Just nu i M3-nätverket
Gå till innehåll

Yontoo


Druid23s

Rekommendera Poster

Hej! Jag har nu både Problem med League of Legends (Datorspel) och viruset Yontoo! Eftersom League of Legends krånglar, så ska jag göra en systemåterställning ungefär 10 dagar tillbaka, men då har jag ett problem! Det går inte att göra systemåterställning, för det säger att det inte går att ersätta Yontoo filerna, eller något liknande, så jag testade att avinstallera Yontoo från datorn (Under kontrollpanelen och fungerade att avinstallera direkt) men sen när jag gör Systemåterställning så får jag fortfarande samma problem! :( Jag får inte fram några loggar vad jag försökt eftersom programmet tydligen är avinstallerat, men det ligger fortfarande kvar. Tacksam för svar!!

/Alfred

Länk till kommentar
Dela på andra webbplatser

Har du prövat med alla tre nedladdningslänkarna och kommit ihåg att spara DDS-programmen på skrivbordet?

Startar DDS-programmet?

Skapas det någon DDS.txt på skrivbordet?

Länk till kommentar
Dela på andra webbplatser

Avinstallera:

PriceGong 2.6.7 pga http://www.systemlookup.com/CLSID/70106-PriceLoadIE_dll.html

 

Java 7 Update 17

Java™ 6 Update 17 (64-bit)

Ovanstående för att det är gamla versioner med kända säkerhetshål som gör det lätt att infektera datorn från en webbsida.

 

Starta om datorn och så får du pröva med OTL i stället för DDS.

 

Spara OTL på Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL.

 

Tryck på Quick Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

Länk till kommentar
Dela på andra webbplatser

Okej, här kommer de! [log]OTL logfile created on: 2013-04-25 18:47:00 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alfred\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

3,75 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 51,26% Memory free

7,49 Gb Paging File | 5,46 Gb Available in Paging File | 72,92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 442,49 Gb Total Space | 268,12 Gb Free Space | 60,59% Space Free | Partition Type: NTFS

Drive D: | 22,97 Gb Total Space | 3,35 Gb Free Space | 14,60% Space Free | Partition Type: NTFS

Drive E: | 99,02 Mb Total Space | 92,75 Mb Free Space | 93,67% Space Free | Partition Type: FAT32

 

Computer Name: ALFRED-DATOR | User Name: Alfred | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013-04-25 18:45:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alfred\Downloads\OTL.exe

PRC - [2013-04-17 18:21:02 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Alfred\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012-10-02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012-05-10 13:11:24 | 001,267,264 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe

PRC - [2012-01-18 17:36:46 | 001,452,680 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\Tray\FightersTray.exe

PRC - [2011-08-04 06:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe

PRC - [2010-03-05 21:12:48 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe

PRC - [2010-01-25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

PRC - [2010-01-25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2010-01-22 10:30:00 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2010-01-22 10:29:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MOD - [2010-01-22 10:29:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2010-04-16 16:09:00 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010-02-01 11:29:34 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009-07-08 13:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2009-03-03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe -- (AESTFilters)

SRV - [2013-04-15 15:30:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013-03-15 16:40:43 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013-02-25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012-10-02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012-05-11 13:06:24 | 000,270,928 | ---- | M] (SPAMfighter ApS) [On_Demand | Stopped] -- C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe -- (Common Toolkit Tools)

SRV - [2012-05-10 13:11:24 | 001,267,264 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe -- (Suite Service)

SRV - [2011-08-04 06:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)

SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010-03-05 21:12:48 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)

SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010-02-01 11:29:34 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe -- (STacSV)

SRV - [2010-01-27 23:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV - [2010-01-19 00:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2010-01-04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009-08-18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009-07-22 10:17:44 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)

SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009-03-30 04:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)

SRV - [2009-03-30 04:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)

SRV - [2009-03-03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe -- (AESTFilters)

SRV - [2008-07-10 05:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013-04-03 01:15:32 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)

DRV:64bit: - [2012-09-23 13:42:02 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012-09-21 21:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)

DRV:64bit: - [2012-09-21 21:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011-08-22 04:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv)

DRV:64bit: - [2011-08-22 04:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011-08-04 06:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP)

DRV:64bit: - [2011-06-10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011-05-13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011-05-13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)

DRV:64bit: - [2011-05-13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)

DRV:64bit: - [2011-05-13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2011-05-13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)

DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010-11-20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010-04-29 07:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON)

DRV:64bit: - [2010-04-22 04:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2010-04-22 04:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2010-04-16 16:19:34 | 006,403,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)

DRV:64bit: - [2010-04-16 15:11:18 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010-04-10 01:34:44 | 000,315,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010-02-09 07:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010-02-01 11:29:34 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2010-01-28 20:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009-12-22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009-11-11 13:09:32 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)

DRV:64bit: - [2009-09-21 19:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009-08-30 02:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS)

DRV:64bit: - [2009-08-24 03:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-07-08 13:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2009-07-08 13:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2009-06-10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009-06-10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009-06-10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009-06-10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009-06-10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008-02-18 16:20:10 | 000,129,024 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728)

DRV - [2013-04-13 01:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20130412.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2013-01-16 16:41:09 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130424.022\ex64.sys -- (NAVEX15)

DRV - [2013-01-16 16:41:08 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130424.022\eng64.sys -- (NAVENG)

DRV - [2012-09-23 14:00:29 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012-09-23 14:00:29 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012-09-21 15:31:10 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20130424.001\IDSviA64.sys -- (IDSVia64)

DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/11

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7

IE - HKLM\..\SearchScopes,DefaultScope = {7DBFC20B-65E7-4236-934C-8EB510B0BF21}

IE - HKLM\..\SearchScopes\{79153E2D-45DA-421C-8B0C-72FDB822BF41}: "URL" = http://www.bing.com/...rc=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/11

IE - HKCU\..\SearchScopes,DefaultScope = {7DBFC20B-65E7-4236-934C-8EB510B0BF21}

IE - HKCU\..\SearchScopes\{7DBFC20B-65E7-4236-934C-8EB510B0BF21}: "URL" = http://search.privit...q={searchTerms}

IE - HKCU\..\SearchScopes\{F1CF465B-769A-465C-8CB6-44E3229DA7DB}: "URL" = http://websearch.ask...F6-3D20311823B3

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Privitize VPN"

FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"

FF - prefs.js..browser.search.order.1: "Privitize VPN"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - prefs.js..keyword.URL: "http://search.privitize.com/?aff=7&q="

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alfred\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2012-09-27 14:27:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2013-04-25 18:39:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-04-24 18:27:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-04-24 18:27:11 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012-08-17 18:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alfred\AppData\Roaming\mozilla\Extensions

[2012-12-22 19:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alfred\AppData\Roaming\mozilla\Firefox\Profiles\1acow5wu.default\extensions

[2012-09-11 15:14:50 | 000,002,299 | ---- | M] () -- C:\Users\Alfred\AppData\Roaming\mozilla\firefox\profiles\1acow5wu.default\searchplugins\askcom.xml

[2012-12-09 13:01:16 | 000,002,089 | ---- | M] () -- C:\Users\Alfred\AppData\Roaming\mozilla\firefox\profiles\1acow5wu.default\searchplugins\Startpins.xml

[2013-04-23 16:29:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013-04-24 18:27:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013-04-24 18:27:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013-04-24 18:27:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2013-04-15 15:30:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}

[2013-04-15 15:30:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012-12-08 14:03:49 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml

[2012-08-31 14:01:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012-12-08 14:03:49 | 000,002,883 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml

[2012-12-08 14:03:49 | 000,001,161 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml

[2012-08-31 14:01:30 | 000,001,387 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml

[2012-08-31 14:01:30 | 000,001,164 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

 

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)

O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [saiVolume] C:\Program\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [Clownfish] File not found

O4 - HKCU..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)

O4 - HKCU..\Run: [Etaeai] C:\Users\Alfred\AppData\Roaming\Etaeai.exe File not found

O4 - HKCU..\Run: [spotify] C:\Users\Alfred\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)

O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Alfred\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - Startup: C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{006A6D28-0C51-4755-A745-5B7CE770DD66}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5560989C-5138-4886-A34C-2109281E5068}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013-04-24 18:46:18 | 000,000,000 | ---D | C] -- C:\Users\Alfred\AppData\Local\Programs

[2013-04-24 18:42:11 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2013-04-24 18:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013-04-24 18:42:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013-04-24 18:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013-04-18 20:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab

[2013-04-18 20:18:28 | 000,000,000 | ---D | C] -- C:\Users\Alfred\SystemRequirementsLab

[2013-04-15 15:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013-04-12 20:53:02 | 000,046,280 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys

[2013-04-07 09:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013-04-03 14:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound

[2013-04-03 14:43:13 | 001,302,528 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll

[2013-04-03 14:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS

[2013-04-03 14:43:01 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2013-04-03 14:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL

[2013-04-03 14:43:00 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2013-04-03 14:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codemasters

[2013-04-03 01:15:32 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys

[2013-04-01 12:24:23 | 000,000,000 | ---D | C] -- C:\Users\Alfred\Documents\Adobe

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013-04-25 18:47:47 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013-04-25 18:47:47 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013-04-25 18:39:14 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013-04-25 18:38:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013-04-25 18:38:26 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys

[2013-04-24 18:46:33 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013-04-12 20:53:02 | 000,046,280 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys

[2013-04-11 18:11:28 | 004,973,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013-04-09 15:08:31 | 001,756,446 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013-04-09 15:08:31 | 000,727,056 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2013-04-09 15:08:31 | 000,717,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013-04-09 15:08:31 | 000,165,916 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2013-04-09 15:08:31 | 000,145,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013-04-03 14:43:01 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2013-04-03 14:43:00 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2013-04-03 01:15:32 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013-04-24 18:46:33 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012-12-08 15:39:08 | 000,081,368 | ---- | C] () -- C:\Users\Alfred\DetOfattbara.veg

[2012-11-11 11:42:53 | 000,002,812 | ---- | C] () -- C:\Users\Alfred\groups.yml

[2012-11-11 11:42:53 | 000,000,349 | ---- | C] () -- C:\Users\Alfred\users.yml

[2012-11-09 18:46:45 | 000,002,645 | ---- | C] () -- C:\Users\Alfred\groupss.yml

[2012-11-09 18:46:45 | 000,000,777 | ---- | C] () -- C:\Users\Alfred\userss.yml

[2012-11-01 00:50:41 | 000,003,982 | ---- | C] () -- C:\Users\Alfred\AppData\Local\recently-used.xbel

[2012-10-09 17:33:14 | 000,000,858 | ---- | C] () -- C:\Users\Alfred\Ipconfig.lnk

[2012-10-05 18:37:46 | 000,001,130 | ---- | C] () -- C:\Users\Alfred\Mozilla Firefox.lnk

[2012-09-21 21:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012-09-21 21:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012-09-21 21:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2012-09-08 20:37:10 | 001,735,232 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011-10-12 16:59:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011-10-12 16:51:32 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini

[2011-10-12 16:51:32 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

 

========== ZeroAccess Check ==========

 

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013-04-25 16:58:32 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\.minecraft

[2013-02-03 16:12:24 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\.techniclauncher

[2013-04-01 11:27:27 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Audacity

[2013-01-08 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\BitTorrent

[2012-09-18 17:24:21 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012-10-07 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Fighters

[2012-12-22 00:40:32 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Leadertech

[2012-09-27 14:40:07 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\LolClient

[2012-08-31 15:42:47 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Notepad++

[2013-03-04 19:44:49 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\PACE Anti-Piracy

[2012-09-18 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\PDAppFlex

[2012-08-24 22:49:47 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Publish Providers

[2012-08-25 09:50:47 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Sony

[2013-03-21 19:20:03 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Splitscreen Studios

[2013-04-25 18:42:02 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Spotify

[2012-09-17 17:16:38 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Trine2

[2012-08-17 21:51:21 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\TS3Client

[2012-09-15 17:46:32 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Unity

[2012-10-12 17:25:49 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\wargaming.net

[2012-10-26 16:08:18 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\WildTangent

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 1089 bytes -> C:\Users\Alfred\AppData\Local\zouhBctM:G3cZlbOFUoJnGJswevY

 

< End of report >

[/log]

Länk till kommentar
Dela på andra webbplatser

Spara AdwCleaner av Xplode på Skrivbordet: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

 

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Search-knappen.

Vänta tills sökningen är klar.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[R1].txt

 

Vad är det för årsmodell på din Norton?

Länk till kommentar
Dela på andra webbplatser

På mitt Norton Internet Security så är det version: 17.9.0.12, för jag fick inte fram någon årsmodell. Här kommer rapporten från AdwCleaner du ville jag skulle lägga upp!

/Alfred

[log]# AdwCleaner v2.202 - Logfile created 04/25/2013 at 20:58:25

# Updated 23/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Alfred - ALFRED-DATOR

# Boot Mode : Normal

# Running from : C:\Users\Alfred\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Found : C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\1acow5wu.default\searchplugins\Askcom.xml

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\Alfred\AppData\Local\Temp\boost_interprocess

 

***** [Registry] *****

 

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKCU\Software\StartSearch

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKLM\SOFTWARE\Tarma Installer

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16476

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v20.0.1 (sv-SE)

 

File : C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\1acow5wu.default\prefs.js

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [1949 octets] - [25/04/2013 20:58:25]

 

########## EOF - C:\AdwCleaner[R1].txt - [2009 octets] ##########

[/log]

Länk till kommentar
Dela på andra webbplatser

1. Spara AdwCleaner av Xplode på Skrivbordet: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

 

Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Search-knappen.

Vänta tills sökningen är klar.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[R1].txt

 

2. Kör OTL igen och klistra in den nya OTL.txt.

 

3. När datorn är helt ren och t ex AdwCleaner är avinstallerat behöver du kolla om du inte kan uppdatera Norton till senaste versionen.

http://updatecenter.norton.com/

 

4. Jag är bortrest fredag-söndag så jag kollar mycket lite i Eforum under de dagarna, troligen endast sent på kvällarna.

Länk till kommentar
Dela på andra webbplatser

Hej! Jag börjar då med att posta rapporten från AdwCleaner:

 

# AdwCleaner v2.202 - Logfile created 04/26/2013 at 16:05:14

# Updated 23/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Alfred - ALFRED-DATOR

# Boot Mode : Normal

# Running from : C:\Users\Alfred\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Found : C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\1acow5wu.default\searchplugins\Askcom.xml

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\Alfred\AppData\Local\Temp\boost_interprocess

 

***** [Registry] *****

 

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKCU\Software\StartSearch

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKLM\SOFTWARE\Tarma Installer

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16476

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v20.0.1 (sv-SE)

 

File : C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\1acow5wu.default\prefs.js

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [2068 octets] - [25/04/2013 20:58:25]

AdwCleaner[R2].txt - [2009 octets] - [26/04/2013 16:05:14]

 

########## EOF - C:\AdwCleaner[R2].txt - [2069 octets] ##########

 

Och här är OTL Loggen:

[log]

OTL logfile created on: 2013-04-26 16:10:38 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alfred\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

3,75 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 56,70% Memory free

7,49 Gb Paging File | 5,71 Gb Available in Paging File | 76,24% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 442,49 Gb Total Space | 266,54 Gb Free Space | 60,24% Space Free | Partition Type: NTFS

Drive D: | 22,97 Gb Total Space | 3,35 Gb Free Space | 14,60% Space Free | Partition Type: NTFS

Drive E: | 99,02 Mb Total Space | 92,75 Mb Free Space | 93,67% Space Free | Partition Type: FAT32

 

Computer Name: ALFRED-DATOR | User Name: Alfred | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013-04-26 16:08:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alfred\Downloads\OTL(1).exe

PRC - [2013-04-17 18:21:02 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Alfred\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2012-10-02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012-05-10 13:11:24 | 001,267,264 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe

PRC - [2012-01-18 17:36:46 | 001,452,680 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\Tray\FightersTray.exe

PRC - [2011-08-04 06:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe

PRC - [2010-03-05 21:12:48 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe

PRC - [2010-01-25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

PRC - [2010-01-25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2010-01-22 10:30:00 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2010-01-22 10:29:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MOD - [2010-01-22 10:29:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2010-04-16 16:09:00 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010-02-01 11:29:34 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009-07-08 13:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2009-03-03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe -- (AESTFilters)

SRV - [2013-04-15 15:30:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013-03-15 16:40:43 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013-02-25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012-10-02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012-05-11 13:06:24 | 000,270,928 | ---- | M] (SPAMfighter ApS) [On_Demand | Stopped] -- C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe -- (Common Toolkit Tools)

SRV - [2012-05-10 13:11:24 | 001,267,264 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe -- (Suite Service)

SRV - [2011-08-04 06:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)

SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010-03-05 21:12:48 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)

SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010-02-01 11:29:34 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe -- (STacSV)

SRV - [2010-01-27 23:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV - [2010-01-19 00:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2010-01-04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009-08-18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009-07-22 10:17:44 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)

SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009-03-30 04:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)

SRV - [2009-03-30 04:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)

SRV - [2009-03-03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe -- (AESTFilters)

SRV - [2008-07-10 05:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013-04-03 01:15:32 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)

DRV:64bit: - [2012-09-23 13:42:02 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012-09-21 21:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)

DRV:64bit: - [2012-09-21 21:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011-08-22 04:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symtdiv.sys -- (SYMTDIv)

DRV:64bit: - [2011-08-22 04:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011-08-04 06:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\cchpx64.sys -- (ccHP)

DRV:64bit: - [2011-06-10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011-05-13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011-05-13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)

DRV:64bit: - [2011-05-13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)

DRV:64bit: - [2011-05-13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2011-05-13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)

DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010-11-20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010-04-29 07:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\ironx64.sys -- (SymIRON)

DRV:64bit: - [2010-04-22 04:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2010-04-22 04:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2010-04-16 16:19:34 | 006,403,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)

DRV:64bit: - [2010-04-16 15:11:18 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010-04-10 01:34:44 | 000,315,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010-02-09 07:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010-02-01 11:29:34 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2010-01-28 20:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009-12-22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009-11-11 13:09:32 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)

DRV:64bit: - [2009-09-21 19:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009-08-30 02:17:18 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1109000.00C\symds64.sys -- (SymDS)

DRV:64bit: - [2009-08-24 03:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-07-08 13:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2009-07-08 13:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2009-06-10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009-06-10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009-06-10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009-06-10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009-06-10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008-02-18 16:20:10 | 000,129,024 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728)

DRV - [2013-04-13 01:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20130412.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2013-01-16 16:41:09 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130426.005\ex64.sys -- (NAVEX15)

DRV - [2013-01-16 16:41:08 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130426.005\eng64.sys -- (NAVENG)

DRV - [2012-09-23 14:00:29 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012-09-23 14:00:29 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012-09-21 15:31:10 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20130425.001\IDSviA64.sys -- (IDSVia64)

DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/11'>http://g.uk.msn.com/HPCON/11

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7

IE - HKLM\..\SearchScopes,DefaultScope = {7DBFC20B-65E7-4236-934C-8EB510B0BF21}

IE - HKLM\..\SearchScopes\{79153E2D-45DA-421C-8B0C-72FDB822BF41}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/11

IE - HKCU\..\SearchScopes,DefaultScope = {7DBFC20B-65E7-4236-934C-8EB510B0BF21}

IE - HKCU\..\SearchScopes\{7DBFC20B-65E7-4236-934C-8EB510B0BF21}: "URL" = http://search.privitize.com/?aff=7&q={searchTerms}

IE - HKCU\..\SearchScopes\{F1CF465B-769A-465C-8CB6-44E3229DA7DB}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=8B71011D-04DA-4581-BD04-04DB3F9CA1F1&apn_sauid=3AFD1368-28A1-40A0-BFF6-3D20311823B3

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Privitize VPN"

FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"

FF - prefs.js..browser.search.order.1: "Privitize VPN"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - prefs.js..keyword.URL: "http://search.privitize.com/?aff=7&q="

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alfred\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2012-09-27 14:27:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2013-04-26 15:38:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-04-26 15:36:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-04-26 15:36:43 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012-08-17 18:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alfred\AppData\Roaming\mozilla\Extensions

[2012-12-22 19:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alfred\AppData\Roaming\mozilla\Firefox\Profiles\1acow5wu.default\extensions

[2012-09-11 15:14:50 | 000,002,299 | ---- | M] () -- C:\Users\Alfred\AppData\Roaming\mozilla\firefox\profiles\1acow5wu.default\searchplugins\askcom.xml

[2012-12-09 13:01:16 | 000,002,089 | ---- | M] () -- C:\Users\Alfred\AppData\Roaming\mozilla\firefox\profiles\1acow5wu.default\searchplugins\Startpins.xml

[2013-04-23 16:29:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013-04-26 15:36:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013-04-26 15:36:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013-04-26 15:36:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2013-04-15 15:30:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}

[2013-04-15 15:30:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012-12-08 14:03:49 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml

[2012-08-31 14:01:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012-12-08 14:03:49 | 000,002,883 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml

[2012-12-08 14:03:49 | 000,001,161 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml

[2012-08-31 14:01:30 | 000,001,387 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml

[2012-08-31 14:01:30 | 000,001,164 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

 

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)

O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [saiVolume] C:\Program\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [Clownfish] File not found

O4 - HKCU..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)

O4 - HKCU..\Run: [Etaeai] C:\Users\Alfred\AppData\Roaming\Etaeai.exe File not found

O4 - HKCU..\Run: [spotify] C:\Users\Alfred\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)

O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Alfred\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - Startup: C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{006A6D28-0C51-4755-A745-5B7CE770DD66}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5560989C-5138-4886-A34C-2109281E5068}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013-04-24 18:46:18 | 000,000,000 | ---D | C] -- C:\Users\Alfred\AppData\Local\Programs

[2013-04-18 20:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab

[2013-04-18 20:18:28 | 000,000,000 | ---D | C] -- C:\Users\Alfred\SystemRequirementsLab

[2013-04-15 15:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013-04-12 20:53:02 | 000,046,280 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys

[2013-04-07 09:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013-04-03 14:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound

[2013-04-03 14:43:13 | 001,302,528 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll

[2013-04-03 14:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS

[2013-04-03 14:43:01 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2013-04-03 14:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL

[2013-04-03 14:43:00 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2013-04-03 14:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codemasters

[2013-04-03 01:15:32 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys

[2013-04-01 12:24:23 | 000,000,000 | ---D | C] -- C:\Users\Alfred\Documents\Adobe

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013-04-26 15:48:06 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013-04-26 15:48:06 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013-04-26 15:40:16 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013-04-26 15:38:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013-04-26 15:38:03 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys

[2013-04-25 20:53:52 | 000,619,461 | ---- | M] () -- C:\Users\Alfred\Desktop\adwcleaner.exe

[2013-04-12 20:53:02 | 000,046,280 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys

[2013-04-11 18:11:28 | 004,973,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013-04-09 15:08:31 | 001,756,446 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013-04-09 15:08:31 | 000,727,056 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2013-04-09 15:08:31 | 000,717,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013-04-09 15:08:31 | 000,165,916 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2013-04-09 15:08:31 | 000,145,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013-04-03 14:43:01 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2013-04-03 14:43:00 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2013-04-03 01:15:32 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013-04-25 20:53:50 | 000,619,461 | ---- | C] () -- C:\Users\Alfred\Desktop\adwcleaner.exe

[2012-12-08 15:39:08 | 000,081,368 | ---- | C] () -- C:\Users\Alfred\DetOfattbara.veg

[2012-11-11 11:42:53 | 000,002,812 | ---- | C] () -- C:\Users\Alfred\groups.yml

[2012-11-11 11:42:53 | 000,000,349 | ---- | C] () -- C:\Users\Alfred\users.yml

[2012-11-09 18:46:45 | 000,002,645 | ---- | C] () -- C:\Users\Alfred\groupss.yml

[2012-11-09 18:46:45 | 000,000,777 | ---- | C] () -- C:\Users\Alfred\userss.yml

[2012-11-01 00:50:41 | 000,003,982 | ---- | C] () -- C:\Users\Alfred\AppData\Local\recently-used.xbel

[2012-10-09 17:33:14 | 000,000,858 | ---- | C] () -- C:\Users\Alfred\Ipconfig.lnk

[2012-10-05 18:37:46 | 000,001,130 | ---- | C] () -- C:\Users\Alfred\Mozilla Firefox.lnk

[2012-09-21 21:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012-09-21 21:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012-09-21 21:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2012-09-08 20:37:10 | 001,735,232 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011-10-12 16:59:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011-10-12 16:51:32 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini

[2011-10-12 16:51:32 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

 

========== ZeroAccess Check ==========

 

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013-04-25 16:58:32 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\.minecraft

[2013-02-03 16:12:24 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\.techniclauncher

[2013-04-01 11:27:27 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Audacity

[2013-01-08 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\BitTorrent

[2012-09-18 17:24:21 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012-10-07 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Fighters

[2012-12-22 00:40:32 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Leadertech

[2012-09-27 14:40:07 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\LolClient

[2012-08-31 15:42:47 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Notepad++

[2013-03-04 19:44:49 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\PACE Anti-Piracy

[2012-09-18 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\PDAppFlex

[2012-08-24 22:49:47 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Publish Providers

[2012-08-25 09:50:47 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Sony

[2013-03-21 19:20:03 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Splitscreen Studios

[2013-04-26 15:42:12 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Spotify

[2012-09-17 17:16:38 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Trine2

[2012-08-17 21:51:21 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\TS3Client

[2012-09-15 17:46:32 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Unity

[2012-10-12 17:25:49 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\wargaming.net

[2012-10-26 16:08:18 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\WildTangent

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 1089 bytes -> C:\Users\Alfred\AppData\Local\zouhBctM:G3cZlbOFUoJnGJswevY

 

< End of report >

[/log]

/Alfred

Länk till kommentar
Dela på andra webbplatser

Förlåt, det var ju dags att rensa med AdwCleaner.

 

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

 

Klicka på Delete-knappen.

Tryck på OK.

 

Datorn kommer att startas om.

En rapport kommer upp, kopiera innehållet och klistra in i ditt svar.

Om rapporten inte kommer upp, så finns den även som C:\AdwCleaner[s1].txt

 

2. Kör OTL och klistra in OTL.txt.

Länk till kommentar
Dela på andra webbplatser

Okej, här kommer AdwCleaner rapporten efter "Delete".

 

# AdwCleaner v2.202 - Logfile created 04/27/2013 at 10:40:23

# Updated 23/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Alfred - ALFRED-DATOR

# Boot Mode : Normal

# Running from : C:\Users\Alfred\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Deleted : C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\1acow5wu.default\searchplugins\Askcom.xml

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\Alfred\AppData\Local\Temp\boost_interprocess

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\Software\StartSearch

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKLM\SOFTWARE\Tarma Installer

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16476

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v20.0.1 (sv-SE)

 

File : C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\1acow5wu.default\prefs.js

 

C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\1acow5wu.default\user.js ... Deleted !

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [2068 octets] - [25/04/2013 20:58:25]

AdwCleaner[R2].txt - [2128 octets] - [26/04/2013 16:05:14]

AdwCleaner[s1].txt - [2202 octets] - [27/04/2013 10:40:23]

 

########## EOF - C:\AdwCleaner[s1].txt - [2262 octets] ##########

 

 

 

Också kommer OLT loggen efter jag har kört AdwCleaner

 

OTL logfile created on: 2013-04-27 10:47:45 - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alfred\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

3,75 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 60,26% Memory free

7,49 Gb Paging File | 5,83 Gb Available in Paging File | 77,79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 442,49 Gb Total Space | 266,93 Gb Free Space | 60,32% Space Free | Partition Type: NTFS

Drive D: | 22,97 Gb Total Space | 3,35 Gb Free Space | 14,60% Space Free | Partition Type: NTFS

Drive E: | 99,02 Mb Total Space | 92,75 Mb Free Space | 93,67% Space Free | Partition Type: FAT32

 

Computer Name: ALFRED-DATOR | User Name: Alfred | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013-04-27 10:47:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alfred\Downloads\OTL(2).exe

PRC - [2013-04-17 18:21:02 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Alfred\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2012-12-23 21:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe

PRC - [2012-10-02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012-05-10 13:11:24 | 001,267,264 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe

PRC - [2012-01-18 17:36:46 | 001,452,680 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\Tray\FightersTray.exe

PRC - [2010-03-05 21:12:48 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe

PRC - [2010-01-25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

PRC - [2010-01-25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

PRC - [2010-01-25 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012-05-30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.1.22\wincfi39.dll

MOD - [2010-01-22 10:30:00 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2010-01-22 10:29:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MOD - [2010-01-22 10:29:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2010-04-16 16:09:00 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010-02-01 11:29:34 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009-07-08 13:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2009-03-03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe -- (AESTFilters)

SRV - [2013-04-15 15:30:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013-03-15 16:40:43 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013-02-25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012-12-23 21:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe -- (NIS)

SRV - [2012-10-02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012-05-11 13:06:24 | 000,270,928 | ---- | M] (SPAMfighter ApS) [On_Demand | Stopped] -- C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe -- (Common Toolkit Tools)

SRV - [2012-05-10 13:11:24 | 001,267,264 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe -- (Suite Service)

SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010-03-05 21:12:48 | 000,338,168 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)

SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2010-02-01 11:29:34 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe -- (STacSV)

SRV - [2010-01-27 23:01:04 | 000,102,968 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV - [2010-01-19 00:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2010-01-04 20:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009-08-18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009-07-22 10:17:44 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)

SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009-03-30 04:02:56 | 057,617,752 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)

SRV - [2009-03-30 04:01:06 | 000,427,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)

SRV - [2009-03-03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe -- (AESTFilters)

SRV - [2008-07-10 05:31:10 | 000,157,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013-04-26 17:52:28 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2013-04-03 01:15:32 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)

DRV:64bit: - [2013-01-30 21:18:18 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symnets.sys -- (SymNetS)

DRV:64bit: - [2013-01-30 21:18:06 | 001,139,800 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\SymEFA64.sys -- (SymEFA)

DRV:64bit: - [2013-01-28 19:45:20 | 000,796,248 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2013-01-28 19:45:20 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2013-01-21 20:15:34 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\SymDS64.sys -- (SymDS)

DRV:64bit: - [2012-11-15 20:22:02 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\Ironx64.sys -- (SymIRON)

DRV:64bit: - [2012-11-15 20:18:04 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ccSetx64.sys -- (ccSet_NIS)

DRV:64bit: - [2012-09-21 21:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)

DRV:64bit: - [2012-09-21 21:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011-06-10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011-05-13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011-05-13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)

DRV:64bit: - [2011-05-13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)

DRV:64bit: - [2011-05-13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2011-05-13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)

DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010-11-20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010-04-16 16:19:34 | 006,403,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)

DRV:64bit: - [2010-04-16 15:11:18 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010-04-10 01:34:44 | 000,315,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010-02-09 07:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010-02-01 11:29:34 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2010-01-28 20:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009-12-22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009-11-11 13:09:32 | 000,020,056 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dvmio.sys -- (DVMIO)

DRV:64bit: - [2009-09-21 19:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009-08-24 03:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-07-08 13:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2009-07-08 13:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2009-06-10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009-06-10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009-06-10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009-06-10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009-06-10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009-06-10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)

DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008-02-18 16:20:10 | 000,129,024 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728)

DRV - [2013-04-25 15:32:44 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130425.001\IDSviA64.sys -- (IDSVia64)

DRV - [2013-04-25 01:00:00 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130426.005\ex64.sys -- (NAVEX15)

DRV - [2013-04-25 01:00:00 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130426.005\eng64.sys -- (NAVENG)

DRV - [2013-04-13 01:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130412.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2012-09-23 14:00:29 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012-09-23 14:00:29 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/11'>http://g.uk.msn.com/HPCON/11

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{79153E2D-45DA-421C-8B0C-72FDB822BF41}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/11

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{7DBFC20B-65E7-4236-934C-8EB510B0BF21}: "URL" = http://search.privitize.com/?aff=7&q={searchTerms}

IE - HKCU\..\SearchScopes\{F1CF465B-769A-465C-8CB6-44E3229DA7DB}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=8B71011D-04DA-4581-BD04-04DB3F9CA1F1&apn_sauid=3AFD1368-28A1-40A0-BFF6-3D20311823B3

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Privitize VPN"

FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"

FF - prefs.js..browser.search.order.1: "Privitize VPN"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - prefs.js..keyword.URL: "http://search.privitize.com/?aff=7&q="

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alfred\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\ [2013-04-27 10:45:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn\ [2013-04-26 17:57:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-04-26 15:36:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-04-26 15:36:43 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012-08-17 18:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alfred\AppData\Roaming\mozilla\Extensions

[2012-12-22 19:19:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alfred\AppData\Roaming\mozilla\Firefox\Profiles\1acow5wu.default\extensions

[2012-12-09 13:01:16 | 000,002,089 | ---- | M] () -- C:\Users\Alfred\AppData\Roaming\mozilla\firefox\profiles\1acow5wu.default\searchplugins\Startpins.xml

[2013-04-23 16:29:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013-04-26 15:36:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013-04-26 15:36:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013-04-26 15:36:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

[2013-04-15 15:30:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}

[2013-04-15 15:30:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012-12-08 14:03:49 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml

[2012-08-31 14:01:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012-12-08 14:03:49 | 000,002,883 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml

[2012-12-08 14:03:49 | 000,001,161 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml

[2012-08-31 14:01:30 | 000,001,387 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml

[2012-08-31 14:01:30 | 000,001,164 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

 

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Program\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)

O4:64bit: - HKLM..\Run: [HPToneControl] C:\Program\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [saiVolume] C:\Program\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [Clownfish] File not found

O4 - HKCU..\Run: [Dxtory Update Checker 2.0] C:\Program Files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe (Dxtory Software)

O4 - HKCU..\Run: [Etaeai] C:\Users\Alfred\AppData\Roaming\Etaeai.exe File not found

O4 - HKCU..\Run: [spotify] C:\Users\Alfred\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)

O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Alfred\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - Startup: C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{006A6D28-0C51-4755-A745-5B7CE770DD66}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5560989C-5138-4886-A34C-2109281E5068}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013-04-26 17:54:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

[2013-04-26 17:39:04 | 000,000,000 | ---D | C] -- C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

[2013-04-24 18:46:18 | 000,000,000 | ---D | C] -- C:\Users\Alfred\AppData\Local\Programs

[2013-04-18 20:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab

[2013-04-18 20:18:28 | 000,000,000 | ---D | C] -- C:\Users\Alfred\SystemRequirementsLab

[2013-04-15 15:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013-04-12 20:53:02 | 000,046,280 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys

[2013-04-07 09:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013-04-03 14:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound

[2013-04-03 14:43:13 | 001,302,528 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll

[2013-04-03 14:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS

[2013-04-03 14:43:01 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2013-04-03 14:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL

[2013-04-03 14:43:00 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2013-04-03 14:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codemasters

[2013-04-03 01:15:32 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys

[2013-04-01 12:24:23 | 000,000,000 | ---D | C] -- C:\Users\Alfred\Documents\Adobe

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013-04-27 10:49:50 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013-04-27 10:49:50 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013-04-27 10:41:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013-04-27 10:41:40 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys

[2013-04-27 10:39:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013-04-26 17:55:36 | 000,001,255 | ---- | M] () -- C:\Users\Alfred\Desktop\Nortons installationsfiler.lnk

[2013-04-26 17:55:00 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2013-04-26 17:54:32 | 003,124,924 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\Cat.DB

[2013-04-26 17:52:28 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2013-04-26 17:52:28 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2013-04-26 17:52:28 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2013-04-12 20:53:02 | 000,046,280 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys

[2013-04-11 18:11:28 | 004,973,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013-04-10 13:50:02 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403010.016\isolate.ini

[2013-04-09 15:08:31 | 001,756,446 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013-04-09 15:08:31 | 000,727,056 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2013-04-09 15:08:31 | 000,717,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013-04-09 15:08:31 | 000,165,916 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2013-04-09 15:08:31 | 000,145,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013-04-03 14:43:01 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll

[2013-04-03 14:43:00 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll

[2013-04-03 01:15:32 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013-04-26 17:39:04 | 000,001,255 | ---- | C] () -- C:\Users\Alfred\Desktop\Nortons installationsfiler.lnk

[2012-12-08 15:39:08 | 000,081,368 | ---- | C] () -- C:\Users\Alfred\DetOfattbara.veg

[2012-11-11 11:42:53 | 000,002,812 | ---- | C] () -- C:\Users\Alfred\groups.yml

[2012-11-11 11:42:53 | 000,000,349 | ---- | C] () -- C:\Users\Alfred\users.yml

[2012-11-09 18:46:45 | 000,002,645 | ---- | C] () -- C:\Users\Alfred\groupss.yml

[2012-11-09 18:46:45 | 000,000,777 | ---- | C] () -- C:\Users\Alfred\userss.yml

[2012-11-01 00:50:41 | 000,003,982 | ---- | C] () -- C:\Users\Alfred\AppData\Local\recently-used.xbel

[2012-10-09 17:33:14 | 000,000,858 | ---- | C] () -- C:\Users\Alfred\Ipconfig.lnk

[2012-10-05 18:37:46 | 000,001,130 | ---- | C] () -- C:\Users\Alfred\Mozilla Firefox.lnk

[2012-09-21 21:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2012-09-21 21:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2012-09-21 21:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2012-09-08 20:37:10 | 001,735,232 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011-10-12 16:59:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011-10-12 16:51:32 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini

[2011-10-12 16:51:32 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

 

========== ZeroAccess Check ==========

 

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013-04-26 21:47:20 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\.minecraft

[2013-02-03 16:12:24 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\.techniclauncher

[2013-04-01 11:27:27 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Audacity

[2013-01-08 13:08:38 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\BitTorrent

[2012-09-18 17:24:21 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012-10-07 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Fighters

[2012-12-22 00:40:32 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Leadertech

[2012-09-27 14:40:07 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\LolClient

[2012-08-31 15:42:47 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Notepad++

[2013-03-04 19:44:49 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\PACE Anti-Piracy

[2012-09-18 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\PDAppFlex

[2012-08-24 22:49:47 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Publish Providers

[2012-08-25 09:50:47 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Sony

[2013-03-21 19:20:03 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Splitscreen Studios

[2013-04-27 10:43:15 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Spotify

[2012-09-17 17:16:38 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Trine2

[2012-08-17 21:51:21 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\TS3Client

[2012-09-15 17:46:32 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\Unity

[2012-10-12 17:25:49 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\wargaming.net

[2012-10-26 16:08:18 | 000,000,000 | ---D | M] -- C:\Users\Alfred\AppData\Roaming\WildTangent

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 1089 bytes -> C:\Users\Alfred\AppData\Local\zouhBctM:G3cZlbOFUoJnGJswevY

 

< End of report >

Länk till kommentar
Dela på andra webbplatser

1. Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

 

Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).

Kopiera alla raderna i rutan:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.privitize.com/?aff=7
IE - HKCU\..\SearchScopes\{7DBFC20B-65E7-4236-934C-8EB510B0BF21}: "URL" = http://search.privit...q={searchTerms}
IE - HKCU\..\SearchScopes\{F1CF465B-769A-465C-8CB6-44E3229DA7DB}: "URL" = http://websearch.ask...F6-3D20311823B3
FF - prefs.js..browser.search.defaultengine: "Privitize VPN"
FF - prefs.js..browser.search.defaultenginename: "Privitize VPN"
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..keyword.URL: "http://search.privitize.com/?aff=7&q="
[2012-12-09 13:01:16 | 000,002,089 | ---- | M] () -- C:\Users\Alfred\AppData\Roaming\mozilla\firefox\profiles\1acow5wu.default\searchplugins\Startpins.xml
[2013-04-26 15:36:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013-04-26 15:36:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013-04-15 15:30:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
O4 - HKCU..\Run: [Etaeai] C:\Users\Alfred\AppData\Roaming\Etaeai.exe File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
@Alternate Data Stream - 1089 bytes -> C:\Users\Alfred\AppData\Local\zouhBctM:G3cZlbOFUoJnGJswevY
:Commands
[CREATERESTOREPOINT]
[REBOOT]

Klistra in dem i rutan Custom Scans/Fixes. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Tryck på Run Fix.

Om du blir tillfrågad om att starta om datorn så gör det.

Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.

 

Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.

 

Se till att aktivera antivirusprogram mm innan du ansluter datorn till internet.

 

2. Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Scan

 

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

Länk till kommentar
Dela på andra webbplatser

Hej! Tack så jättemycket för all hjälp! Jag fick hjälp av en Norton Support med mitt account till norton, och då fixade han även mitt norton och tog bort Yontoo helt!

Men tack så jättemycket för hjälpen ändå!

/Alfred

Länk till kommentar
Dela på andra webbplatser

Ingen orsak :)

 

Observera att det åtminstone fanns en gammal Java-version i loggen (både i Firefox och i 64-bitars Internet Explorer) vilket gör det lätt att infektera datorn från en webbsida. De flesta behöver inte ha Java installerat så jag rekommenderar att du ser till att få bort alla. Om du märker att du trots allt skulle behöva Java så ladda ner från http://www.java.com/getjava/

 

Nu återstår avinstallationer av AdwCleaner och OTL:

 

1. Stäng alla program, inklusive webbläsare.

Dubbelklicka på AdwCleaner för att starta programmet.

Klicka på Uninstall-knappen.

 

2. Dubbelklicka på OTL för att starta programmet.

Tryck på knappen CleanUp! och OTL kommer att avinstalleras efter en omstart av datorn. Ta bort eventuella loggar.

 

3. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

 

4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/

Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

Länk till kommentar
Dela på andra webbplatser

Okej, då var det avinstallerat och klart!

Tack för hjälpen och jag återkommer på forumet ifall jag kommer med fler problem i framtiden!

/Alfred

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...