Just nu i M3-nätverket
Gå till innehåll
Eforum är stängt för nya inlägg och svar sedan 20 juni 2022. Klicka för att läsa vad som hände och om alternativ.

Virusrensning på polarens dator

Micke-89

Startad av Micke-89,
i Virus, skadliga program & botemedel

Rekommendera Poster

Micke-89

Micke-89

Postad
Postad

Nu är det dax igen då. Min polare lyckades med det omöjliga igen.

 

Kört malbytes,Kaspersky Virus Removal Tool och nod 32 online scan.

 

Alla loggar kommer med.

 

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by KENNY at 23:12:34 on 2012-08-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8086.5618 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Corsair VENGEANCE 2000\CPL\CAHS2.exe

C:\Program Files\Corsair VENGEANCE 2000\CPL\CAHS2.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Origin\Origin.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files (x86)\XFastUSB\XFastUsb.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\ekort\ekort.exe

C:\Program Files (x86)\SoliCall\bin\Personal_PBXMate.exe

C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Mdfrzy\mbamgui.exe

C:\Windows\SysWOW64\OBroker.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\PROGRA~2\Raptr\raptr.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\PROGRA~2\Raptr\raptr_im.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\qosPlugin.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Raptr\raptr_ep64.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Mdfrzy\mbamservice.exe

C:\Windows\system32\AUDIODG.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=a6cec5f8000000000000bc5ff41a7d08

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: ADDICT-THING Class: {641a48b0-771d-6262-e190-61cc47b15106} - C:\ProgramData\ADDICT-THING\bhoclass.dll

BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - C:\Program Files (x86)\ekort\EKortHelper.dll

BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - C:\Program Files (x86)\ekort\EKortToolbar.dll

TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe

uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup

mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart

mRun: [PersonalPBXMate] "C:\Program Files (x86)\SoliCall\bin\Personal_PBXMate.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Mdfrzy\mbamgui.exe" /starttray

mRunOnce: [GrpConv] grpconv -o

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{292A936C-773C-4FE9-BB24-9D66861CB451} : DhcpNameServer = 192.168.2.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{641A48B0-771D-6262-E190-61CC47B15106}

{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{9065E913-4F23-4B47-9B5D-B055D32DB1F3}

{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

{ba14329e-9550-4989-b3f2-9732e92d17cc}

{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

{8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF}

{F9639E4A-801B-4843-AEE3-03D9DA199E77}

{ba14329e-9550-4989-b3f2-9732e92d17cc}

mRun-x64: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun-x64: [XFastUSB] "C:\Program Files (x86)\XFastUSB\XFastUsb.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart

mRun-x64: [PersonalPBXMate] "C:\Program Files (x86)\SoliCall\bin\Personal_PBXMate.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Mdfrzy\mbamgui.exe" /starttray

mRunOnce-x64: [GrpConv] grpconv -o

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\KENNY\AppData\Roaming\Mozilla\Firefox\Profiles\wbktlt3y.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6OyJorqj5j&&i=26&search=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Users\KENNY\AppData\Roaming\Mozilla\Firefox\Profiles\wbktlt3y.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll

FF - plugin: C:\Users\KENNY\AppData\Roaming\Mozilla\Firefox\Profiles\wbktlt3y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.y2layers.installId - 2b37fe5d-c87c-4ae2-8673-4d6b6568c136

FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube

.

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - a6cec5f8000000000000bc5ff41a7d08

FF - user.js: extensions.BabylonToolbar_i.hardId - a6cec5f8000000000000bc5ff41a7d08

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15485

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:54:51

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

user_pref('extensions.dealply.partner', 'iron');

.

user_pref('extensions.dealply.channel', 'iron3');

.

user_pref('extensions.dealply.installId', 'v23900276308063248466862012052511544524');

.

user_pref('extensions.dealply.installIdSource', 'inst');

.

user_pref('extensions.dealply.sampleGroup', '4');

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyJorqj5j&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - a6cec5f8000000000000bc5ff41a7d08

FF - user.js: extensions.incredibar_i.instlDay - 15550

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1410:39:14

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6OyJorqj5j

FF - user.js: extensions.incredibar_i.upn2n - 92261837856457397

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10650

FF - user.js: extensions.incredibar_i.ppd - 20%5F5

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]

R1 FNETURPX;FNETURPX;C:\Windows\system32\drivers\FNETURPX.SYS --> C:\Windows\system32\drivers\FNETURPX.SYS [?]

R1 MpKslfd16c85b;MpKslfd16c85b;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEDB7EE8-53DB-4DCB-8169-0B34577A3382}\MpKslfd16c85b.sys [2012-8-2 35664]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-3-15 181760]

R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-3-15 55296]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Mdfrzy\mbamservice.exe [2012-8-2 655944]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]

R2 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SYMPHONY;Corsair USB Headphone Driver;C:\Windows\system32\DRIVERS\Symphony.sys --> C:\Windows\system32\DRIVERS\Symphony.sys [?]

RUnknown 50511128;50511128; [x]

RUnknown 5816898drv;5816898drv; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]

S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\system32\drivers\FNETTBOH_305.SYS --> C:\Windows\system32\drivers\FNETTBOH_305.SYS [?]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-02 20:01:57 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEDB7EE8-53DB-4DCB-8169-0B34577A3382}\MpKslfd16c85b.sys

2012-08-02 18:48:28 -------- d-----w- C:\Users\KENNY\AppData\Local\{4DAE4414-8E76-4601-91EB-6C086E18385A}

2012-08-02 18:48:18 -------- d-----w- C:\Users\KENNY\AppData\Local\{A3C98CE1-C5DF-4BC0-8ADD-E15DED2F4E32}

2012-08-02 18:47:42 -------- d-----w- C:\Program Files (x86)\ESET

2012-08-02 18:37:24 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-08-02 18:33:28 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEDB7EE8-53DB-4DCB-8169-0B34577A3382}\offreg.dll

2012-08-02 15:04:16 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEDB7EE8-53DB-4DCB-8169-0B34577A3382}\mpengine.dll

2012-08-02 09:45:01 -------- d-----w- C:\Users\KENNY\AppData\Roaming\Malwarebytes

2012-08-02 09:44:55 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-02 09:44:54 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-02 09:44:54 -------- d-----w- C:\Program Files (x86)\Mdfrzy

2012-08-02 06:47:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{FACA2EA7-E30E-4E8C-8FAD-B6DCEECA2FFB}

2012-08-02 06:47:35 -------- d-----w- C:\Users\KENNY\AppData\Local\{1670F952-1838-42FB-87F3-B27FB360171E}

2012-08-01 14:47:56 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-01 14:39:51 -------- d-----w- C:\Users\KENNY\AppData\Local\{66E625D3-5374-461A-AFD4-F02541507CFF}

2012-08-01 14:39:39 -------- d-----w- C:\Users\KENNY\AppData\Local\{0FDD4A58-8E3A-4CC4-8F6D-C19FD17265E1}

2012-07-31 14:30:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{D661220E-DCF4-4627-AFFD-C9BACE2995A5}

2012-07-31 14:29:52 -------- d-----w- C:\Users\KENNY\AppData\Local\{26A3992D-9394-412B-AD53-357A21D2938C}

2012-07-30 16:29:26 -------- d-----w- C:\Users\KENNY\AppData\Local\DirectDownloader

2012-07-30 14:31:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{B9EAC65B-3941-46E1-AED3-4EC0FF3CFAC4}

2012-07-30 14:30:52 -------- d-----w- C:\Users\KENNY\AppData\Local\{DEC38FC9-D859-4748-8368-E31336DFEC22}

2012-07-29 20:40:11 -------- d-----w- C:\Users\KENNY\AppData\Roaming\Raptr

2012-07-29 20:40:11 -------- d-----w- C:\Program Files (x86)\Raptr

2012-07-29 20:39:17 -------- d-----w- C:\Program Files (x86)\Conduit

2012-07-29 20:39:16 -------- d-----w- C:\Users\KENNY\AppData\Local\Conduit

2012-07-29 20:39:15 -------- d-----w- C:\Program Files (x86)\Vuze_Remote

2012-07-29 08:39:38 -------- d-----w- C:\ProgramData\Premium

2012-07-29 08:39:31 -------- d-----w- C:\ProgramData\OptimizerPro

2012-07-29 08:39:26 -------- d-----w- C:\Program Files (x86)\Optimizer Pro

2012-07-29 08:39:13 -------- d-----w- C:\Program Files (x86)\Incredibar.com

2012-07-29 08:38:36 -------- d-----w- C:\ProgramData\ADDICT-THING

2012-07-29 08:38:17 -------- d-----w- C:\ProgramData\InstallMate

2012-07-29 07:55:18 -------- d-----w- C:\Users\KENNY\AppData\Local\{937F4C4F-E761-4F9D-AFB6-4A85C17478E1}

2012-07-29 07:55:04 -------- d-----w- C:\Users\KENNY\AppData\Local\{7FBC3D22-DC2B-4B4B-A5E7-49D8ED32AD4E}

2012-07-28 18:12:19 -------- d-----w- C:\Program Files (x86)\OpenApp

2012-07-28 18:02:55 -------- d-----w- C:\Program Files (x86)\smartdl

2012-07-28 08:24:50 -------- d-----w- C:\Users\KENNY\AppData\Local\{0A8BA5EB-EFC0-4574-A3E5-DEE8C286B222}

2012-07-28 08:24:40 -------- d-----w- C:\Users\KENNY\AppData\Local\{89803C18-7F08-458E-80B3-9403432092B4}

2012-07-27 10:23:22 -------- d-----w- C:\Users\KENNY\AppData\Local\{7F15B864-FC51-4D77-8255-C0D6AD3AE68E}

2012-07-27 10:23:10 -------- d-----w- C:\Users\KENNY\AppData\Local\{0DD3F77A-7860-452E-9632-FB18BD77E89D}

2012-07-26 17:09:24 -------- d-----w- C:\Users\KENNY\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

2012-07-26 17:07:39 -------- d-----w- C:\Users\KENNY\AppData\Local\Htc

2012-07-26 17:07:11 -------- d-----w- C:\Users\KENNY\AppData\Roaming\HTC

2012-07-26 17:06:01 -------- d-----w- C:\Users\KENNY\AppData\Local\Downloaded Installations

2012-07-26 17:05:42 -------- d-----w- C:\Program Files (x86)\Spirent Communications

2012-07-26 17:05:29 -------- d-----w- C:\Program Files (x86)\HTC

2012-07-26 17:05:09 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-07-26 08:23:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{254B3108-51CA-41AD-993C-496076E647CB}

2012-07-26 08:23:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{C5B6ED28-9DAB-4D90-ABCD-C4EFB2EFA966}

2012-07-25 14:33:01 -------- d-----w- C:\Users\KENNY\AppData\Local\{AD60E4E9-ED71-4309-8EB7-BE5168CF6E3A}

2012-07-25 14:32:48 -------- d-----w- C:\Users\KENNY\AppData\Local\{C96A861D-DFB1-47B1-A831-73039D760C45}

2012-07-24 14:30:17 -------- d-----w- C:\Users\KENNY\AppData\Local\{42E45AD2-9BBE-4ABE-B467-CB7B0FE5E655}

2012-07-24 14:30:05 -------- d-----w- C:\Users\KENNY\AppData\Local\{D160A798-659A-4A8B-B2FD-30B78FE33C8B}

2012-07-23 16:10:18 -------- d-----w- C:\Users\KENNY\AppData\Local\{996C9540-BE8B-40F5-AD75-4B944C0AD019}

2012-07-23 16:10:07 -------- d-----w- C:\Users\KENNY\AppData\Local\{EDA25C6A-3ABA-42D7-857B-9D63A843B86B}

2012-07-22 09:02:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{4056E71A-47B8-4F3D-9863-A56135C6D29A}

2012-07-22 09:02:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{E79A2B8C-B763-4475-9C8B-7032837619A0}

2012-07-21 08:49:23 -------- d-----w- C:\Users\KENNY\AppData\Local\{0E0D9D90-0354-41DD-87C1-19E5E0C836DB}

2012-07-21 08:49:10 -------- d-----w- C:\Users\KENNY\AppData\Local\{3EE5BC90-8B3F-4247-AC9C-217979B3B501}

2012-07-20 07:05:00 -------- d-----w- C:\Users\KENNY\AppData\Local\{DAF94222-B600-4032-9027-02F003D5272B}

2012-07-20 07:04:49 -------- d-----w- C:\Users\KENNY\AppData\Local\{961ABD14-83B2-4697-8447-3B5E449FAF77}

2012-07-19 08:42:57 -------- d-----w- C:\Users\KENNY\AppData\Local\{E3282096-9DBB-4E73-937F-6AF4A831635F}

2012-07-19 08:42:37 -------- d-----w- C:\Users\KENNY\AppData\Local\{55CF5C16-AFEC-46EB-ABC7-B03FA9126A54}

2012-07-18 08:25:12 -------- d-----w- C:\Users\KENNY\AppData\Local\{9F230861-CF23-4741-A54F-07906AB52A95}

2012-07-18 08:25:01 -------- d-----w- C:\Users\KENNY\AppData\Local\{BDAC4C63-0AAD-471A-BD64-7859FDB5DEEB}

2012-07-17 09:34:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{964F5E17-B185-41FF-8809-1B87E35670B7}

2012-07-17 09:33:51 -------- d-----w- C:\Users\KENNY\AppData\Local\{D17C1D34-C7B7-4794-BD0D-01D5CD07F4B8}

2012-07-16 10:48:32 -------- d-----w- C:\Users\KENNY\AppData\Local\{1C33B996-BB57-41A1-A60A-98A3F461EBBD}

2012-07-16 10:48:21 -------- d-----w- C:\Users\KENNY\AppData\Local\{EE087ECE-29EE-46E2-9F55-2D3AA304B426}

2012-07-15 21:26:00 -------- d-----w- C:\Users\KENNY\AppData\Local\{E90E66A1-7D64-4122-83CC-D8F4FF692712}

2012-07-15 21:25:50 -------- d-----w- C:\Users\KENNY\AppData\Local\{E9B974E9-FA1F-4C71-9C5F-462B927112CD}

2012-07-15 09:25:24 -------- d-----w- C:\Users\KENNY\AppData\Local\{70C10C92-DB8C-4889-9487-8BBAB6F31F5D}

2012-07-15 09:25:14 -------- d-----w- C:\Users\KENNY\AppData\Local\{609A0470-D0D2-4730-B9E1-736CCF8BEF64}

2012-07-14 08:35:29 -------- d-----w- C:\Users\KENNY\AppData\Local\{5A5EDDB3-4729-4AC2-A503-AA7469C03E3B}

2012-07-14 08:35:15 -------- d-----w- C:\Users\KENNY\AppData\Local\{4CDF74AC-2456-4A51-9314-84CF3E60066D}

2012-07-13 09:04:52 -------- d-----w- C:\Users\KENNY\AppData\Local\{23C5B667-4303-4BCF-BB0F-43FD6FCA7FA1}

2012-07-13 09:04:42 -------- d-----w- C:\Users\KENNY\AppData\Local\{FA99EA6C-0624-4541-A0CF-F1DF66A5ADC4}

2012-07-12 16:45:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{48524C18-CAD2-40E4-9B21-798D5C3A8506}

2012-07-12 16:44:49 -------- d-----w- C:\Users\KENNY\AppData\Local\{299AD14B-7920-48EB-BF49-B5F2C5E33B16}

2012-07-11 23:08:09 -------- d-----w- C:\Users\KENNY\AppData\Local\{7F5813FC-8738-4D51-A5C4-0CBD7E9563B8}

2012-07-11 23:07:53 -------- d-----w- C:\Users\KENNY\AppData\Local\{296770BF-45E3-45B1-81EB-8B13EDCDBDE9}

2012-07-11 11:33:35 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 09:22:59 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-07-11 09:22:59 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-07-11 09:22:59 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-07-11 09:22:59 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-07-11 09:22:59 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-11 09:22:59 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 09:22:58 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll

2012-07-11 09:22:58 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 09:22:58 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 09:22:58 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 09:22:58 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 09:22:58 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 09:22:58 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-07-11 09:20:20 -------- d-----w- C:\Users\KENNY\AppData\Local\{52BF190D-7654-4D67-89D7-49372D6DA68A}

2012-07-11 09:20:03 -------- d-----w- C:\Users\KENNY\AppData\Local\{71A8761E-B4AD-4BEF-BAF7-AB5A71D13F38}

2012-07-10 09:59:35 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2012-07-10 08:28:57 -------- d-----w- C:\Users\KENNY\AppData\Local\{BD78FB45-02C8-49AA-9E00-3554EF86DA71}

2012-07-10 08:28:45 -------- d-----w- C:\Users\KENNY\AppData\Local\{8B175211-2FDE-4A4F-B973-F6C15128D6AF}

2012-07-09 10:21:15 -------- d-----w- C:\Users\KENNY\AppData\Local\{0ACEA0A0-C41B-448D-BCD0-E7494400E2EE}

2012-07-09 10:20:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{9CCBED56-3BAB-44D8-97EE-06612FB8809D}

2012-07-08 09:08:14 -------- d-----w- C:\Users\KENNY\AppData\Local\{EDA905CC-8BB6-4A31-8079-04C0C57EB385}

2012-07-08 09:07:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{E30CBDF4-F4BC-46A9-974D-8DFD7BEDC912}

2012-07-07 09:07:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{637F92B4-E85C-48A4-972C-0E0413CF8ABE}

2012-07-07 09:07:34 -------- d-----w- C:\Users\KENNY\AppData\Local\{B5D23CCA-A914-4FA0-8385-1551B3D87228}

2012-07-06 09:15:53 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-07-06 09:06:37 -------- d-----w- C:\Users\KENNY\AppData\Local\{01D4BCFA-DBB9-4A04-994C-0E8D1DB7FEED}

2012-07-06 09:06:26 -------- d-----w- C:\Users\KENNY\AppData\Local\{63D4259B-7D30-4DB8-86C0-9B68132B133A}

2012-07-05 09:11:20 -------- d-----w- C:\Users\KENNY\AppData\Local\{9E14D3F1-B43F-4613-B3DC-3CA936C3C074}

2012-07-05 09:11:10 -------- d-----w- C:\Users\KENNY\AppData\Local\{B3CBA613-8C48-4ABD-A922-3EE32FF42829}

2012-07-04 07:35:16 -------- d-----w- C:\Users\KENNY\AppData\Local\{512D7BA7-E8C8-47A0-B33C-F68FC03012D5}

2012-07-04 07:35:03 -------- d-----w- C:\Users\KENNY\AppData\Local\{013157CA-FF9D-4D54-92BC-B99BE004D3BC}

.

==================== Find3M ====================

.

2012-08-02 17:28:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-02 17:28:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-26 17:11:12 32320 ----a-w- C:\Windows\System32\drivers\FNETTBOH_305.SYS

2012-07-22 18:25:31 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-07-22 18:25:31 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-07-22 09:37:19 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-06-25 14:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll

2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll

2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll

2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe

2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll

2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll

2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-06-11 11:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-11 11:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-11 11:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-11 11:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-11 11:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-11 11:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-11 11:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-30 17:44:56 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-05-30 17:44:55 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-05-30 17:44:55 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-05-30 17:44:55 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

.

============= FINISH: 23:12:47,07 ===============

ho.txt

log.txt

mbam-log-2012-08-02 (11-46-08).txt

mbam-log-2012-08-02 (20-26-19).txt

mbam-log-2012-08-02 (20-28-16).txt

mbam-log-2012-08-02 (20-32-00).txt

uh.txt

Attach.txt

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Avinstallera:

Incredibar Toolbar on IE orsak: http://www.systemlookup.com/CLSID/74602-incredibarTlbr_dll.html

Vuze Remote Toolbar: http://www.systemlookup.com/CLSID/70253-tbVuze_dll_tbVuz0_dll_tbVuz1_dll_tbVuz2_dll_prxtbVuze_dll_prxtbVuz0_dll_prxtbVuz1_dll_prxtbVuz2_dll.html

DealPly: http://www.systemlookup.com/CLSID/73388-DealPlyIE_dll.html

FLV Player: Se Esets logg

 

I Firefox lista över installerade tillägg och insticksmoduler, leta efter Babylon, Incredibar, dealply, buzzdock, toprelatedtopics och annat konstigt som inte används. Avinstallera eller inaktivera.

 

Starta om datorn.

Kör DDS och klistra in en ny DDS.txt.

 

Finns det annat än alla dessa toolbars som visar att datorn är infekterad?

Länk till kommentar
Dela på andra webbplatser
Micke-89

Micke-89

Postad
  • Trådskapare
Postad

Avinstallera:

Incredibar Toolbar on IE orsak: http://www.systemlookup.com/CLSID/74602-incredibarTlbr_dll.html

Vuze Remote Toolbar: http://www.systemlookup.com/CLSID/70253-tbVuze_dll_tbVuz0_dll_tbVuz1_dll_tbVuz2_dll_prxtbVuze_dll_prxtbVuz0_dll_prxtbVuz1_dll_prxtbVuz2_dll.html

DealPly: http://www.systemlookup.com/CLSID/73388-DealPlyIE_dll.html

FLV Player: Se Esets logg

 

I Firefox lista över installerade tillägg och insticksmoduler, leta efter Babylon, Incredibar, dealply, buzzdock, toprelatedtopics och annat konstigt som inte används. Avinstallera eller inaktivera.

 

Starta om datorn.

Kör DDS och klistra in en ny DDS.txt.

 

Finns det annat än alla dessa toolbars som visar att datorn är infekterad?

 

 

Jag mistäkte att han fått skit i daorn och han sa att datorn hade blivit seg. Annars finns det inget i datorn som påvisar att den har virus. Han har i för sig fått ett till program nere i vid klockan man man se det (ser ut som ett chatt program). Men har inte namnet i huvudet.

 

 

Förstår inte hur han lyckas få in 10 ca tolbars i datorn.

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Okej, då är det kanske bara alla dessa toolbars :rolleyes:

 

Vi får se hur datorn beter sig när de har blivit avinstallerade och resterna sedan har rensats bort (manuell handpåläggning i Firefox brukar krävas).

Länk till kommentar
Dela på andra webbplatser
Micke-89

Micke-89

Postad
  • Trådskapare
Postad

Okej, då är det kanske bara alla dessa toolbars :rolleyes:

 

Vi får se hur datorn beter sig när de har blivit avinstallerade och resterna sedan har rensats bort (manuell handpåläggning i Firefox brukar krävas).

 

 

Okej tar bort raptr också (det där konstiga chattprogramet).

 

yontoo som verkar vara någon trojan/virus mned. Jag får inte bort det häller.

 

Återkommer med DDS logg snart.

 

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by KENNY at 14:25:58 on 2012-08-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8086.6165 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Skype\Updater\Updater.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Corsair VENGEANCE 2000\CPL\CAHS2.exe

C:\Program Files\Corsair VENGEANCE 2000\CPL\CAHS2.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Origin\Origin.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\ekort\ekort.exe

C:\Program Files (x86)\SoliCall\bin\Personal_PBXMate.exe

C:\Windows\SysWOW64\OBroker.exe

C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Program Files (x86)\Mdfrzy\mbamgui.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\qosPlugin.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=a6cec5f8000000000000bc5ff41a7d08

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: ADDICT-THING Class: {641a48b0-771d-6262-e190-61cc47b15106} - C:\ProgramData\ADDICT-THING\bhoclass.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - C:\Program Files (x86)\ekort\EKortHelper.dll

BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - C:\Program Files (x86)\ekort\EKortToolbar.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe

mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart

mRun: [PersonalPBXMate] "C:\Program Files (x86)\SoliCall\bin\Personal_PBXMate.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Mdfrzy\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{292A936C-773C-4FE9-BB24-9D66861CB451} : DhcpNameServer = 192.168.2.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{641A48B0-771D-6262-E190-61CC47B15106}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{9065E913-4F23-4B47-9B5D-B055D32DB1F3}

{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

{8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF}

mRun-x64: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart

mRun-x64: [PersonalPBXMate] "C:\Program Files (x86)\SoliCall\bin\Personal_PBXMate.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Mdfrzy\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\KENNY\AppData\Roaming\Mozilla\Firefox\Profiles\wbktlt3y.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6OyJorqj5j&&i=26&search=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Users\KENNY\AppData\Roaming\Mozilla\Firefox\Profiles\wbktlt3y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.y2layers.installId - 2b37fe5d-c87c-4ae2-8673-4d6b6568c136

FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube

.

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - a6cec5f8000000000000bc5ff41a7d08

FF - user.js: extensions.BabylonToolbar_i.hardId - a6cec5f8000000000000bc5ff41a7d08

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15485

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:54:51

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

user_pref('extensions.dealply.partner', 'iron');

.

user_pref('extensions.dealply.channel', 'iron3');

.

user_pref('extensions.dealply.installId', 'v23900276308063248466862012052511544524');

.

user_pref('extensions.dealply.installIdSource', 'inst');

.

user_pref('extensions.dealply.sampleGroup', '4');

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyJorqj5j&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - a6cec5f8000000000000bc5ff41a7d08

FF - user.js: extensions.incredibar_i.instlDay - 15550

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1410:39:14

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6OyJorqj5j

FF - user.js: extensions.incredibar_i.upn2n - 92261837856457397

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10650

FF - user.js: extensions.incredibar_i.ppd - 20%5F5

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-3-15 181760]

R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-3-15 55296]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]

R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]

R2 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SYMPHONY;Corsair USB Headphone Driver;C:\Windows\system32\DRIVERS\Symphony.sys --> C:\Windows\system32\DRIVERS\Symphony.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Mdfrzy\mbamservice.exe [2012-8-2 655944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-03 09:11:46 -------- d-----w- C:\Users\KENNY\AppData\Local\{3C09B89F-7F71-4C88-83CC-7B83622DC393}

2012-08-03 09:11:21 -------- d-----w- C:\Users\KENNY\AppData\Local\{CA4FA6C1-F182-4016-BDD8-BA85F15CCB56}

2012-08-02 18:48:28 -------- d-----w- C:\Users\KENNY\AppData\Local\{4DAE4414-8E76-4601-91EB-6C086E18385A}

2012-08-02 18:48:18 -------- d-----w- C:\Users\KENNY\AppData\Local\{A3C98CE1-C5DF-4BC0-8ADD-E15DED2F4E32}

2012-08-02 18:47:42 -------- d-----w- C:\Program Files (x86)\ESET

2012-08-02 18:37:24 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-08-02 15:04:16 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AEDB7EE8-53DB-4DCB-8169-0B34577A3382}\mpengine.dll

2012-08-02 09:45:01 -------- d-----w- C:\Users\KENNY\AppData\Roaming\Malwarebytes

2012-08-02 09:44:55 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-02 09:44:54 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-02 09:44:54 -------- d-----w- C:\Program Files (x86)\Mdfrzy

2012-08-02 06:47:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{FACA2EA7-E30E-4E8C-8FAD-B6DCEECA2FFB}

2012-08-02 06:47:35 -------- d-----w- C:\Users\KENNY\AppData\Local\{1670F952-1838-42FB-87F3-B27FB360171E}

2012-08-01 14:47:56 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-01 14:39:51 -------- d-----w- C:\Users\KENNY\AppData\Local\{66E625D3-5374-461A-AFD4-F02541507CFF}

2012-08-01 14:39:39 -------- d-----w- C:\Users\KENNY\AppData\Local\{0FDD4A58-8E3A-4CC4-8F6D-C19FD17265E1}

2012-07-31 14:30:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{D661220E-DCF4-4627-AFFD-C9BACE2995A5}

2012-07-31 14:29:52 -------- d-----w- C:\Users\KENNY\AppData\Local\{26A3992D-9394-412B-AD53-357A21D2938C}

2012-07-30 16:29:26 -------- d-----w- C:\Users\KENNY\AppData\Local\DirectDownloader

2012-07-30 14:31:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{B9EAC65B-3941-46E1-AED3-4EC0FF3CFAC4}

2012-07-30 14:30:52 -------- d-----w- C:\Users\KENNY\AppData\Local\{DEC38FC9-D859-4748-8368-E31336DFEC22}

2012-07-29 20:40:11 -------- d-----w- C:\Program Files (x86)\Raptr

2012-07-29 20:39:17 -------- d-----w- C:\Program Files (x86)\Conduit

2012-07-29 20:39:16 -------- d-----w- C:\Users\KENNY\AppData\Local\Conduit

2012-07-29 08:39:38 -------- d-----w- C:\ProgramData\Premium

2012-07-29 08:39:31 -------- d-----w- C:\ProgramData\OptimizerPro

2012-07-29 08:39:26 -------- d-----w- C:\Program Files (x86)\Optimizer Pro

2012-07-29 08:38:36 -------- d-----w- C:\ProgramData\ADDICT-THING

2012-07-29 08:38:17 -------- d-----w- C:\ProgramData\InstallMate

2012-07-29 07:55:18 -------- d-----w- C:\Users\KENNY\AppData\Local\{937F4C4F-E761-4F9D-AFB6-4A85C17478E1}

2012-07-29 07:55:04 -------- d-----w- C:\Users\KENNY\AppData\Local\{7FBC3D22-DC2B-4B4B-A5E7-49D8ED32AD4E}

2012-07-28 18:12:19 -------- d-----w- C:\Program Files (x86)\OpenApp

2012-07-28 18:02:55 -------- d-----w- C:\Program Files (x86)\smartdl

2012-07-28 08:24:50 -------- d-----w- C:\Users\KENNY\AppData\Local\{0A8BA5EB-EFC0-4574-A3E5-DEE8C286B222}

2012-07-28 08:24:40 -------- d-----w- C:\Users\KENNY\AppData\Local\{89803C18-7F08-458E-80B3-9403432092B4}

2012-07-27 10:23:22 -------- d-----w- C:\Users\KENNY\AppData\Local\{7F15B864-FC51-4D77-8255-C0D6AD3AE68E}

2012-07-27 10:23:10 -------- d-----w- C:\Users\KENNY\AppData\Local\{0DD3F77A-7860-452E-9632-FB18BD77E89D}

2012-07-26 17:09:24 -------- d-----w- C:\Users\KENNY\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

2012-07-26 17:07:39 -------- d-----w- C:\Users\KENNY\AppData\Local\Htc

2012-07-26 17:07:11 -------- d-----w- C:\Users\KENNY\AppData\Roaming\HTC

2012-07-26 17:06:01 -------- d-----w- C:\Users\KENNY\AppData\Local\Downloaded Installations

2012-07-26 17:05:42 -------- d-----w- C:\Program Files (x86)\Spirent Communications

2012-07-26 17:05:29 -------- d-----w- C:\Program Files (x86)\HTC

2012-07-26 17:05:09 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-07-26 08:23:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{254B3108-51CA-41AD-993C-496076E647CB}

2012-07-26 08:23:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{C5B6ED28-9DAB-4D90-ABCD-C4EFB2EFA966}

2012-07-25 14:33:01 -------- d-----w- C:\Users\KENNY\AppData\Local\{AD60E4E9-ED71-4309-8EB7-BE5168CF6E3A}

2012-07-25 14:32:48 -------- d-----w- C:\Users\KENNY\AppData\Local\{C96A861D-DFB1-47B1-A831-73039D760C45}

2012-07-24 14:30:17 -------- d-----w- C:\Users\KENNY\AppData\Local\{42E45AD2-9BBE-4ABE-B467-CB7B0FE5E655}

2012-07-24 14:30:05 -------- d-----w- C:\Users\KENNY\AppData\Local\{D160A798-659A-4A8B-B2FD-30B78FE33C8B}

2012-07-23 16:10:18 -------- d-----w- C:\Users\KENNY\AppData\Local\{996C9540-BE8B-40F5-AD75-4B944C0AD019}

2012-07-23 16:10:07 -------- d-----w- C:\Users\KENNY\AppData\Local\{EDA25C6A-3ABA-42D7-857B-9D63A843B86B}

2012-07-22 09:02:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{4056E71A-47B8-4F3D-9863-A56135C6D29A}

2012-07-22 09:02:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{E79A2B8C-B763-4475-9C8B-7032837619A0}

2012-07-21 08:49:23 -------- d-----w- C:\Users\KENNY\AppData\Local\{0E0D9D90-0354-41DD-87C1-19E5E0C836DB}

2012-07-21 08:49:10 -------- d-----w- C:\Users\KENNY\AppData\Local\{3EE5BC90-8B3F-4247-AC9C-217979B3B501}

2012-07-20 07:05:00 -------- d-----w- C:\Users\KENNY\AppData\Local\{DAF94222-B600-4032-9027-02F003D5272B}

2012-07-20 07:04:49 -------- d-----w- C:\Users\KENNY\AppData\Local\{961ABD14-83B2-4697-8447-3B5E449FAF77}

2012-07-19 08:42:57 -------- d-----w- C:\Users\KENNY\AppData\Local\{E3282096-9DBB-4E73-937F-6AF4A831635F}

2012-07-19 08:42:37 -------- d-----w- C:\Users\KENNY\AppData\Local\{55CF5C16-AFEC-46EB-ABC7-B03FA9126A54}

2012-07-18 08:25:12 -------- d-----w- C:\Users\KENNY\AppData\Local\{9F230861-CF23-4741-A54F-07906AB52A95}

2012-07-18 08:25:01 -------- d-----w- C:\Users\KENNY\AppData\Local\{BDAC4C63-0AAD-471A-BD64-7859FDB5DEEB}

2012-07-17 09:34:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{964F5E17-B185-41FF-8809-1B87E35670B7}

2012-07-17 09:33:51 -------- d-----w- C:\Users\KENNY\AppData\Local\{D17C1D34-C7B7-4794-BD0D-01D5CD07F4B8}

2012-07-16 10:48:32 -------- d-----w- C:\Users\KENNY\AppData\Local\{1C33B996-BB57-41A1-A60A-98A3F461EBBD}

2012-07-16 10:48:21 -------- d-----w- C:\Users\KENNY\AppData\Local\{EE087ECE-29EE-46E2-9F55-2D3AA304B426}

2012-07-15 21:26:00 -------- d-----w- C:\Users\KENNY\AppData\Local\{E90E66A1-7D64-4122-83CC-D8F4FF692712}

2012-07-15 21:25:50 -------- d-----w- C:\Users\KENNY\AppData\Local\{E9B974E9-FA1F-4C71-9C5F-462B927112CD}

2012-07-15 09:25:24 -------- d-----w- C:\Users\KENNY\AppData\Local\{70C10C92-DB8C-4889-9487-8BBAB6F31F5D}

2012-07-15 09:25:14 -------- d-----w- C:\Users\KENNY\AppData\Local\{609A0470-D0D2-4730-B9E1-736CCF8BEF64}

2012-07-14 08:35:29 -------- d-----w- C:\Users\KENNY\AppData\Local\{5A5EDDB3-4729-4AC2-A503-AA7469C03E3B}

2012-07-14 08:35:15 -------- d-----w- C:\Users\KENNY\AppData\Local\{4CDF74AC-2456-4A51-9314-84CF3E60066D}

2012-07-13 09:04:52 -------- d-----w- C:\Users\KENNY\AppData\Local\{23C5B667-4303-4BCF-BB0F-43FD6FCA7FA1}

2012-07-13 09:04:42 -------- d-----w- C:\Users\KENNY\AppData\Local\{FA99EA6C-0624-4541-A0CF-F1DF66A5ADC4}

2012-07-12 16:45:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{48524C18-CAD2-40E4-9B21-798D5C3A8506}

2012-07-12 16:44:49 -------- d-----w- C:\Users\KENNY\AppData\Local\{299AD14B-7920-48EB-BF49-B5F2C5E33B16}

2012-07-11 23:08:09 -------- d-----w- C:\Users\KENNY\AppData\Local\{7F5813FC-8738-4D51-A5C4-0CBD7E9563B8}

2012-07-11 23:07:53 -------- d-----w- C:\Users\KENNY\AppData\Local\{296770BF-45E3-45B1-81EB-8B13EDCDBDE9}

2012-07-11 11:33:35 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 09:22:59 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-07-11 09:22:59 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-07-11 09:22:59 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-07-11 09:22:59 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-07-11 09:22:59 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-11 09:22:59 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 09:22:58 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll

2012-07-11 09:22:58 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 09:22:58 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 09:22:58 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 09:22:58 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 09:22:58 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 09:22:58 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-07-11 09:20:20 -------- d-----w- C:\Users\KENNY\AppData\Local\{52BF190D-7654-4D67-89D7-49372D6DA68A}

2012-07-11 09:20:03 -------- d-----w- C:\Users\KENNY\AppData\Local\{71A8761E-B4AD-4BEF-BAF7-AB5A71D13F38}

2012-07-10 09:59:35 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2012-07-10 08:28:57 -------- d-----w- C:\Users\KENNY\AppData\Local\{BD78FB45-02C8-49AA-9E00-3554EF86DA71}

2012-07-10 08:28:45 -------- d-----w- C:\Users\KENNY\AppData\Local\{8B175211-2FDE-4A4F-B973-F6C15128D6AF}

2012-07-09 10:21:15 -------- d-----w- C:\Users\KENNY\AppData\Local\{0ACEA0A0-C41B-448D-BCD0-E7494400E2EE}

2012-07-09 10:20:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{9CCBED56-3BAB-44D8-97EE-06612FB8809D}

2012-07-08 09:08:14 -------- d-----w- C:\Users\KENNY\AppData\Local\{EDA905CC-8BB6-4A31-8079-04C0C57EB385}

2012-07-08 09:07:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{E30CBDF4-F4BC-46A9-974D-8DFD7BEDC912}

2012-07-07 09:07:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{637F92B4-E85C-48A4-972C-0E0413CF8ABE}

2012-07-07 09:07:34 -------- d-----w- C:\Users\KENNY\AppData\Local\{B5D23CCA-A914-4FA0-8385-1551B3D87228}

2012-07-06 09:15:53 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-07-06 09:06:37 -------- d-----w- C:\Users\KENNY\AppData\Local\{01D4BCFA-DBB9-4A04-994C-0E8D1DB7FEED}

2012-07-06 09:06:26 -------- d-----w- C:\Users\KENNY\AppData\Local\{63D4259B-7D30-4DB8-86C0-9B68132B133A}

2012-07-05 09:11:20 -------- d-----w- C:\Users\KENNY\AppData\Local\{9E14D3F1-B43F-4613-B3DC-3CA936C3C074}

2012-07-05 09:11:10 -------- d-----w- C:\Users\KENNY\AppData\Local\{B3CBA613-8C48-4ABD-A922-3EE32FF42829}

.

==================== Find3M ====================

.

2012-08-02 17:28:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-02 17:28:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-22 18:25:31 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-07-22 18:25:31 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-07-22 09:37:19 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-06-25 14:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll

2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll

2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll

2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe

2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll

2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll

2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-06-11 11:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-11 11:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-11 11:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-11 11:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-11 11:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-11 11:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-11 11:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-30 17:44:56 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-05-30 17:44:55 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-05-30 17:44:55 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-05-30 17:44:55 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

.

============= FINISH: 14:27:12,20 ===============

Attachfff.txt

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Det är mycket kvar så det är nog enklast att använda OTL.

Spara OTL på Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL.

 

Under Output högt upp så välj Minimal Output.

Tryck på Quick Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

Länk till kommentar
Dela på andra webbplatser
Micke-89

Micke-89

Postad
  • Trådskapare
Postad

Det är mycket kvar så det är nog enklast att använda OTL.

Spara OTL på Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL.

 

Under Output högt upp så välj Minimal Output.

Tryck på Quick Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

 

klart

 

OTL logfile created on: 2012-08-03 15:24:42 - Run 1

OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\KENNY\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

7,90 Gb Total Physical Memory | 5,76 Gb Available Physical Memory | 72,93% Memory free

15,79 Gb Paging File | 13,18 Gb Available in Paging File | 83,48% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 596,07 Gb Total Space | 473,41 Gb Free Space | 79,42% Space Free | Partition Type: NTFS

 

Computer Name: WOLF | User Name: KENNY | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\KENNY\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

PRC - C:\Program Files (x86)\Mdfrzy\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Mdfrzy\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)

PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()

PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)

PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)

PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\qosPlugin.exe (Affinegy, Inc.)

PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe (Affinegy, Inc.)

PRC - C:\Program Files (x86)\ekort\ekort.exe (Orbiscom Ltd. All rights reserved.)

PRC - C:\Windows\SysWOW64\OBroker.exe ()

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()

MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()

MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Program Files (x86)\Origin\QtWebKit4.dll ()

MOD - C:\Program Files (x86)\Origin\QtXmlPatterns4.dll ()

MOD - C:\Program Files (x86)\Origin\QtXml4.dll ()

MOD - C:\Program Files (x86)\Origin\imageformats\qtiff4.dll ()

MOD - C:\Program Files (x86)\Origin\imageformats\qmng4.dll ()

MOD - C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll ()

MOD - C:\Program Files (x86)\Origin\imageformats\qico4.dll ()

MOD - C:\Program Files (x86)\Origin\imageformats\qgif4.dll ()

MOD - C:\Program Files (x86)\Origin\QtGui4.dll ()

MOD - C:\Program Files (x86)\Origin\QtCore4.dll ()

MOD - C:\Program Files (x86)\Origin\QtNetwork4.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()

MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()

MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll ()

MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll ()

MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll ()

MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll ()

MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()

MOD - C:\Windows\SysWOW64\OBroker.exe ()

MOD - C:\Program Files (x86)\ekort\EkortRes.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (Belkin Local Backup Service) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe ()

SRV:64bit: - (Belkin Network USB Helper) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe ()

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files (x86)\Mdfrzy\mbamservice.exe (Malwarebytes Corporation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (NisSrv) -- c:\Program\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Program\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)

SRV - (LBTServ) -- C:\Program\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (wlidsvc) -- C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (SYMPHONY) -- C:\Windows\SysNative\drivers\Symphony.sys (C-Media Inc.)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)

DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)

DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (sxuptp) -- C:\Windows\SysNative\drivers\sxuptp.sys (silex technology, Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091'>http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=a6cec5f8000000000000bc5ff41a7d08

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 3F CF 1D 17 02 CD 01 [binary data]

IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=a6cec5f8000000000000bc5ff41a7d08

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb139/?loc=IB_DS&a=6OyJorqj5j&&i=26&search="

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ekort@orbiscom: C:\Program Files (x86)\ekort [2012-06-06 19:48:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 02:46:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 02:46:18 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012-03-14 21:25:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KENNY\AppData\Roaming\mozilla\Extensions

[2012-08-03 13:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KENNY\AppData\Roaming\mozilla\Firefox\Profiles\wbktlt3y.default\extensions

[2012-06-27 23:12:20 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\KENNY\AppData\Roaming\mozilla\Firefox\Profiles\wbktlt3y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2012-07-29 10:38:58 | 000,002,203 | ---- | M] () -- C:\Users\KENNY\AppData\Roaming\Mozilla\Firefox\Profiles\wbktlt3y.default\searchplugins\MyStart Search.xml

[2012-08-03 14:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012-03-15 00:14:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012-07-31 17:50:31 | 000,526,190 | ---- | M] () (No name found) -- C:\USERS\KENNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBKTLT3Y.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI

[2012-07-19 02:46:18 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012-06-17 13:38:23 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml

[2012-05-25 11:54:48 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012-06-17 13:38:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012-06-17 13:38:23 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml

[2012-06-17 13:38:23 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml

[2012-06-17 13:38:23 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml

[2012-06-17 13:38:23 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

 

========== Chrome ==========

 

 

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (ADDICT-THING Class) - {641A48B0-771D-6262-E190-61CC47B15106} - C:\ProgramData\ADDICT-THING\bhoclass.dll ()

O2 - BHO: (e-kort Helper Class) - {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program Files (x86)\ekort\EKortHelper.dll ()

O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)

O3 - HKLM\..\Toolbar: (e-kort Toolbar) - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program Files (x86)\ekort\EKortToolbar.dll ()

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [sYMPHONYSound] C:\Program Files\Corsair VENGEANCE 2000\CPL\CAHS2.exe ()

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart File not found

O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

O4 - HKLM..\Run: [instaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Mdfrzy\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{292A936C-773C-4FE9-BB24-9D66861CB451}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{b15ba9cc-6e43-11e1-be60-b65a9198c7a8}\Shell - "" = AutoRun

O33 - MountPoints2\{b15ba9cc-6e43-11e1-be60-b65a9198c7a8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012-08-03 11:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II

[2012-08-03 11:11:46 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{3C09B89F-7F71-4C88-83CC-7B83622DC393}

[2012-08-03 11:11:21 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{CA4FA6C1-F182-4016-BDD8-BA85F15CCB56}

[2012-08-02 20:48:28 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{4DAE4414-8E76-4601-91EB-6C086E18385A}

[2012-08-02 20:48:18 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{A3C98CE1-C5DF-4BC0-8ADD-E15DED2F4E32}

[2012-08-02 20:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012-08-02 20:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2012-08-02 11:45:01 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Roaming\Malwarebytes

[2012-08-02 11:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fzdhshtjrthjxf

[2012-08-02 11:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012-08-02 11:44:54 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012-08-02 11:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mdfrzy

[2012-08-02 08:47:47 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{FACA2EA7-E30E-4E8C-8FAD-B6DCEECA2FFB}

[2012-08-02 08:47:35 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{1670F952-1838-42FB-87F3-B27FB360171E}

[2012-08-01 16:39:51 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{66E625D3-5374-461A-AFD4-F02541507CFF}

[2012-08-01 16:39:39 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{0FDD4A58-8E3A-4CC4-8F6D-C19FD17265E1}

[2012-07-31 16:30:02 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{D661220E-DCF4-4627-AFFD-C9BACE2995A5}

[2012-07-31 16:29:52 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{26A3992D-9394-412B-AD53-357A21D2938C}

[2012-07-30 18:29:26 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\DirectDownloader

[2012-07-30 16:31:02 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{B9EAC65B-3941-46E1-AED3-4EC0FF3CFAC4}

[2012-07-30 16:30:52 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{DEC38FC9-D859-4748-8368-E31336DFEC22}

[2012-07-29 22:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr

[2012-07-29 22:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit

[2012-07-29 22:39:16 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\Conduit

[2012-07-29 22:37:38 | 000,000,000 | ---D | C] -- C:\Users\KENNY\Documents\Vuze Downloads

[2012-07-29 10:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium

[2012-07-29 10:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\OptimizerPro

[2012-07-29 10:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro

[2012-07-29 10:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADDICT-THING

[2012-07-29 10:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ADDICT-THING

[2012-07-29 10:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate

[2012-07-29 09:55:18 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{937F4C4F-E761-4F9D-AFB6-4A85C17478E1}

[2012-07-29 09:55:04 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{7FBC3D22-DC2B-4B4B-A5E7-49D8ED32AD4E}

[2012-07-28 20:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenApp

[2012-07-28 20:02:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\smartdl

[2012-07-28 10:24:50 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{0A8BA5EB-EFC0-4574-A3E5-DEE8C286B222}

[2012-07-28 10:24:40 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{89803C18-7F08-458E-80B3-9403432092B4}

[2012-07-27 12:23:22 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{7F15B864-FC51-4D77-8255-C0D6AD3AE68E}

[2012-07-27 12:23:10 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{0DD3F77A-7860-452E-9632-FB18BD77E89D}

[2012-07-26 19:21:25 | 000,000,000 | ---D | C] -- C:\Users\KENNY\Documents\My Photos

[2012-07-26 19:21:25 | 000,000,000 | ---D | C] -- C:\Users\KENNY\Documents\My Documents

[2012-07-26 19:09:24 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2012-07-26 19:07:39 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\Htc

[2012-07-26 19:07:11 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Roaming\HTC

[2012-07-26 19:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync

[2012-07-26 19:06:01 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\Downloaded Installations

[2012-07-26 19:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC

[2012-07-26 19:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications

[2012-07-26 19:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC

[2012-07-26 19:05:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2012-07-26 19:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2012-07-26 10:23:58 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{254B3108-51CA-41AD-993C-496076E647CB}

[2012-07-26 10:23:47 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{C5B6ED28-9DAB-4D90-ABCD-C4EFB2EFA966}

[2012-07-25 16:33:01 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{AD60E4E9-ED71-4309-8EB7-BE5168CF6E3A}

[2012-07-25 16:32:48 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{C96A861D-DFB1-47B1-A831-73039D760C45}

[2012-07-24 16:30:17 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{42E45AD2-9BBE-4ABE-B467-CB7B0FE5E655}

[2012-07-24 16:30:05 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{D160A798-659A-4A8B-B2FD-30B78FE33C8B}

[2012-07-23 18:10:18 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{996C9540-BE8B-40F5-AD75-4B944C0AD019}

[2012-07-23 18:10:07 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{EDA25C6A-3ABA-42D7-857B-9D63A843B86B}

[2012-07-22 11:02:58 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{4056E71A-47B8-4F3D-9863-A56135C6D29A}

[2012-07-22 11:02:47 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{E79A2B8C-B763-4475-9C8B-7032837619A0}

[2012-07-21 10:49:23 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{0E0D9D90-0354-41DD-87C1-19E5E0C836DB}

[2012-07-21 10:49:10 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{3EE5BC90-8B3F-4247-AC9C-217979B3B501}

[2012-07-20 09:05:00 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{DAF94222-B600-4032-9027-02F003D5272B}

[2012-07-20 09:04:49 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{961ABD14-83B2-4697-8447-3B5E449FAF77}

[2012-07-19 10:42:57 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{E3282096-9DBB-4E73-937F-6AF4A831635F}

[2012-07-19 10:42:37 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{55CF5C16-AFEC-46EB-ABC7-B03FA9126A54}

[2012-07-18 10:25:12 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{9F230861-CF23-4741-A54F-07906AB52A95}

[2012-07-18 10:25:01 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{BDAC4C63-0AAD-471A-BD64-7859FDB5DEEB}

[2012-07-17 11:34:02 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{964F5E17-B185-41FF-8809-1B87E35670B7}

[2012-07-17 11:33:51 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{D17C1D34-C7B7-4794-BD0D-01D5CD07F4B8}

[2012-07-16 12:48:32 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{1C33B996-BB57-41A1-A60A-98A3F461EBBD}

[2012-07-16 12:48:21 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{EE087ECE-29EE-46E2-9F55-2D3AA304B426}

[2012-07-15 23:26:00 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{E90E66A1-7D64-4122-83CC-D8F4FF692712}

[2012-07-15 23:25:50 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{E9B974E9-FA1F-4C71-9C5F-462B927112CD}

[2012-07-15 11:25:24 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{70C10C92-DB8C-4889-9487-8BBAB6F31F5D}

[2012-07-15 11:25:14 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{609A0470-D0D2-4730-B9E1-736CCF8BEF64}

[2012-07-14 10:35:29 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{5A5EDDB3-4729-4AC2-A503-AA7469C03E3B}

[2012-07-14 10:35:15 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{4CDF74AC-2456-4A51-9314-84CF3E60066D}

[2012-07-13 11:04:52 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{23C5B667-4303-4BCF-BB0F-43FD6FCA7FA1}

[2012-07-13 11:04:42 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{FA99EA6C-0624-4541-A0CF-F1DF66A5ADC4}

[2012-07-12 18:45:02 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{48524C18-CAD2-40E4-9B21-798D5C3A8506}

[2012-07-12 18:44:49 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{299AD14B-7920-48EB-BF49-B5F2C5E33B16}

[2012-07-12 01:08:09 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{7F5813FC-8738-4D51-A5C4-0CBD7E9563B8}

[2012-07-12 01:07:53 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{296770BF-45E3-45B1-81EB-8B13EDCDBDE9}

[2012-07-11 11:20:20 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{52BF190D-7654-4D67-89D7-49372D6DA68A}

[2012-07-11 11:20:03 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{71A8761E-B4AD-4BEF-BAF7-AB5A71D13F38}

[2012-07-10 10:28:57 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{BD78FB45-02C8-49AA-9E00-3554EF86DA71}

[2012-07-10 10:28:45 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{8B175211-2FDE-4A4F-B973-F6C15128D6AF}

[2012-07-09 12:21:15 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{0ACEA0A0-C41B-448D-BCD0-E7494400E2EE}

[2012-07-09 12:20:58 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{9CCBED56-3BAB-44D8-97EE-06612FB8809D}

[2012-07-08 11:08:14 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{EDA905CC-8BB6-4A31-8079-04C0C57EB385}

[2012-07-08 11:07:58 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{E30CBDF4-F4BC-46A9-974D-8DFD7BEDC912}

[2012-07-07 11:07:47 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{637F92B4-E85C-48A4-972C-0E0413CF8ABE}

[2012-07-07 11:07:34 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{B5D23CCA-A914-4FA0-8385-1551B3D87228}

[2012-07-06 11:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2012-07-06 11:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2012-07-06 11:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2012-07-06 11:06:37 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{01D4BCFA-DBB9-4A04-994C-0E8D1DB7FEED}

[2012-07-06 11:06:26 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{63D4259B-7D30-4DB8-86C0-9B68132B133A}

[2012-07-05 11:11:20 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{9E14D3F1-B43F-4613-B3DC-3CA936C3C074}

[2012-07-05 11:11:10 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{B3CBA613-8C48-4ABD-A922-3EE32FF42829}

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012-08-03 14:47:25 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012-08-03 14:47:25 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012-08-03 14:39:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012-08-03 14:39:51 | 2064,322,559 | -HS- | M] () -- C:\hiberfil.sys

[2012-08-03 14:28:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012-08-03 14:05:47 | 000,007,599 | ---- | M] () -- C:\Users\KENNY\AppData\Local\Resmon.ResmonCfg

[2012-07-29 22:39:22 | 000,000,009 | ---- | M] () -- C:\END

[2012-07-29 10:39:14 | 000,000,690 | ---- | M] () -- C:\user.js

[2012-07-26 19:40:40 | 001,472,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012-07-26 19:40:40 | 000,627,634 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2012-07-26 19:40:40 | 000,617,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012-07-26 19:40:40 | 000,124,688 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2012-07-26 19:40:40 | 000,107,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012-07-22 20:25:31 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012-07-22 20:25:31 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012-07-22 11:37:19 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012-07-12 01:06:50 | 000,266,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012-08-03 14:05:47 | 000,007,599 | ---- | C] () -- C:\Users\KENNY\AppData\Local\Resmon.ResmonCfg

[2012-07-29 22:39:22 | 000,000,009 | ---- | C] () -- C:\END

[2012-07-03 10:33:51 | 000,008,597 | ---- | C] () -- C:\Windows\SYMPHONY.ini.cfl

[2012-07-03 10:33:44 | 000,005,813 | ---- | C] () -- C:\Windows\SYMPHONY.ini.cfg

[2012-07-03 10:08:01 | 000,000,342 | ---- | C] () -- C:\Windows\SYMPHONY.ini.imi

[2012-06-22 11:03:37 | 001,491,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012-06-13 19:56:28 | 000,095,703 | ---- | C] () -- C:\Users\KENNY\AppData\Local\ars.cache

[2012-06-13 19:45:01 | 000,000,036 | ---- | C] () -- C:\Users\KENNY\AppData\Local\housecall.guid.cache

[2012-06-06 19:47:49 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\OBroker.exe

[2012-05-25 09:16:47 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2012-05-25 09:16:47 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2012-05-25 01:09:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\ff858c76778d297945eb31b3c87d0a25_c

[2012-03-19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012-03-19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2012-03-15 19:51:33 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012-03-15 19:51:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012-03-14 21:37:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012-03-09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012-02-15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012-02-15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012-02-14 19:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012-02-14 19:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2012-02-14 19:47:06 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011-09-28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011-09-13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

 

========== LOP Check ==========

 

[2012-07-27 13:28:30 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\AMS

[2012-08-02 01:07:42 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\Azureus

[2012-05-25 01:08:57 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\Babylon

[2012-07-03 10:33:53 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\Corsair

[2012-07-26 19:07:39 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\HTC

[2012-07-26 19:09:24 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2012-03-15 00:22:32 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\Leadertech

[2012-03-15 18:12:30 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\Origin

[2012-08-03 14:31:06 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\QuickScan

[2012-04-06 18:27:05 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\TS3Client

[2012-03-15 00:50:02 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\wargaming.net

[2012-03-15 18:14:29 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\Windows Live Writer

[2012-07-03 10:36:08 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

< End of report >

Exthkjhjras.Txt

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

 

Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).

Kopiera alla raderna i rutan:

:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000bc5ff41a7d08
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000bc5ff41a7d08
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb139/?loc=IB_DS&a=6OyJorqj5j&&i=26&search="
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
[2012-07-29 10:38:58 | 000,002,203 | ---- | M] () -- C:\Users\KENNY\AppData\Roaming\Mozilla\Firefox\Profiles\wbktlt3y.default\searchplugins\MyStart Search.xml
[2012-05-25 11:54:48 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (ADDICT-THING Class) - {641A48B0-771D-6262-E190-61CC47B15106} - C:\ProgramData\ADDICT-THING\bhoclass.dll ()
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
[2012-07-29 22:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012-07-29 22:39:16 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\Conduit
[2012-07-29 10:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADDICT-THING
[2012-07-29 10:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ADDICT-THING
[2012-07-29 10:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012-05-25 01:08:57 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\Babylon
:Commands
[CREATERESTOREPOINT]
[EMPTYTEMP]
[REBOOT]

Klistra in dem i rutan Custom Scans/Fixes. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Tryck på Run Fix.

Om du blir tillfrågad om att starta om datorn så gör det.

Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.

 

Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.

 

Se till att aktivera antivirusprogram mm innan du ansluter datorn till internet.

 

Kör DDS också och klistra in DDS.txt.

Länk till kommentar
Dela på andra webbplatser
Micke-89

Micke-89

Postad
  • Trådskapare
Postad

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

 

Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).

Kopiera alla raderna i rutan:

:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000bc5ff41a7d08
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000bc5ff41a7d08
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2504091
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb139/?loc=IB_DS&a=6OyJorqj5j&&i=26&search="
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
[2012-07-29 10:38:58 | 000,002,203 | ---- | M] () -- C:\Users\KENNY\AppData\Roaming\Mozilla\Firefox\Profiles\wbktlt3y.default\searchplugins\MyStart Search.xml
[2012-05-25 11:54:48 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (ADDICT-THING Class) - {641A48B0-771D-6262-E190-61CC47B15106} - C:\ProgramData\ADDICT-THING\bhoclass.dll ()
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
[2012-07-29 22:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012-07-29 22:39:16 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\Conduit
[2012-07-29 10:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADDICT-THING
[2012-07-29 10:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ADDICT-THING
[2012-07-29 10:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012-05-25 01:08:57 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\Babylon
:Commands
[CREATERESTOREPOINT]
[EMPTYTEMP]
[REBOOT]

Klistra in dem i rutan Custom Scans/Fixes. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Tryck på Run Fix.

Om du blir tillfrågad om att starta om datorn så gör det.

Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.

 

Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.

 

Se till att aktivera antivirusprogram mm innan du ansluter datorn till internet.

 

Kör DDS också och klistra in DDS.txt.

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Prefs.js: "MyStart Search" removed from browser.search.defaultenginename

Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1

Prefs.js: "http://mystart.incredibar.com/mb139/?loc=IB_DS&a=6OyJorqj5j&&i=26&search=" removed from keyword.URL

File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox not found.

C:\Users\KENNY\AppData\Roaming\Mozilla\Firefox\Profiles\wbktlt3y.default\searchplugins\MyStart Search.xml moved successfully.

C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{641A48B0-771D-6262-E190-61CC47B15106}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{641A48B0-771D-6262-E190-61CC47B15106}\ deleted successfully.

C:\ProgramData\ADDICT-THING\bhoclass.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.

C:\Program Files (x86)\Yontoo\YontooIEClient.dll moved successfully.

C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.

C:\Program Files (x86)\Conduit folder moved successfully.

C:\Users\KENNY\AppData\Local\Conduit folder moved successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ADDICT-THING folder moved successfully.

C:\ProgramData\ADDICT-THING folder moved successfully.

C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\163B4D695065335D folder moved successfully.

C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632} folder moved successfully.

C:\ProgramData\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\7EB6B2B148197F6A folder moved successfully.

C:\ProgramData\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67} folder moved successfully.

C:\ProgramData\InstallMate folder moved successfully.

C:\Users\KENNY\AppData\Roaming\Babylon folder moved successfully.

========== COMMANDS ==========

Restore point Set: OTL Restore Point

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: KENNY

->Temp folder emptied: 1026378460 bytes

->Temporary Internet Files folder emptied: 111031047 bytes

->FireFox cache emptied: 1144018388 bytes

->Flash cache emptied: 70716 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 205116881 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33244 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67863 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 2 372,00 mb

 

 

OTL by OldTimer - Version 3.2.55.0 log created on 08042012_185731

 

Files\Folders moved on Reboot...

C:\Users\KENNY\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

 

PendingFileRenameOperations files...

File C:\Users\KENNY\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

 

Registry entries deleted on Reboot...

 

och dds

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by KENNY at 19:01:39 on 2012-08-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8086.6219 [GMT 2:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\notepad.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Corsair VENGEANCE 2000\CPL\CAHS2.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Origin\Origin.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Corsair VENGEANCE 2000\CPL\CAHS2.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\ekort\ekort.exe

C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Program Files (x86)\Mdfrzy\mbamgui.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\OBroker.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\qosPlugin.exe

C:\Program Files (x86)\Mdfrzy\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page =

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - C:\Program Files (x86)\ekort\EKortHelper.dll

TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - C:\Program Files (x86)\ekort\EKortToolbar.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe

mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Mdfrzy\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{292A936C-773C-4FE9-BB24-9D66861CB451} : DhcpNameServer = 192.168.2.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{9065E913-4F23-4B47-9B5D-B055D32DB1F3}

{8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF}

mRun-x64: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Mdfrzy\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\KENNY\AppData\Roaming\Mozilla\Firefox\Profiles\wbktlt3y.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Users\KENNY\AppData\Roaming\Mozilla\Firefox\Profiles\wbktlt3y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.y2layers.installId - 2b37fe5d-c87c-4ae2-8673-4d6b6568c136

FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube

.

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - a6cec5f8000000000000bc5ff41a7d08

FF - user.js: extensions.BabylonToolbar_i.hardId - a6cec5f8000000000000bc5ff41a7d08

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15485

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:54:51

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

user_pref('extensions.dealply.partner', 'iron');

.

user_pref('extensions.dealply.channel', 'iron3');

.

user_pref('extensions.dealply.installId', 'v23900276308063248466862012052511544524');

.

user_pref('extensions.dealply.installIdSource', 'inst');

.

user_pref('extensions.dealply.sampleGroup', '4');

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyJorqj5j&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - a6cec5f8000000000000bc5ff41a7d08

FF - user.js: extensions.incredibar_i.instlDay - 15550

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1410:39:14

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6OyJorqj5j

FF - user.js: extensions.incredibar_i.upn2n - 92261837856457397

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10650

FF - user.js: extensions.incredibar_i.ppd - 20%5F5

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-3-15 181760]

R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-3-15 55296]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Mdfrzy\mbamservice.exe [2012-8-2 655944]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]

R2 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 SYMPHONY;Corsair USB Headphone Driver;C:\Windows\system32\DRIVERS\Symphony.sys --> C:\Windows\system32\DRIVERS\Symphony.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-04 16:57:31 -------- d-----w- C:\_OTL

2012-08-04 08:41:14 -------- d-----w- C:\Users\KENNY\AppData\Local\{247737DA-74C6-4B21-B5BC-0AF2DCFA0CB6}

2012-08-04 08:41:01 -------- d-----w- C:\Users\KENNY\AppData\Local\{E7820B2D-8A6D-4888-805A-D3DC576CF94A}

2012-08-03 19:31:54 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4D77B483-DE90-4085-ABB3-4E2CAD862EBF}\mpengine.dll

2012-08-03 09:11:46 -------- d-----w- C:\Users\KENNY\AppData\Local\{3C09B89F-7F71-4C88-83CC-7B83622DC393}

2012-08-03 09:11:21 -------- d-----w- C:\Users\KENNY\AppData\Local\{CA4FA6C1-F182-4016-BDD8-BA85F15CCB56}

2012-08-02 18:48:28 -------- d-----w- C:\Users\KENNY\AppData\Local\{4DAE4414-8E76-4601-91EB-6C086E18385A}

2012-08-02 18:48:18 -------- d-----w- C:\Users\KENNY\AppData\Local\{A3C98CE1-C5DF-4BC0-8ADD-E15DED2F4E32}

2012-08-02 18:47:42 -------- d-----w- C:\Program Files (x86)\ESET

2012-08-02 18:37:24 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-08-02 15:04:16 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-02 09:45:01 -------- d-----w- C:\Users\KENNY\AppData\Roaming\Malwarebytes

2012-08-02 09:44:55 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-02 09:44:54 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-02 09:44:54 -------- d-----w- C:\Program Files (x86)\Mdfrzy

2012-08-02 06:47:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{FACA2EA7-E30E-4E8C-8FAD-B6DCEECA2FFB}

2012-08-02 06:47:35 -------- d-----w- C:\Users\KENNY\AppData\Local\{1670F952-1838-42FB-87F3-B27FB360171E}

2012-08-01 14:39:51 -------- d-----w- C:\Users\KENNY\AppData\Local\{66E625D3-5374-461A-AFD4-F02541507CFF}

2012-08-01 14:39:39 -------- d-----w- C:\Users\KENNY\AppData\Local\{0FDD4A58-8E3A-4CC4-8F6D-C19FD17265E1}

2012-07-31 14:30:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{D661220E-DCF4-4627-AFFD-C9BACE2995A5}

2012-07-31 14:29:52 -------- d-----w- C:\Users\KENNY\AppData\Local\{26A3992D-9394-412B-AD53-357A21D2938C}

2012-07-30 16:29:26 -------- d-----w- C:\Users\KENNY\AppData\Local\DirectDownloader

2012-07-30 14:31:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{B9EAC65B-3941-46E1-AED3-4EC0FF3CFAC4}

2012-07-30 14:30:52 -------- d-----w- C:\Users\KENNY\AppData\Local\{DEC38FC9-D859-4748-8368-E31336DFEC22}

2012-07-29 20:40:11 -------- d-----w- C:\Program Files (x86)\Raptr

2012-07-29 08:39:38 -------- d-----w- C:\ProgramData\Premium

2012-07-29 08:39:31 -------- d-----w- C:\ProgramData\OptimizerPro

2012-07-29 08:39:26 -------- d-----w- C:\Program Files (x86)\Optimizer Pro

2012-07-29 07:55:18 -------- d-----w- C:\Users\KENNY\AppData\Local\{937F4C4F-E761-4F9D-AFB6-4A85C17478E1}

2012-07-29 07:55:04 -------- d-----w- C:\Users\KENNY\AppData\Local\{7FBC3D22-DC2B-4B4B-A5E7-49D8ED32AD4E}

2012-07-28 18:12:19 -------- d-----w- C:\Program Files (x86)\OpenApp

2012-07-28 18:02:55 -------- d-----w- C:\Program Files (x86)\smartdl

2012-07-28 08:24:50 -------- d-----w- C:\Users\KENNY\AppData\Local\{0A8BA5EB-EFC0-4574-A3E5-DEE8C286B222}

2012-07-28 08:24:40 -------- d-----w- C:\Users\KENNY\AppData\Local\{89803C18-7F08-458E-80B3-9403432092B4}

2012-07-27 10:23:22 -------- d-----w- C:\Users\KENNY\AppData\Local\{7F15B864-FC51-4D77-8255-C0D6AD3AE68E}

2012-07-27 10:23:10 -------- d-----w- C:\Users\KENNY\AppData\Local\{0DD3F77A-7860-452E-9632-FB18BD77E89D}

2012-07-26 17:09:24 -------- d-----w- C:\Users\KENNY\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

2012-07-26 17:07:39 -------- d-----w- C:\Users\KENNY\AppData\Local\Htc

2012-07-26 17:07:11 -------- d-----w- C:\Users\KENNY\AppData\Roaming\HTC

2012-07-26 17:06:01 -------- d-----w- C:\Users\KENNY\AppData\Local\Downloaded Installations

2012-07-26 17:05:42 -------- d-----w- C:\Program Files (x86)\Spirent Communications

2012-07-26 17:05:29 -------- d-----w- C:\Program Files (x86)\HTC

2012-07-26 17:05:09 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-07-26 08:23:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{254B3108-51CA-41AD-993C-496076E647CB}

2012-07-26 08:23:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{C5B6ED28-9DAB-4D90-ABCD-C4EFB2EFA966}

2012-07-25 14:33:01 -------- d-----w- C:\Users\KENNY\AppData\Local\{AD60E4E9-ED71-4309-8EB7-BE5168CF6E3A}

2012-07-25 14:32:48 -------- d-----w- C:\Users\KENNY\AppData\Local\{C96A861D-DFB1-47B1-A831-73039D760C45}

2012-07-24 14:30:17 -------- d-----w- C:\Users\KENNY\AppData\Local\{42E45AD2-9BBE-4ABE-B467-CB7B0FE5E655}

2012-07-24 14:30:05 -------- d-----w- C:\Users\KENNY\AppData\Local\{D160A798-659A-4A8B-B2FD-30B78FE33C8B}

2012-07-23 16:10:18 -------- d-----w- C:\Users\KENNY\AppData\Local\{996C9540-BE8B-40F5-AD75-4B944C0AD019}

2012-07-23 16:10:07 -------- d-----w- C:\Users\KENNY\AppData\Local\{EDA25C6A-3ABA-42D7-857B-9D63A843B86B}

2012-07-22 09:02:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{4056E71A-47B8-4F3D-9863-A56135C6D29A}

2012-07-22 09:02:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{E79A2B8C-B763-4475-9C8B-7032837619A0}

2012-07-21 08:49:23 -------- d-----w- C:\Users\KENNY\AppData\Local\{0E0D9D90-0354-41DD-87C1-19E5E0C836DB}

2012-07-21 08:49:10 -------- d-----w- C:\Users\KENNY\AppData\Local\{3EE5BC90-8B3F-4247-AC9C-217979B3B501}

2012-07-20 07:05:00 -------- d-----w- C:\Users\KENNY\AppData\Local\{DAF94222-B600-4032-9027-02F003D5272B}

2012-07-20 07:04:49 -------- d-----w- C:\Users\KENNY\AppData\Local\{961ABD14-83B2-4697-8447-3B5E449FAF77}

2012-07-19 08:42:57 -------- d-----w- C:\Users\KENNY\AppData\Local\{E3282096-9DBB-4E73-937F-6AF4A831635F}

2012-07-19 08:42:37 -------- d-----w- C:\Users\KENNY\AppData\Local\{55CF5C16-AFEC-46EB-ABC7-B03FA9126A54}

2012-07-18 08:25:12 -------- d-----w- C:\Users\KENNY\AppData\Local\{9F230861-CF23-4741-A54F-07906AB52A95}

2012-07-18 08:25:01 -------- d-----w- C:\Users\KENNY\AppData\Local\{BDAC4C63-0AAD-471A-BD64-7859FDB5DEEB}

2012-07-17 09:34:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{964F5E17-B185-41FF-8809-1B87E35670B7}

2012-07-17 09:33:51 -------- d-----w- C:\Users\KENNY\AppData\Local\{D17C1D34-C7B7-4794-BD0D-01D5CD07F4B8}

2012-07-16 10:48:32 -------- d-----w- C:\Users\KENNY\AppData\Local\{1C33B996-BB57-41A1-A60A-98A3F461EBBD}

2012-07-16 10:48:21 -------- d-----w- C:\Users\KENNY\AppData\Local\{EE087ECE-29EE-46E2-9F55-2D3AA304B426}

2012-07-15 21:26:00 -------- d-----w- C:\Users\KENNY\AppData\Local\{E90E66A1-7D64-4122-83CC-D8F4FF692712}

2012-07-15 21:25:50 -------- d-----w- C:\Users\KENNY\AppData\Local\{E9B974E9-FA1F-4C71-9C5F-462B927112CD}

2012-07-15 09:25:24 -------- d-----w- C:\Users\KENNY\AppData\Local\{70C10C92-DB8C-4889-9487-8BBAB6F31F5D}

2012-07-15 09:25:14 -------- d-----w- C:\Users\KENNY\AppData\Local\{609A0470-D0D2-4730-B9E1-736CCF8BEF64}

2012-07-14 08:35:29 -------- d-----w- C:\Users\KENNY\AppData\Local\{5A5EDDB3-4729-4AC2-A503-AA7469C03E3B}

2012-07-14 08:35:15 -------- d-----w- C:\Users\KENNY\AppData\Local\{4CDF74AC-2456-4A51-9314-84CF3E60066D}

2012-07-13 09:04:52 -------- d-----w- C:\Users\KENNY\AppData\Local\{23C5B667-4303-4BCF-BB0F-43FD6FCA7FA1}

2012-07-13 09:04:42 -------- d-----w- C:\Users\KENNY\AppData\Local\{FA99EA6C-0624-4541-A0CF-F1DF66A5ADC4}

2012-07-12 16:45:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{48524C18-CAD2-40E4-9B21-798D5C3A8506}

2012-07-12 16:44:49 -------- d-----w- C:\Users\KENNY\AppData\Local\{299AD14B-7920-48EB-BF49-B5F2C5E33B16}

2012-07-11 23:08:09 -------- d-----w- C:\Users\KENNY\AppData\Local\{7F5813FC-8738-4D51-A5C4-0CBD7E9563B8}

2012-07-11 23:07:53 -------- d-----w- C:\Users\KENNY\AppData\Local\{296770BF-45E3-45B1-81EB-8B13EDCDBDE9}

2012-07-11 11:33:35 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 09:22:59 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-07-11 09:22:59 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-07-11 09:22:59 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-07-11 09:22:59 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-07-11 09:22:59 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-11 09:22:59 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 09:22:58 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll

2012-07-11 09:22:58 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 09:22:58 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 09:22:58 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 09:22:58 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 09:22:58 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 09:22:58 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-07-11 09:20:20 -------- d-----w- C:\Users\KENNY\AppData\Local\{52BF190D-7654-4D67-89D7-49372D6DA68A}

2012-07-11 09:20:03 -------- d-----w- C:\Users\KENNY\AppData\Local\{71A8761E-B4AD-4BEF-BAF7-AB5A71D13F38}

2012-07-10 09:59:35 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2012-07-10 08:28:57 -------- d-----w- C:\Users\KENNY\AppData\Local\{BD78FB45-02C8-49AA-9E00-3554EF86DA71}

2012-07-10 08:28:45 -------- d-----w- C:\Users\KENNY\AppData\Local\{8B175211-2FDE-4A4F-B973-F6C15128D6AF}

2012-07-09 10:21:15 -------- d-----w- C:\Users\KENNY\AppData\Local\{0ACEA0A0-C41B-448D-BCD0-E7494400E2EE}

2012-07-09 10:20:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{9CCBED56-3BAB-44D8-97EE-06612FB8809D}

2012-07-08 09:08:14 -------- d-----w- C:\Users\KENNY\AppData\Local\{EDA905CC-8BB6-4A31-8079-04C0C57EB385}

2012-07-08 09:07:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{E30CBDF4-F4BC-46A9-974D-8DFD7BEDC912}

2012-07-07 09:07:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{637F92B4-E85C-48A4-972C-0E0413CF8ABE}

2012-07-07 09:07:34 -------- d-----w- C:\Users\KENNY\AppData\Local\{B5D23CCA-A914-4FA0-8385-1551B3D87228}

2012-07-06 09:15:53 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-07-06 09:06:37 -------- d-----w- C:\Users\KENNY\AppData\Local\{01D4BCFA-DBB9-4A04-994C-0E8D1DB7FEED}

2012-07-06 09:06:26 -------- d-----w- C:\Users\KENNY\AppData\Local\{63D4259B-7D30-4DB8-86C0-9B68132B133A}

.

==================== Find3M ====================

.

2012-08-04 09:45:25 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-08-04 09:45:25 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-08-02 17:28:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-02 17:28:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-22 18:25:31 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-06-25 14:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll

2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll

2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll

2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe

2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll

2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll

2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-06-11 11:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-11 11:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-11 11:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-11 11:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-11 11:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-11 11:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-11 11:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-30 17:44:56 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-05-30 17:44:55 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-05-30 17:44:55 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-05-30 17:44:55 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

.

============= FINISH: 19:02:33,98 ===============

Attach2564.txt

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

En del är kvar i Firefox och man kommer inte åt dem med OTL så det får bli manuell borttagning.

 

I Firefox adressfält skriver du: about:config

 

I listan som kommer upp leta reda på rader som börjar med:

extentions.y2layers

Högerklicka dem och välj att ta bort dem för de har med Yontoo att göra.

 

Upprepa med alla rader som börjar med:

extensions.BabylonToolbar_i

extensions.dealply

extensions.incredibar_i

 

Det ser ut som att följande program är avinstallerade och i så fall kan du ta bort mapparna:

2012-07-29 20:40:11 -------- d-----w- C:\Program Files (x86)\Raptr

2012-07-29 08:39:38 -------- d-----w- C:\ProgramData\Premium

2012-07-29 08:39:31 -------- d-----w- C:\ProgramData\OptimizerPro

2012-07-29 08:39:26 -------- d-----w- C:\Program Files (x86)\Optimizer Pro

Länk till kommentar
Dela på andra webbplatser
Micke-89

Micke-89

Postad
  • Trådskapare
Postad

En del är kvar i Firefox och man kommer inte åt dem med OTL så det får bli manuell borttagning.

 

I Firefox adressfält skriver du: about:config

 

I listan som kommer upp leta reda på rader som börjar med:

extentions.y2layers

Högerklicka dem och välj att ta bort dem för de har med Yontoo att göra.

 

Upprepa med alla rader som börjar med:

extensions.BabylonToolbar_i

extensions.dealply

extensions.incredibar_i

 

Det ser ut som att följande program är avinstallerade och i så fall kan du ta bort mapparna:

2012-07-29 20:40:11 -------- d-----w- C:\Program Files (x86)\Raptr

2012-07-29 08:39:38 -------- d-----w- C:\ProgramData\Premium

2012-07-29 08:39:31 -------- d-----w- C:\ProgramData\OptimizerPro

2012-07-29 08:39:26 -------- d-----w- C:\Program Files (x86)\Optimizer Pro

 

Yontoo får jag inte bort i kontrolpanelen och instalera avinstalera program ligger den kvar och får bara error när jag trycker avinstalera.

 

det andra kunde jag inte häller få bort bara återställa.

 

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by KENNY at 18:20:23 on 2012-08-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8086.5966 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Corsair VENGEANCE 2000\CPL\CAHS2.exe

C:\Program Files\Corsair VENGEANCE 2000\CPL\CAHS2.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Origin\Origin.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ekort\ekort.exe

C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Program Files (x86)\Mdfrzy\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Belkin\Router Setup and Monitor\qosPlugin.exe

C:\Windows\SysWOW64\OBroker.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Mdfrzy\mbamservice.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page =

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - C:\Program Files (x86)\ekort\EKortHelper.dll

TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - C:\Program Files (x86)\ekort\EKortToolbar.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe

mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Mdfrzy\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{292A936C-773C-4FE9-BB24-9D66861CB451} : DhcpNameServer = 192.168.2.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{9065E913-4F23-4B47-9B5D-B055D32DB1F3}

{8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF}

mRun-x64: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Mdfrzy\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\KENNY\AppData\Roaming\Mozilla\Firefox\Profiles\wbktlt3y.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Users\KENNY\AppData\Roaming\Mozilla\Firefox\Profiles\wbktlt3y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.y2layers.installId - 2b37fe5d-c87c-4ae2-8673-4d6b6568c136

FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube

.

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - a6cec5f8000000000000bc5ff41a7d08

FF - user.js: extensions.BabylonToolbar_i.hardId - a6cec5f8000000000000bc5ff41a7d08

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15485

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:54:51

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

user_pref('extensions.dealply.partner', 'iron');

.

user_pref('extensions.dealply.channel', 'iron3');

.

user_pref('extensions.dealply.installId', 'v23900276308063248466862012052511544524');

.

user_pref('extensions.dealply.installIdSource', 'inst');

.

user_pref('extensions.dealply.sampleGroup', '4');

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyJorqj5j&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - a6cec5f8000000000000bc5ff41a7d08

FF - user.js: extensions.incredibar_i.instlDay - 15550

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1410:39:14

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6OyJorqj5j

FF - user.js: extensions.incredibar_i.upn2n - 92261837856457397

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10650

FF - user.js: extensions.incredibar_i.ppd - 20%5F5

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-3-15 181760]

R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-3-15 55296]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Mdfrzy\mbamservice.exe [2012-8-2 655944]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]

R2 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SYMPHONY;Corsair USB Headphone Driver;C:\Windows\system32\DRIVERS\Symphony.sys --> C:\Windows\system32\DRIVERS\Symphony.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-06 13:22:31 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C11B1C66-58C9-4F25-89EB-0E9E41931EC0}\mpengine.dll

2012-08-06 13:13:16 -------- d-----w- C:\Users\KENNY\AppData\Local\{1C17187C-0A06-4457-800B-B6EFF470FD0B}

2012-08-06 13:13:05 -------- d-----w- C:\Users\KENNY\AppData\Local\{5EB4E529-5EED-4395-9DDE-909463E19980}

2012-08-06 13:12:46 -------- d-----w- C:\Users\KENNY\AppData\Local\{93A7E10F-5FCC-49A8-AD40-7EE7FB183732}

2012-08-05 09:55:44 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-05 09:43:50 -------- d-----w- C:\Users\KENNY\AppData\Local\{7B65AFC3-F442-4952-B8C7-F6CAFE5893C1}

2012-08-05 09:43:37 -------- d-----w- C:\Users\KENNY\AppData\Local\{8F955B54-BE15-45EE-B8CA-F739C15C783C}

2012-08-04 16:57:31 -------- d-----w- C:\_OTL

2012-08-04 08:41:14 -------- d-----w- C:\Users\KENNY\AppData\Local\{247737DA-74C6-4B21-B5BC-0AF2DCFA0CB6}

2012-08-04 08:41:01 -------- d-----w- C:\Users\KENNY\AppData\Local\{E7820B2D-8A6D-4888-805A-D3DC576CF94A}

2012-08-03 09:11:46 -------- d-----w- C:\Users\KENNY\AppData\Local\{3C09B89F-7F71-4C88-83CC-7B83622DC393}

2012-08-03 09:11:21 -------- d-----w- C:\Users\KENNY\AppData\Local\{CA4FA6C1-F182-4016-BDD8-BA85F15CCB56}

2012-08-02 18:48:28 -------- d-----w- C:\Users\KENNY\AppData\Local\{4DAE4414-8E76-4601-91EB-6C086E18385A}

2012-08-02 18:48:18 -------- d-----w- C:\Users\KENNY\AppData\Local\{A3C98CE1-C5DF-4BC0-8ADD-E15DED2F4E32}

2012-08-02 18:47:42 -------- d-----w- C:\Program Files (x86)\ESET

2012-08-02 18:37:24 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-08-02 09:45:01 -------- d-----w- C:\Users\KENNY\AppData\Roaming\Malwarebytes

2012-08-02 09:44:55 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-02 09:44:54 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-02 09:44:54 -------- d-----w- C:\Program Files (x86)\Mdfrzy

2012-08-02 06:47:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{FACA2EA7-E30E-4E8C-8FAD-B6DCEECA2FFB}

2012-08-02 06:47:35 -------- d-----w- C:\Users\KENNY\AppData\Local\{1670F952-1838-42FB-87F3-B27FB360171E}

2012-08-01 14:39:51 -------- d-----w- C:\Users\KENNY\AppData\Local\{66E625D3-5374-461A-AFD4-F02541507CFF}

2012-08-01 14:39:39 -------- d-----w- C:\Users\KENNY\AppData\Local\{0FDD4A58-8E3A-4CC4-8F6D-C19FD17265E1}

2012-07-31 14:30:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{D661220E-DCF4-4627-AFFD-C9BACE2995A5}

2012-07-31 14:29:52 -------- d-----w- C:\Users\KENNY\AppData\Local\{26A3992D-9394-412B-AD53-357A21D2938C}

2012-07-30 16:29:26 -------- d-----w- C:\Users\KENNY\AppData\Local\DirectDownloader

2012-07-30 14:31:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{B9EAC65B-3941-46E1-AED3-4EC0FF3CFAC4}

2012-07-30 14:30:52 -------- d-----w- C:\Users\KENNY\AppData\Local\{DEC38FC9-D859-4748-8368-E31336DFEC22}

2012-07-29 07:55:18 -------- d-----w- C:\Users\KENNY\AppData\Local\{937F4C4F-E761-4F9D-AFB6-4A85C17478E1}

2012-07-29 07:55:04 -------- d-----w- C:\Users\KENNY\AppData\Local\{7FBC3D22-DC2B-4B4B-A5E7-49D8ED32AD4E}

2012-07-28 18:12:19 -------- d-----w- C:\Program Files (x86)\OpenApp

2012-07-28 18:02:55 -------- d-----w- C:\Program Files (x86)\smartdl

2012-07-28 08:24:50 -------- d-----w- C:\Users\KENNY\AppData\Local\{0A8BA5EB-EFC0-4574-A3E5-DEE8C286B222}

2012-07-28 08:24:40 -------- d-----w- C:\Users\KENNY\AppData\Local\{89803C18-7F08-458E-80B3-9403432092B4}

2012-07-27 10:23:22 -------- d-----w- C:\Users\KENNY\AppData\Local\{7F15B864-FC51-4D77-8255-C0D6AD3AE68E}

2012-07-27 10:23:10 -------- d-----w- C:\Users\KENNY\AppData\Local\{0DD3F77A-7860-452E-9632-FB18BD77E89D}

2012-07-26 17:09:24 -------- d-----w- C:\Users\KENNY\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

2012-07-26 17:07:39 -------- d-----w- C:\Users\KENNY\AppData\Local\Htc

2012-07-26 17:07:11 -------- d-----w- C:\Users\KENNY\AppData\Roaming\HTC

2012-07-26 17:06:01 -------- d-----w- C:\Users\KENNY\AppData\Local\Downloaded Installations

2012-07-26 17:05:42 -------- d-----w- C:\Program Files (x86)\Spirent Communications

2012-07-26 17:05:29 -------- d-----w- C:\Program Files (x86)\HTC

2012-07-26 17:05:09 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-07-26 08:23:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{254B3108-51CA-41AD-993C-496076E647CB}

2012-07-26 08:23:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{C5B6ED28-9DAB-4D90-ABCD-C4EFB2EFA966}

2012-07-25 14:33:01 -------- d-----w- C:\Users\KENNY\AppData\Local\{AD60E4E9-ED71-4309-8EB7-BE5168CF6E3A}

2012-07-25 14:32:48 -------- d-----w- C:\Users\KENNY\AppData\Local\{C96A861D-DFB1-47B1-A831-73039D760C45}

2012-07-24 14:30:17 -------- d-----w- C:\Users\KENNY\AppData\Local\{42E45AD2-9BBE-4ABE-B467-CB7B0FE5E655}

2012-07-24 14:30:05 -------- d-----w- C:\Users\KENNY\AppData\Local\{D160A798-659A-4A8B-B2FD-30B78FE33C8B}

2012-07-23 16:10:18 -------- d-----w- C:\Users\KENNY\AppData\Local\{996C9540-BE8B-40F5-AD75-4B944C0AD019}

2012-07-23 16:10:07 -------- d-----w- C:\Users\KENNY\AppData\Local\{EDA25C6A-3ABA-42D7-857B-9D63A843B86B}

2012-07-22 09:02:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{4056E71A-47B8-4F3D-9863-A56135C6D29A}

2012-07-22 09:02:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{E79A2B8C-B763-4475-9C8B-7032837619A0}

2012-07-21 08:49:23 -------- d-----w- C:\Users\KENNY\AppData\Local\{0E0D9D90-0354-41DD-87C1-19E5E0C836DB}

2012-07-21 08:49:10 -------- d-----w- C:\Users\KENNY\AppData\Local\{3EE5BC90-8B3F-4247-AC9C-217979B3B501}

2012-07-20 07:05:00 -------- d-----w- C:\Users\KENNY\AppData\Local\{DAF94222-B600-4032-9027-02F003D5272B}

2012-07-20 07:04:49 -------- d-----w- C:\Users\KENNY\AppData\Local\{961ABD14-83B2-4697-8447-3B5E449FAF77}

2012-07-19 08:42:57 -------- d-----w- C:\Users\KENNY\AppData\Local\{E3282096-9DBB-4E73-937F-6AF4A831635F}

2012-07-19 08:42:37 -------- d-----w- C:\Users\KENNY\AppData\Local\{55CF5C16-AFEC-46EB-ABC7-B03FA9126A54}

2012-07-18 08:25:12 -------- d-----w- C:\Users\KENNY\AppData\Local\{9F230861-CF23-4741-A54F-07906AB52A95}

2012-07-18 08:25:01 -------- d-----w- C:\Users\KENNY\AppData\Local\{BDAC4C63-0AAD-471A-BD64-7859FDB5DEEB}

2012-07-17 09:34:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{964F5E17-B185-41FF-8809-1B87E35670B7}

2012-07-17 09:33:51 -------- d-----w- C:\Users\KENNY\AppData\Local\{D17C1D34-C7B7-4794-BD0D-01D5CD07F4B8}

2012-07-16 10:48:32 -------- d-----w- C:\Users\KENNY\AppData\Local\{1C33B996-BB57-41A1-A60A-98A3F461EBBD}

2012-07-16 10:48:21 -------- d-----w- C:\Users\KENNY\AppData\Local\{EE087ECE-29EE-46E2-9F55-2D3AA304B426}

2012-07-15 21:26:00 -------- d-----w- C:\Users\KENNY\AppData\Local\{E90E66A1-7D64-4122-83CC-D8F4FF692712}

2012-07-15 21:25:50 -------- d-----w- C:\Users\KENNY\AppData\Local\{E9B974E9-FA1F-4C71-9C5F-462B927112CD}

2012-07-15 09:25:24 -------- d-----w- C:\Users\KENNY\AppData\Local\{70C10C92-DB8C-4889-9487-8BBAB6F31F5D}

2012-07-15 09:25:14 -------- d-----w- C:\Users\KENNY\AppData\Local\{609A0470-D0D2-4730-B9E1-736CCF8BEF64}

2012-07-14 08:35:29 -------- d-----w- C:\Users\KENNY\AppData\Local\{5A5EDDB3-4729-4AC2-A503-AA7469C03E3B}

2012-07-14 08:35:15 -------- d-----w- C:\Users\KENNY\AppData\Local\{4CDF74AC-2456-4A51-9314-84CF3E60066D}

2012-07-13 09:04:52 -------- d-----w- C:\Users\KENNY\AppData\Local\{23C5B667-4303-4BCF-BB0F-43FD6FCA7FA1}

2012-07-13 09:04:42 -------- d-----w- C:\Users\KENNY\AppData\Local\{FA99EA6C-0624-4541-A0CF-F1DF66A5ADC4}

2012-07-12 16:45:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{48524C18-CAD2-40E4-9B21-798D5C3A8506}

2012-07-12 16:44:49 -------- d-----w- C:\Users\KENNY\AppData\Local\{299AD14B-7920-48EB-BF49-B5F2C5E33B16}

2012-07-11 23:08:09 -------- d-----w- C:\Users\KENNY\AppData\Local\{7F5813FC-8738-4D51-A5C4-0CBD7E9563B8}

2012-07-11 23:07:53 -------- d-----w- C:\Users\KENNY\AppData\Local\{296770BF-45E3-45B1-81EB-8B13EDCDBDE9}

2012-07-11 11:33:35 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 09:22:59 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-07-11 09:22:59 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-07-11 09:22:59 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-07-11 09:22:59 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-07-11 09:22:59 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-11 09:22:59 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 09:22:58 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll

2012-07-11 09:22:58 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 09:22:58 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 09:22:58 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 09:22:58 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 09:22:58 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 09:22:58 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-07-11 09:20:20 -------- d-----w- C:\Users\KENNY\AppData\Local\{52BF190D-7654-4D67-89D7-49372D6DA68A}

2012-07-11 09:20:03 -------- d-----w- C:\Users\KENNY\AppData\Local\{71A8761E-B4AD-4BEF-BAF7-AB5A71D13F38}

2012-07-10 09:59:35 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2012-07-10 08:28:57 -------- d-----w- C:\Users\KENNY\AppData\Local\{BD78FB45-02C8-49AA-9E00-3554EF86DA71}

2012-07-10 08:28:45 -------- d-----w- C:\Users\KENNY\AppData\Local\{8B175211-2FDE-4A4F-B973-F6C15128D6AF}

2012-07-09 10:21:15 -------- d-----w- C:\Users\KENNY\AppData\Local\{0ACEA0A0-C41B-448D-BCD0-E7494400E2EE}

2012-07-09 10:20:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{9CCBED56-3BAB-44D8-97EE-06612FB8809D}

2012-07-08 09:08:14 -------- d-----w- C:\Users\KENNY\AppData\Local\{EDA905CC-8BB6-4A31-8079-04C0C57EB385}

2012-07-08 09:07:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{E30CBDF4-F4BC-46A9-974D-8DFD7BEDC912}

.

==================== Find3M ====================

.

2012-08-05 16:37:15 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-08-05 16:37:15 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-08-05 16:34:46 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-08-02 17:28:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-02 17:28:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-25 14:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll

2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll

2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll

2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe

2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll

2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll

2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-06-11 11:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-11 11:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-11 11:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-11 11:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-11 11:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-11 11:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-11 11:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-30 17:44:56 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-05-30 17:44:55 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-05-30 17:44:55 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-05-30 17:44:55 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

.

============= FINISH: 18:21:03,46 ===============

 

OTL logfile created on: 2012-08-06 18:24:50 - Run 3

OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\KENNY\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

7,90 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 74,67% Memory free

15,79 Gb Paging File | 13,05 Gb Available in Paging File | 82,63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 596,07 Gb Total Space | 472,67 Gb Free Space | 79,30% Space Free | Partition Type: NTFS

 

Computer Name: WOLF | User Name: KENNY | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

PRC - C:\Users\KENNY\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

PRC - C:\Program Files (x86)\Mdfrzy\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Mdfrzy\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)

PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)

PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)

PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\qosPlugin.exe (Affinegy, Inc.)

PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe (Affinegy, Inc.)

PRC - C:\Program Files (x86)\ekort\ekort.exe (Orbiscom Ltd. All rights reserved.)

PRC - C:\Windows\SysWOW64\OBroker.exe ()

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()

MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()

MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()

MOD - C:\Program Files (x86)\Origin\QtWebKit4.dll ()

MOD - C:\Program Files (x86)\Origin\QtXmlPatterns4.dll ()

MOD - C:\Program Files (x86)\Origin\QtXml4.dll ()

MOD - C:\Program Files (x86)\Origin\imageformats\qtiff4.dll ()

MOD - C:\Program Files (x86)\Origin\imageformats\qmng4.dll ()

MOD - C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll ()

MOD - C:\Program Files (x86)\Origin\imageformats\qico4.dll ()

MOD - C:\Program Files (x86)\Origin\imageformats\qgif4.dll ()

MOD - C:\Program Files (x86)\Origin\QtGui4.dll ()

MOD - C:\Program Files (x86)\Origin\QtCore4.dll ()

MOD - C:\Program Files (x86)\Origin\QtNetwork4.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll ()

MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()

MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()

MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll ()

MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll ()

MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll ()

MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll ()

MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()

MOD - C:\Windows\SysWOW64\OBroker.exe ()

MOD - C:\Program Files (x86)\ekort\EkortRes.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (Belkin Local Backup Service) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe ()

SRV:64bit: - (Belkin Network USB Helper) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe ()

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files (x86)\Mdfrzy\mbamservice.exe (Malwarebytes Corporation)

SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (NisSrv) -- c:\Program\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Program\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)

SRV - (LBTServ) -- C:\Program\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)

SRV - (wlidsvc) -- C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (SYMPHONY) -- C:\Windows\SysNative\drivers\Symphony.sys (C-Media Inc.)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)

DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)

DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (sxuptp) -- C:\Windows\SysNative\drivers\sxuptp.sys (silex technology, Inc.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 3F CF 1D 17 02 CD 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "about:home"

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ekort@orbiscom: C:\Program Files (x86)\ekort [2012-06-06 19:48:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 02:46:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 02:46:18 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012-03-14 21:25:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KENNY\AppData\Roaming\mozilla\Extensions

[2012-08-03 13:57:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KENNY\AppData\Roaming\mozilla\Firefox\Profiles\wbktlt3y.default\extensions

[2012-06-27 23:12:20 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\KENNY\AppData\Roaming\mozilla\Firefox\Profiles\wbktlt3y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2012-08-03 14:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012-03-15 00:14:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012-07-31 17:50:31 | 000,526,190 | ---- | M] () (No name found) -- C:\USERS\KENNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WBKTLT3Y.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI

[2012-07-19 02:46:18 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012-06-17 13:38:23 | 000,001,470 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml

[2012-06-17 13:38:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012-06-17 13:38:23 | 000,002,670 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml

[2012-06-17 13:38:23 | 000,000,948 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml

[2012-06-17 13:38:23 | 000,001,174 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml

[2012-06-17 13:38:23 | 000,000,951 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

 

========== Chrome ==========

 

 

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (e-kort Helper Class) - {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program Files (x86)\ekort\EKortHelper.dll ()

O3 - HKLM\..\Toolbar: (e-kort Toolbar) - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program Files (x86)\ekort\EKortToolbar.dll ()

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [sYMPHONYSound] C:\Program Files\Corsair VENGEANCE 2000\CPL\CAHS2.exe ()

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart File not found

O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

O4 - HKLM..\Run: [instaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Mdfrzy\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{292A936C-773C-4FE9-BB24-9D66861CB451}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{b15ba9cc-6e43-11e1-be60-b65a9198c7a8}\Shell - "" = AutoRun

O33 - MountPoints2\{b15ba9cc-6e43-11e1-be60-b65a9198c7a8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012-08-06 15:13:16 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{1C17187C-0A06-4457-800B-B6EFF470FD0B}

[2012-08-06 15:13:05 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{5EB4E529-5EED-4395-9DDE-909463E19980}

[2012-08-06 15:12:46 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{93A7E10F-5FCC-49A8-AD40-7EE7FB183732}

[2012-08-05 11:43:50 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{7B65AFC3-F442-4952-B8C7-F6CAFE5893C1}

[2012-08-05 11:43:37 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{8F955B54-BE15-45EE-B8CA-F739C15C783C}

[2012-08-04 18:57:31 | 000,000,000 | ---D | C] -- C:\_OTL

[2012-08-04 10:41:14 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{247737DA-74C6-4B21-B5BC-0AF2DCFA0CB6}

[2012-08-04 10:41:01 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{E7820B2D-8A6D-4888-805A-D3DC576CF94A}

[2012-08-03 11:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II

[2012-08-03 11:11:46 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{3C09B89F-7F71-4C88-83CC-7B83622DC393}

[2012-08-03 11:11:21 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{CA4FA6C1-F182-4016-BDD8-BA85F15CCB56}

[2012-08-02 20:48:28 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{4DAE4414-8E76-4601-91EB-6C086E18385A}

[2012-08-02 20:48:18 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{A3C98CE1-C5DF-4BC0-8ADD-E15DED2F4E32}

[2012-08-02 20:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012-08-02 20:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2012-08-02 11:45:01 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Roaming\Malwarebytes

[2012-08-02 11:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fzdhshtjrthjxf

[2012-08-02 11:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012-08-02 11:44:54 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012-08-02 11:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mdfrzy

[2012-08-02 08:47:47 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{FACA2EA7-E30E-4E8C-8FAD-B6DCEECA2FFB}

[2012-08-02 08:47:35 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{1670F952-1838-42FB-87F3-B27FB360171E}

[2012-08-01 16:39:51 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{66E625D3-5374-461A-AFD4-F02541507CFF}

[2012-08-01 16:39:39 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{0FDD4A58-8E3A-4CC4-8F6D-C19FD17265E1}

[2012-07-31 16:30:02 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{D661220E-DCF4-4627-AFFD-C9BACE2995A5}

[2012-07-31 16:29:52 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{26A3992D-9394-412B-AD53-357A21D2938C}

[2012-07-30 18:29:26 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\DirectDownloader

[2012-07-30 16:31:02 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{B9EAC65B-3941-46E1-AED3-4EC0FF3CFAC4}

[2012-07-30 16:30:52 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{DEC38FC9-D859-4748-8368-E31336DFEC22}

[2012-07-29 22:37:38 | 000,000,000 | ---D | C] -- C:\Users\KENNY\Documents\Vuze Downloads

[2012-07-29 09:55:18 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{937F4C4F-E761-4F9D-AFB6-4A85C17478E1}

[2012-07-29 09:55:04 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{7FBC3D22-DC2B-4B4B-A5E7-49D8ED32AD4E}

[2012-07-28 20:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenApp

[2012-07-28 20:02:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\smartdl

[2012-07-28 10:24:50 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{0A8BA5EB-EFC0-4574-A3E5-DEE8C286B222}

[2012-07-28 10:24:40 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{89803C18-7F08-458E-80B3-9403432092B4}

[2012-07-27 12:23:22 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{7F15B864-FC51-4D77-8255-C0D6AD3AE68E}

[2012-07-27 12:23:10 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{0DD3F77A-7860-452E-9632-FB18BD77E89D}

[2012-07-26 19:21:25 | 000,000,000 | ---D | C] -- C:\Users\KENNY\Documents\My Photos

[2012-07-26 19:21:25 | 000,000,000 | ---D | C] -- C:\Users\KENNY\Documents\My Documents

[2012-07-26 19:09:24 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2012-07-26 19:07:39 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\Htc

[2012-07-26 19:07:11 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Roaming\HTC

[2012-07-26 19:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync

[2012-07-26 19:06:01 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\Downloaded Installations

[2012-07-26 19:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC

[2012-07-26 19:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications

[2012-07-26 19:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC

[2012-07-26 19:05:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2012-07-26 19:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2012-07-26 10:23:58 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{254B3108-51CA-41AD-993C-496076E647CB}

[2012-07-26 10:23:47 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{C5B6ED28-9DAB-4D90-ABCD-C4EFB2EFA966}

[2012-07-25 16:33:01 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{AD60E4E9-ED71-4309-8EB7-BE5168CF6E3A}

[2012-07-25 16:32:48 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{C96A861D-DFB1-47B1-A831-73039D760C45}

[2012-07-24 16:30:17 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{42E45AD2-9BBE-4ABE-B467-CB7B0FE5E655}

[2012-07-24 16:30:05 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{D160A798-659A-4A8B-B2FD-30B78FE33C8B}

[2012-07-23 18:10:18 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{996C9540-BE8B-40F5-AD75-4B944C0AD019}

[2012-07-23 18:10:07 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{EDA25C6A-3ABA-42D7-857B-9D63A843B86B}

[2012-07-22 11:02:58 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{4056E71A-47B8-4F3D-9863-A56135C6D29A}

[2012-07-22 11:02:47 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{E79A2B8C-B763-4475-9C8B-7032837619A0}

[2012-07-21 10:49:23 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{0E0D9D90-0354-41DD-87C1-19E5E0C836DB}

[2012-07-21 10:49:10 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{3EE5BC90-8B3F-4247-AC9C-217979B3B501}

[2012-07-20 09:05:00 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{DAF94222-B600-4032-9027-02F003D5272B}

[2012-07-20 09:04:49 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{961ABD14-83B2-4697-8447-3B5E449FAF77}

[2012-07-19 10:42:57 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{E3282096-9DBB-4E73-937F-6AF4A831635F}

[2012-07-19 10:42:37 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{55CF5C16-AFEC-46EB-ABC7-B03FA9126A54}

[2012-07-18 10:25:12 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{9F230861-CF23-4741-A54F-07906AB52A95}

[2012-07-18 10:25:01 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{BDAC4C63-0AAD-471A-BD64-7859FDB5DEEB}

[2012-07-17 11:34:02 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{964F5E17-B185-41FF-8809-1B87E35670B7}

[2012-07-17 11:33:51 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{D17C1D34-C7B7-4794-BD0D-01D5CD07F4B8}

[2012-07-16 12:48:32 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{1C33B996-BB57-41A1-A60A-98A3F461EBBD}

[2012-07-16 12:48:21 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{EE087ECE-29EE-46E2-9F55-2D3AA304B426}

[2012-07-15 23:26:00 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{E90E66A1-7D64-4122-83CC-D8F4FF692712}

[2012-07-15 23:25:50 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{E9B974E9-FA1F-4C71-9C5F-462B927112CD}

[2012-07-15 11:25:24 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{70C10C92-DB8C-4889-9487-8BBAB6F31F5D}

[2012-07-15 11:25:14 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{609A0470-D0D2-4730-B9E1-736CCF8BEF64}

[2012-07-14 10:35:29 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{5A5EDDB3-4729-4AC2-A503-AA7469C03E3B}

[2012-07-14 10:35:15 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{4CDF74AC-2456-4A51-9314-84CF3E60066D}

[2012-07-13 11:04:52 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{23C5B667-4303-4BCF-BB0F-43FD6FCA7FA1}

[2012-07-13 11:04:42 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{FA99EA6C-0624-4541-A0CF-F1DF66A5ADC4}

[2012-07-12 18:45:02 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{48524C18-CAD2-40E4-9B21-798D5C3A8506}

[2012-07-12 18:44:49 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{299AD14B-7920-48EB-BF49-B5F2C5E33B16}

[2012-07-12 01:08:09 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{7F5813FC-8738-4D51-A5C4-0CBD7E9563B8}

[2012-07-12 01:07:53 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{296770BF-45E3-45B1-81EB-8B13EDCDBDE9}

[2012-07-11 11:20:20 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{52BF190D-7654-4D67-89D7-49372D6DA68A}

[2012-07-11 11:20:03 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{71A8761E-B4AD-4BEF-BAF7-AB5A71D13F38}

[2012-07-10 10:28:57 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{BD78FB45-02C8-49AA-9E00-3554EF86DA71}

[2012-07-10 10:28:45 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{8B175211-2FDE-4A4F-B973-F6C15128D6AF}

[2012-07-09 12:21:15 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{0ACEA0A0-C41B-448D-BCD0-E7494400E2EE}

[2012-07-09 12:20:58 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{9CCBED56-3BAB-44D8-97EE-06612FB8809D}

[2012-07-08 11:08:14 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{EDA905CC-8BB6-4A31-8079-04C0C57EB385}

[2012-07-08 11:07:58 | 000,000,000 | ---D | C] -- C:\Users\KENNY\AppData\Local\{E30CBDF4-F4BC-46A9-974D-8DFD7BEDC912}

 

========== Files - Modified Within 30 Days ==========

 

[2012-08-06 17:28:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012-08-06 15:18:29 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012-08-06 15:18:29 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012-08-06 15:11:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012-08-06 15:11:10 | 2064,322,559 | -HS- | M] () -- C:\hiberfil.sys

[2012-08-05 18:37:15 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012-08-05 18:37:15 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012-08-05 18:34:46 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012-08-04 12:54:20 | 001,472,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012-08-04 12:54:20 | 000,627,634 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2012-08-04 12:54:20 | 000,617,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012-08-04 12:54:20 | 000,124,688 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2012-08-04 12:54:20 | 000,107,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012-08-03 14:05:47 | 000,007,599 | ---- | M] () -- C:\Users\KENNY\AppData\Local\Resmon.ResmonCfg

[2012-07-12 01:06:50 | 000,266,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

 

========== Files Created - No Company Name ==========

 

[2012-08-03 14:05:47 | 000,007,599 | ---- | C] () -- C:\Users\KENNY\AppData\Local\Resmon.ResmonCfg

[2012-07-03 10:33:51 | 000,008,597 | ---- | C] () -- C:\Windows\SYMPHONY.ini.cfl

[2012-07-03 10:33:44 | 000,005,813 | ---- | C] () -- C:\Windows\SYMPHONY.ini.cfg

[2012-07-03 10:08:01 | 000,000,342 | ---- | C] () -- C:\Windows\SYMPHONY.ini.imi

[2012-06-22 11:03:37 | 001,491,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012-06-13 19:56:28 | 000,095,703 | ---- | C] () -- C:\Users\KENNY\AppData\Local\ars.cache

[2012-06-13 19:45:01 | 000,000,036 | ---- | C] () -- C:\Users\KENNY\AppData\Local\housecall.guid.cache

[2012-06-06 19:47:49 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\OBroker.exe

[2012-05-25 09:16:47 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2012-05-25 09:16:47 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2012-05-25 01:09:06 | 000,000,000 | ---- | C] () -- C:\ProgramData\ff858c76778d297945eb31b3c87d0a25_c

[2012-03-19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012-03-19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2012-03-15 19:51:33 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012-03-15 19:51:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012-03-14 21:37:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012-03-09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012-02-15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012-02-15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012-02-14 19:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012-02-14 19:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2012-02-14 19:47:06 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011-09-28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011-09-13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

 

========== LOP Check ==========

 

[2012-07-27 13:28:30 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\AMS

[2012-08-02 01:07:42 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\Azureus

[2012-07-03 10:33:53 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\Corsair

[2012-07-26 19:07:39 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\HTC

[2012-07-26 19:09:24 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2012-03-15 00:22:32 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\Leadertech

[2012-03-15 18:12:30 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\Origin

[2012-08-03 14:31:06 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\QuickScan

[2012-04-06 18:27:05 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\TS3Client

[2012-03-15 00:50:02 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\wargaming.net

[2012-03-15 18:14:29 | 000,000,000 | ---D | M] -- C:\Users\KENNY\AppData\Roaming\Windows Live Writer

[2012-07-03 10:36:08 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

< End of report >

Attach12gh.txt

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad
det andra kunde jag inte häller få bort bara återställa.
Välj återställa då så får vi se hur det då blir i en ny DDS-logg.
Länk till kommentar
Dela på andra webbplatser
Micke-89

Micke-89

Postad
  • Trådskapare
Postad

Välj återställa då så får vi se hur det då blir i en ny DDS-logg.

 

Redan fixat:) redigerade förra melddelandet.

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Hände det något i Firefox när du valde Återställ?

För DDS-loggen ser rätt oförändrad ut.

Länk till kommentar
Dela på andra webbplatser
Micke-89

Micke-89

Postad
  • Trådskapare
Postad

Hände det något i Firefox när du valde Återställ?

För DDS-loggen ser rätt oförändrad ut.

 

Endast värderna, inte namnet ändrades.

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Då får du redigera user.js i Firefox med Anteckningar.

Allmän information om den filen: http://kb.mozillazine.org/User.js_file

Vet du hur du hittar Firefox-profil-mappen som innehåller inställningar, tillägg mm för Firefox?

 

Allt som har med:

 

extentions.y2layers

extensions.BabylonToolbar_i

extensions.dealply

extensions.incredibar_i

 

att göra i den filen ska bort.

 

För säkerhets skull spara en kopia av user.js innan du ändrar i den utifall att resultatet inte skulle bli bra.

Länk till kommentar
Dela på andra webbplatser
Micke-89

Micke-89

Postad
  • Trådskapare
Postad

Då får du redigera user.js i Firefox med Anteckningar.

Allmän information om den filen: http://kb.mozillazine.org/User.js_file

Vet du hur du hittar Firefox-profil-mappen som innehåller inställningar, tillägg mm för Firefox?

 

Allt som har med:

 

extentions.y2layers

extensions.BabylonToolbar_i

extensions.dealply

extensions.incredibar_i

 

att göra i den filen ska bort.

 

För säkerhets skull spara en kopia av user.js innan du ändrar i den utifall att resultatet inte skulle bli bra.

 

 

Ja profilerna har jag hittart dock inte User.js, verkar som man måste skapa en sån fil eller är det inte bara att ta bort profilen och göra ny?

Länk till kommentar
Dela på andra webbplatser
Micke-89

Micke-89

Postad
  • Trådskapare
Postad

Normalt har man ingen user.js, men i ditt fall verkar det finnas en. Du kan ju söka igenom datorn efter en sådan fil.

 

Men annars så är det nog enklast att skapa en ny profil och kopiera över bokmärken mm, se http://support.mozilla.org/en-US/kb/Recovering%20important%20data%20from%20an%20old%20profile

 

 

Då förstår jag :) Kollade lite snabbt på min egen dator :) Annars kan man tydligen nollställa profilen egenom att ta bort pref filen. Men är nog bättre med en ny profil så slipper man allt skit.

 

Så nu är det bara att få bort Yontoo som ligger kvar i avinstalera eller ända program (får bara som sagt error när jag försöker). Verklar vara borta i program, men windows envisas med att ha kvar den.

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

Är du van vid CCleaner?

För i den kan man också välja att avinstallera program och när då CCleaner märker att det inte finns någon avinstallationsfil att använda så frågar den om man bara vill ta bort den från listan. I alla fall fungerade det så för några år sedan när jag använde det.

Länk till kommentar
Dela på andra webbplatser
Micke-89

Micke-89

Postad
  • Trådskapare
Postad

Är du van vid CCleaner?

För i den kan man också välja att avinstallera program och när då CCleaner märker att det inte finns någon avinstallationsfil att använda så frågar den om man bara vill ta bort den från listan. I alla fall fungerade det så för några år sedan när jag använde det.

 

Jo då:) fast var ett tag sen jag använde det. Har inte tänkt på att programet kan göra så. Jag lägger i alla fall upp en DDS när jag är klar och hoppas den är ren nu.

Länk till kommentar
Dela på andra webbplatser
Micke-89

Micke-89

Postad
  • Trådskapare
Postad

Är du van vid CCleaner?

För i den kan man också välja att avinstallera program och när då CCleaner märker att det inte finns någon avinstallationsfil att använda så frågar den om man bara vill ta bort den från listan. I alla fall fungerade det så för några år sedan när jag använde det.

 

Jag hittade VideoFileDownload på datorn. Enligt denna sida http://greatis.com/blog/how-to-remove-malware/videofiledownload-exe.htm är det virus (kan inte svära på om sidan är säker häller så gå in mmed försiktighet).

 

Hiuttadee nu också PricePeep for FireFox info http://pricepeep.software.informer.com/

 

Tar bort båda filerna, men det tar väll inte bort allt?

 

hittar mer Bit Boost och BFlix Gadget (den sistnämnda gick inte avinstallera), tog i alla fall bort den från från avinstalationslista. Dom andra har jag avinstalerat i alla fall.

 

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by KENNY at 19:12:06 on 2012-08-07

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8086.5877 [GMT 2:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Corsair VENGEANCE 2000\CPL\CAHS2.exe

C:\Program Files\Corsair VENGEANCE 2000\CPL\CAHS2.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Origin\Origin.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ekort\ekort.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

C:\Program Files (x86)\Mdfrzy\mbamgui.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe

C:\Windows\SysWOW64\OBroker.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\qosPlugin.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Mdfrzy\mbamservice.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\AUDIODG.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page =

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - C:\Program Files (x86)\ekort\EKortHelper.dll

TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - C:\Program Files (x86)\ekort\EKortToolbar.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe

mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Mdfrzy\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{292A936C-773C-4FE9-BB24-9D66861CB451} : DhcpNameServer = 192.168.2.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{9065E913-4F23-4B47-9B5D-B055D32DB1F3}

{8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF}

mRun-x64: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Mdfrzy\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\KENNY\AppData\Roaming\Mozilla\Firefox\Profiles\e0xtzvom.standard\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-3-15 181760]

R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-3-15 55296]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Mdfrzy\mbamservice.exe [2012-8-2 655944]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-3-23 87040]

R2 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SYMPHONY;Corsair USB Headphone Driver;C:\Windows\system32\DRIVERS\Symphony.sys --> C:\Windows\system32\DRIVERS\Symphony.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-3-19 276248]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-07 13:51:37 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{65F46089-85DB-4C1C-AF9C-E633FC54D5F9}\mpengine.dll

2012-08-07 13:42:26 -------- d-----w- C:\Users\KENNY\AppData\Local\{9CD12E29-9A29-4250-B2DF-A03D3DAE8E12}

2012-08-07 13:42:11 -------- d-----w- C:\Users\KENNY\AppData\Local\{3D75FC65-9013-4B3A-A35D-66779F3D3692}

2012-08-07 13:41:56 -------- d-----w- C:\Users\KENNY\AppData\Local\{C26EB53E-9041-4F4D-845A-AB9C7F2655BA}

2012-08-06 13:22:31 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-06 13:13:16 -------- d-----w- C:\Users\KENNY\AppData\Local\{1C17187C-0A06-4457-800B-B6EFF470FD0B}

2012-08-06 13:13:05 -------- d-----w- C:\Users\KENNY\AppData\Local\{5EB4E529-5EED-4395-9DDE-909463E19980}

2012-08-06 13:12:46 -------- d-----w- C:\Users\KENNY\AppData\Local\{93A7E10F-5FCC-49A8-AD40-7EE7FB183732}

2012-08-05 09:43:50 -------- d-----w- C:\Users\KENNY\AppData\Local\{7B65AFC3-F442-4952-B8C7-F6CAFE5893C1}

2012-08-05 09:43:37 -------- d-----w- C:\Users\KENNY\AppData\Local\{8F955B54-BE15-45EE-B8CA-F739C15C783C}

2012-08-04 16:57:31 -------- d-----w- C:\_OTL

2012-08-04 08:41:14 -------- d-----w- C:\Users\KENNY\AppData\Local\{247737DA-74C6-4B21-B5BC-0AF2DCFA0CB6}

2012-08-04 08:41:01 -------- d-----w- C:\Users\KENNY\AppData\Local\{E7820B2D-8A6D-4888-805A-D3DC576CF94A}

2012-08-03 09:11:46 -------- d-----w- C:\Users\KENNY\AppData\Local\{3C09B89F-7F71-4C88-83CC-7B83622DC393}

2012-08-03 09:11:21 -------- d-----w- C:\Users\KENNY\AppData\Local\{CA4FA6C1-F182-4016-BDD8-BA85F15CCB56}

2012-08-02 18:48:28 -------- d-----w- C:\Users\KENNY\AppData\Local\{4DAE4414-8E76-4601-91EB-6C086E18385A}

2012-08-02 18:48:18 -------- d-----w- C:\Users\KENNY\AppData\Local\{A3C98CE1-C5DF-4BC0-8ADD-E15DED2F4E32}

2012-08-02 18:47:42 -------- d-----w- C:\Program Files (x86)\ESET

2012-08-02 18:37:24 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-08-02 09:45:01 -------- d-----w- C:\Users\KENNY\AppData\Roaming\Malwarebytes

2012-08-02 09:44:55 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-02 09:44:54 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-02 09:44:54 -------- d-----w- C:\Program Files (x86)\Mdfrzy

2012-08-02 06:47:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{FACA2EA7-E30E-4E8C-8FAD-B6DCEECA2FFB}

2012-08-02 06:47:35 -------- d-----w- C:\Users\KENNY\AppData\Local\{1670F952-1838-42FB-87F3-B27FB360171E}

2012-08-01 14:39:51 -------- d-----w- C:\Users\KENNY\AppData\Local\{66E625D3-5374-461A-AFD4-F02541507CFF}

2012-08-01 14:39:39 -------- d-----w- C:\Users\KENNY\AppData\Local\{0FDD4A58-8E3A-4CC4-8F6D-C19FD17265E1}

2012-07-31 14:30:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{D661220E-DCF4-4627-AFFD-C9BACE2995A5}

2012-07-31 14:29:52 -------- d-----w- C:\Users\KENNY\AppData\Local\{26A3992D-9394-412B-AD53-357A21D2938C}

2012-07-30 16:29:26 -------- d-----w- C:\Users\KENNY\AppData\Local\DirectDownloader

2012-07-30 14:31:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{B9EAC65B-3941-46E1-AED3-4EC0FF3CFAC4}

2012-07-30 14:30:52 -------- d-----w- C:\Users\KENNY\AppData\Local\{DEC38FC9-D859-4748-8368-E31336DFEC22}

2012-07-29 07:55:18 -------- d-----w- C:\Users\KENNY\AppData\Local\{937F4C4F-E761-4F9D-AFB6-4A85C17478E1}

2012-07-29 07:55:04 -------- d-----w- C:\Users\KENNY\AppData\Local\{7FBC3D22-DC2B-4B4B-A5E7-49D8ED32AD4E}

2012-07-28 18:12:19 -------- d-----w- C:\Program Files (x86)\OpenApp

2012-07-28 18:02:55 -------- d-----w- C:\Program Files (x86)\smartdl

2012-07-28 08:24:50 -------- d-----w- C:\Users\KENNY\AppData\Local\{0A8BA5EB-EFC0-4574-A3E5-DEE8C286B222}

2012-07-28 08:24:40 -------- d-----w- C:\Users\KENNY\AppData\Local\{89803C18-7F08-458E-80B3-9403432092B4}

2012-07-27 10:23:22 -------- d-----w- C:\Users\KENNY\AppData\Local\{7F15B864-FC51-4D77-8255-C0D6AD3AE68E}

2012-07-27 10:23:10 -------- d-----w- C:\Users\KENNY\AppData\Local\{0DD3F77A-7860-452E-9632-FB18BD77E89D}

2012-07-26 17:09:24 -------- d-----w- C:\Users\KENNY\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

2012-07-26 17:07:39 -------- d-----w- C:\Users\KENNY\AppData\Local\Htc

2012-07-26 17:07:11 -------- d-----w- C:\Users\KENNY\AppData\Roaming\HTC

2012-07-26 17:06:01 -------- d-----w- C:\Users\KENNY\AppData\Local\Downloaded Installations

2012-07-26 17:05:42 -------- d-----w- C:\Program Files (x86)\Spirent Communications

2012-07-26 17:05:29 -------- d-----w- C:\Program Files (x86)\HTC

2012-07-26 17:05:09 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-07-26 08:23:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{254B3108-51CA-41AD-993C-496076E647CB}

2012-07-26 08:23:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{C5B6ED28-9DAB-4D90-ABCD-C4EFB2EFA966}

2012-07-25 14:33:01 -------- d-----w- C:\Users\KENNY\AppData\Local\{AD60E4E9-ED71-4309-8EB7-BE5168CF6E3A}

2012-07-25 14:32:48 -------- d-----w- C:\Users\KENNY\AppData\Local\{C96A861D-DFB1-47B1-A831-73039D760C45}

2012-07-24 14:30:17 -------- d-----w- C:\Users\KENNY\AppData\Local\{42E45AD2-9BBE-4ABE-B467-CB7B0FE5E655}

2012-07-24 14:30:05 -------- d-----w- C:\Users\KENNY\AppData\Local\{D160A798-659A-4A8B-B2FD-30B78FE33C8B}

2012-07-23 16:10:18 -------- d-----w- C:\Users\KENNY\AppData\Local\{996C9540-BE8B-40F5-AD75-4B944C0AD019}

2012-07-23 16:10:07 -------- d-----w- C:\Users\KENNY\AppData\Local\{EDA25C6A-3ABA-42D7-857B-9D63A843B86B}

2012-07-22 09:02:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{4056E71A-47B8-4F3D-9863-A56135C6D29A}

2012-07-22 09:02:47 -------- d-----w- C:\Users\KENNY\AppData\Local\{E79A2B8C-B763-4475-9C8B-7032837619A0}

2012-07-21 08:49:23 -------- d-----w- C:\Users\KENNY\AppData\Local\{0E0D9D90-0354-41DD-87C1-19E5E0C836DB}

2012-07-21 08:49:10 -------- d-----w- C:\Users\KENNY\AppData\Local\{3EE5BC90-8B3F-4247-AC9C-217979B3B501}

2012-07-20 07:05:00 -------- d-----w- C:\Users\KENNY\AppData\Local\{DAF94222-B600-4032-9027-02F003D5272B}

2012-07-20 07:04:49 -------- d-----w- C:\Users\KENNY\AppData\Local\{961ABD14-83B2-4697-8447-3B5E449FAF77}

2012-07-19 08:42:57 -------- d-----w- C:\Users\KENNY\AppData\Local\{E3282096-9DBB-4E73-937F-6AF4A831635F}

2012-07-19 08:42:37 -------- d-----w- C:\Users\KENNY\AppData\Local\{55CF5C16-AFEC-46EB-ABC7-B03FA9126A54}

2012-07-18 08:25:12 -------- d-----w- C:\Users\KENNY\AppData\Local\{9F230861-CF23-4741-A54F-07906AB52A95}

2012-07-18 08:25:01 -------- d-----w- C:\Users\KENNY\AppData\Local\{BDAC4C63-0AAD-471A-BD64-7859FDB5DEEB}

2012-07-17 09:34:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{964F5E17-B185-41FF-8809-1B87E35670B7}

2012-07-17 09:33:51 -------- d-----w- C:\Users\KENNY\AppData\Local\{D17C1D34-C7B7-4794-BD0D-01D5CD07F4B8}

2012-07-16 10:48:32 -------- d-----w- C:\Users\KENNY\AppData\Local\{1C33B996-BB57-41A1-A60A-98A3F461EBBD}

2012-07-16 10:48:21 -------- d-----w- C:\Users\KENNY\AppData\Local\{EE087ECE-29EE-46E2-9F55-2D3AA304B426}

2012-07-15 21:26:00 -------- d-----w- C:\Users\KENNY\AppData\Local\{E90E66A1-7D64-4122-83CC-D8F4FF692712}

2012-07-15 21:25:50 -------- d-----w- C:\Users\KENNY\AppData\Local\{E9B974E9-FA1F-4C71-9C5F-462B927112CD}

2012-07-15 09:25:24 -------- d-----w- C:\Users\KENNY\AppData\Local\{70C10C92-DB8C-4889-9487-8BBAB6F31F5D}

2012-07-15 09:25:14 -------- d-----w- C:\Users\KENNY\AppData\Local\{609A0470-D0D2-4730-B9E1-736CCF8BEF64}

2012-07-14 08:35:29 -------- d-----w- C:\Users\KENNY\AppData\Local\{5A5EDDB3-4729-4AC2-A503-AA7469C03E3B}

2012-07-14 08:35:15 -------- d-----w- C:\Users\KENNY\AppData\Local\{4CDF74AC-2456-4A51-9314-84CF3E60066D}

2012-07-13 09:04:52 -------- d-----w- C:\Users\KENNY\AppData\Local\{23C5B667-4303-4BCF-BB0F-43FD6FCA7FA1}

2012-07-13 09:04:42 -------- d-----w- C:\Users\KENNY\AppData\Local\{FA99EA6C-0624-4541-A0CF-F1DF66A5ADC4}

2012-07-12 16:45:02 -------- d-----w- C:\Users\KENNY\AppData\Local\{48524C18-CAD2-40E4-9B21-798D5C3A8506}

2012-07-12 16:44:49 -------- d-----w- C:\Users\KENNY\AppData\Local\{299AD14B-7920-48EB-BF49-B5F2C5E33B16}

2012-07-11 23:08:09 -------- d-----w- C:\Users\KENNY\AppData\Local\{7F5813FC-8738-4D51-A5C4-0CBD7E9563B8}

2012-07-11 23:07:53 -------- d-----w- C:\Users\KENNY\AppData\Local\{296770BF-45E3-45B1-81EB-8B13EDCDBDE9}

2012-07-11 11:33:35 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 09:22:59 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-07-11 09:22:59 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-07-11 09:22:59 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-07-11 09:22:59 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-07-11 09:22:59 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-11 09:22:59 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 09:22:58 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll

2012-07-11 09:22:58 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 09:22:58 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-07-11 09:22:58 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 09:22:58 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 09:22:58 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 09:22:58 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-07-11 09:20:20 -------- d-----w- C:\Users\KENNY\AppData\Local\{52BF190D-7654-4D67-89D7-49372D6DA68A}

2012-07-11 09:20:03 -------- d-----w- C:\Users\KENNY\AppData\Local\{71A8761E-B4AD-4BEF-BAF7-AB5A71D13F38}

2012-07-10 09:59:35 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2012-07-10 08:28:57 -------- d-----w- C:\Users\KENNY\AppData\Local\{BD78FB45-02C8-49AA-9E00-3554EF86DA71}

2012-07-10 08:28:45 -------- d-----w- C:\Users\KENNY\AppData\Local\{8B175211-2FDE-4A4F-B973-F6C15128D6AF}

2012-07-09 10:21:15 -------- d-----w- C:\Users\KENNY\AppData\Local\{0ACEA0A0-C41B-448D-BCD0-E7494400E2EE}

2012-07-09 10:20:58 -------- d-----w- C:\Users\KENNY\AppData\Local\{9CCBED56-3BAB-44D8-97EE-06612FB8809D}

.

==================== Find3M ====================

.

2012-08-05 16:37:15 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-08-05 16:37:15 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-08-05 16:34:46 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-08-02 17:28:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-02 17:28:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-25 14:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll

2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll

2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll

2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe

2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll

2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll

2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-06-11 11:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-11 11:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-11 11:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-11 11:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-11 11:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-11 11:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-11 11:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-30 17:44:56 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-05-30 17:44:55 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-05-30 17:44:55 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-05-30 17:44:55 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

.

============= FINISH: 19:12:42,72 ===============

 

 

Några fler loggar som jag ska ta med?

Attachjk54.txt

Länk till kommentar
Dela på andra webbplatser
Cecilia

Cecilia

Postad
Postad

VideoFileDownload har enligt greatis-sidan (inte skadlig men inte alltid korrekt info för det är i första hand en försäljningssida) MD5-checksumman b7a5c17151b4bcb3aa1345c98e7b49da och den filen är uppladdad på virustotal.com där inte ett enda antivirusprogram ansåg att den är skadlig: https://www.virustotal.com/file/199d81be1a58d3887bec6755842946cd8898830c36a56f941420cba9d4bcea3f/analysis/

 

Bit Boost verkar ha med Belkin-routrar att göra:

http://en-us-support.belkin.com/app/answers/detail/a_id/3823/~/how-do-i-set-up-bit-boost-on-my-router%3F

http://en-us-support.belkin.com/app/answers/detail/a_id/3825/~/setting-up-bit-boost-function-%28share,-play,-play-max%29

Det finns fler Belkin-program installerade.

 

Inget av de fyra programmen har varit aktiv i datorn (förutom när någon har startat dem).

 

Inga konstigheter med Firefox längre utan nu ser den så bra ut så.

 

Då så, om du inte några ytterligare problem eller frågor, så är det dags för avinstallationer.

 

1.

Starta OTL.

Tryck på knappen CleanUp!

DDS och OTL kommer att avinstalleras efter en omstart av datorn. Ta bort eventuella loggar.

 

2. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

 

3. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/

Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

Gå till ämneslista


×
×
  • Skapa nytt...