] () -- C:\Windows\tasks\RegistryBooster.job [2012/03/30 17:59:53 | 001,008,141 | ---- | M] () -- C:\rkill (1).com [2012/03/30 17:22:04 | 000,000,250 | ---- | M] () -- C:\user.js [2012/03/30 13:52:55 | 000,001,661 | -H-- | M] () -- C:\Users\Kenneth\Desktop\SDAV_Online_aff_GenericRevenueWire_207.exe.lnk [2012/03/30 10:59:02 | 000,001,012 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4206820987-348621976-186063536-1000UA.job [2012/03/30 10:34:58 | 000,716,706 | -H-- | M] () -- C:\Windows\System32\perfh01D.dat [2012/03/30 10:34:58 | 000,707,184 | -H-- | M] () -- C:\Windows\System32\perfh009.dat [2012/03/30 10:34:58 | 000,162,520 | -H-- | M] () -- C:\Windows\System32\perfc01D.dat [2012/03/30 10:34:58 | 000,142,114 | -H-- | M] () -- C:\Windows\System32\perfc009.dat [2012/03/30 10:24:17 | 000,000,984 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/03/30 10:06:12 | 000,000,671 | -H-- | M] () -- C:\Users\Kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk [2012/03/30 08:59:03 | 000,000,960 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4206820987-348621976-186063536-1000Core.job [2012/03/26 00:23:20 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/26 00:23:19 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/25 18:21:35 | 076,120,362 | -H-- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2012/03/24 20:54:14 | 000,002,369 | -H-- | M] () -- C:\Users\Kenneth\Desktop\Google Chrome.lnk [2012/03/18 16:32:14 | 000,000,935 | -H-- | M] () -- C:\Users\Kenneth\RPSTD2010.lic [2012/03/18 16:04:59 | 002,551,984 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/03/30 21:27:02 | 000,000,647 | -H-- | C] () -- C:\Users\Kenneth\Desktop\SMART_HDD.lnk [2012/03/30 18:00:59 | 001,008,141 | ---- | C] () -- C:\rkill (1).com [2012/03/30 17:22:03 | 000,000,250 | ---- | C] () -- C:\user.js [2012/03/30 13:52:55 | 000,001,661 | -H-- | C] () -- C:\Users\Kenneth\Desktop\SDAV_Online_aff_GenericRevenueWire_207.exe.lnk [2012/03/30 10:06:12 | 000,000,671 | -H-- | C] () -- C:\Users\Kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk [2012/02/17 23:19:01 | 000,004,316 | -H-- | C] () -- C:\Users\Kenneth\AppData\Roaming\mdbu.bin [2011/11/05 21:26:12 | 000,000,290 | -H-- | C] () -- C:\Windows\INFOMAN.INI [2011/11/05 21:25:41 | 000,000,366 | -H-- | C] () -- C:\Windows\TBWIN.INI [2011/04/09 19:23:42 | 000,027,648 | -H-- | C] () -- C:\Windows\System32\AVSredirect.dll [2011/02/11 15:38:36 | 000,000,118 | -H-- | C] () -- C:\Windows\System32\MRT.INI [2010/12/28 14:41:07 | 000,000,027 | -H-- | C] () -- C:\Windows\MPLAB.INI [2010/12/24 16:47:24 | 000,188,416 | -H-- | C] () -- C:\Windows\System32\ftdiunin.exe [2010/12/24 16:47:24 | 000,000,133 | -H-- | C] () -- C:\Windows\System32\ftdiun2k.ini [2010/10/31 20:02:32 | 000,005,120 | -H-- | C] () -- C:\Users\Kenneth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/04 08:13:36 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\MPMapTrace.dll [2010/10/04 07:22:22 | 000,364,544 | -H-- | C] () -- C:\Windows\System32\mpPathan.dll [2010/07/12 08:20:27 | 000,000,058 | -H-- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2010/07/12 08:20:27 | 000,000,058 | -H-- | C] () -- C:\Users\Kenneth\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2010/04/11 21:05:07 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2010/04/02 22:35:47 | 000,004,866 | -H-- | C] () -- C:\ProgramData\iyqsutdc.bjx ========== LOP Check ========== [2010/12/29 23:41:24 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Arduino [2011/06/06 00:13:36 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Autodesk [2010/03/06 14:18:54 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\AVG9 [2012/03/26 00:22:28 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\BitTorrent [2010/04/17 20:33:11 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Blender Foundation [2010/10/29 17:50:06 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\CadSoft [2010/12/12 12:08:08 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Canon [2011/06/05 23:48:05 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\DAEMON Tools Pro [2010/07/12 08:20:27 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\DonationCoder [2011/06/24 20:59:39 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Garmin [2011/01/05 12:56:13 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\GetRightToGo [2011/10/07 22:44:53 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Graphisoft [2011/10/07 20:18:35 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Install.GS [2010/03/13 00:11:51 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Mathsoft [2012/03/30 23:42:22 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Microchip [2010/11/28 11:25:06 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\National Instruments [2011/07/06 11:30:45 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Nitro PDF [2010/09/19 15:46:25 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Nokia [2010/03/28 22:37:40 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Nokia Ovi Suite [2011/05/22 07:13:11 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\OpenCandy [2010/03/19 16:22:09 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\PC Suite [2011/07/16 05:05:21 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Personal [2010/03/28 17:39:44 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Propellerhead Software [2011/04/10 08:44:17 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Registry Mechanic [2012/03/30 13:52:54 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\TestApp [2010/10/23 14:34:59 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Thinstall [2010/04/11 21:05:06 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Thunderbird [2011/05/22 07:13:12 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\Uniblue [2010/07/21 00:17:48 | 000,000,000 | -H-D | M] -- C:\Users\Kenneth\AppData\Roaming\VDownloader [2012/03/30 21:25:08 | 000,000,336 | -H-- | M] () -- C:\Windows\Tasks\RegistryBooster.job [2011/10/15 22:44:01 | 000,032,608 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DFC5A2B2
  13. Hej! Detta liknar mycket det jag råkat ut för! Dessvärre kan jag inte köra DDS, det blir ingen läsbar fil. Kan inte heller köra MBAM eftersom det krävs en databasuppdatering och när den körs inträffar ett fel... Har inte åtkomst till mappen Documents and settings. I denna mapp finns sannolikt kvar en hel del av det som hela tiden återkommer. Kenneth
  14. Hej Nu har jag lyckats ta fram dolda mappar o filer men pgm via startmenyn är inte gripbara. Kör i felsäkert läge. Att pgm inte är synliga kan ju bero på att, som det beskrivs i bleep... att filnamnen blivit korrupta,saknar komplett filnamn. Jag har dock kört Rkill några gånger och loggen ser ut så här; This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 2012-03-30 at 19:44:52. Operating System: Windows 7 Ultimate Processes terminated by Rkill or while it was running: Rkill completed on 2012-03-30 at 19:44:55 Nu kan man ju fundera över vad "Processes terminated .." betyder. Är det så att det fortfarande finns saker igång som Rkill dock stoppar? Vet ännu inte om jag törs starta om i vanligt läge. Det är ju samtidigt så att felsäkert läge undantar en hel del pgm, processer, som i en vanlig start skulle kunna börja köra igen. Sedan vet jag jag inte vilka filer eller registerposter som tagits bort eller ändrats av Rkill. Alltså behöver jag ett bra råd om vad göra näst. Cecilia.... har du ngt bra på G? mvh Kenneth
×
×
  • Skapa nytt...