Hej

Hent og gem ComboFix på dit skrivebord.

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript

Killall::
Snapshot::
DDS::
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem. <- Vigtigt

Tag så fat i den nye fil med musen, og før den hen over ComboFix-filen, hvorefter du “giver slip” med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle ComboFix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Foreløbig tak - Nu ser det sådan ud:

ComboFix 11-12-16.01 - KPK 16-12-2011 16:18:23.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.45.1030.18.8173.6487 [GMT 1:00]
Kører fra: c:\users\KPK\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\KPK\Desktop\CFScript.txt
AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
FW: BullGuard Firewall *Disabled* {68747E43-7A47-EA26-053F-CB84640E3E67}
SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\users\KPK\AppData\Local\Temp\ppcrlui_2576_2
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-11-16 til 2011-12-16 )))))))))))))))))))))))))))))))))))
.
.
2011-12-16 15:22 . 2011-12-16 15:22   ————  d——-w-  c:\users\Default\AppData\Local\temp
2011-12-15 17:11 . 2011-12-15 17:11   ————  d——-w-  c:\program files (x86)\Common Files\Adobe
2011-12-14 20:21 . 2011-11-24 04:52   3145216   ——a-w-  c:\windows\system32\win32k.sys
2011-12-14 20:21 . 2011-10-15 06:31   723456   ——a-w-  c:\windows\system32\EncDec.dll
2011-12-14 20:21 . 2011-10-15 05:38   534528   ——a-w-  c:\windows\SysWow64\EncDec.dll
2011-12-14 20:21 . 2011-11-05 05:32   2048   ——a-w-  c:\windows\system32\tzres.dll
2011-12-14 20:21 . 2011-11-05 04:26   2048   ——a-w-  c:\windows\SysWow64\tzres.dll
2011-12-13 12:59 . 2011-12-13 12:59   ————  d——-w-  c:\users\KPK\AppData\Roaming\Malwarebytes
2011-12-13 12:59 . 2010-04-29 14:39   38224   ——a-w-  c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-13 12:59 . 2011-12-13 12:59   ————  d——-w-  c:\program files (x86)\Malwarebytes’ Anti-Malware
2011-12-13 12:59 . 2011-12-13 12:59   ————  d——-w-  c:\programdata\Malwarebytes
2011-12-13 12:59 . 2010-04-29 14:39   24664   ——a-w-  c:\windows\system32\drivers\mbam.sys
2011-12-13 12:37 . 2011-12-13 12:38   ————  d——-w-  c:\program files\CCleaner
2011-12-08 19:25 . 2011-12-15 09:30   ————  d——-w-  c:\program files (x86)\JDownloader
2011-12-08 18:02 . 2011-12-08 19:24   ————  d——-w-  c:\program files (x86)\Safari
2011-12-07 02:01 . 2011-12-07 02:01   ————  d——-w-  c:\users\Default\AppData\Local\Microsoft Help
2011-11-27 12:40 . 2011-11-27 12:40   ————  d——-w-  c:\program files\iTunes
2011-11-27 12:40 . 2011-11-27 12:40   ————  d——-w-  c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-04 16:09 . 2011-05-19 09:10   414368   ——a-w-  c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 09:59 . 2011-11-10 09:59   98648   ——a-w-  c:\windows\system32\BGLsp.dll
2011-11-10 09:59 . 2011-11-10 09:59   82776   ——a-w-  c:\windows\SysWow64\BGLsp.dll
2011-10-24 13:29 . 2011-10-24 13:29   94208   ——a-w-  c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29   69632   ——a-w-  c:\windows\SysWow64\QuickTime.qts
2011-09-29 16:29 . 2011-11-09 11:01   1923952   ——a-w-  c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“AnyDVD”=“c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe” [2011-06-17 5140088]
“Spotify”=“c:\users\KPK\AppData\Roaming\Spotify\Spotify.exe” [2011-11-14 6860960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
“BCU”=“c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe” [2010-03-05 411864]
“NUSB3MON”=“c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe” [2010-04-27 113288]
“ASUSGamerOSD”=“c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe” [2009-07-30 380928]
“ConnectionCenter”=“c:\program files (x86)\Citrix\ICA Client\concentr.exe” [2009-09-12 103768]
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe” [2011-04-08 254696]
“BCSSync”=“c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe” [2010-03-13 91520]
“APSDaemon”=“c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe” [2011-11-01 59240]
“QuickTime Task”=“c:\program files (x86)\QuickTime\QTTask.exe” [2011-10-24 421888]
“iTunesHelper”=“c:\program files (x86)\iTunes\iTunesHelper.exe” [2011-11-12 421736]
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2011-06-06 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-5-14 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=c:\windows\System32\BgGamingMonitor.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
“mixer3”=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@=“Service”
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@=“Service”
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R3 BgRaSvc;BgRaSvc;c:\program files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe [2011-07-05 161112]
R3 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2011-11-10 341848]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [x]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys [x]
S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2011-09-18 382808]
S2 BsBrowser;BullGuard antiphishing service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2011-07-05 392536]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-19 235624]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [2011-02-18 245760]
S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper   REG_MULTI_SZ     nosGetPlusHelper
.
.
————- x86-64—————-
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Bluetooth Connection Assistant”=“LBTWIZ.EXE -silent” [X]
“RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RAVCpl64.exe” [2010-11-19 11613288]
“BullGuard”=“c:\program files\BullGuard Ltd\BullGuard\bullguard.exe” [2011-07-05 1696088]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“LoadAppInit_DLLs”=0x1
“AppInit_DLLs”=c:\windows\System32\BgGamingMonitor.dll
.
———- Yderligere scanning———-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.dk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter; til Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: S&end; til OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - TOMME GENVEJE FJERNET - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
.
[HKEY_USERS\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
“Progid”=“WindowsLiveMail.Email.1”
.
[HKEY_USERS\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
“Progid”=“WindowsLiveMail.VCard.1”
.
[HKEY_USERS\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*v*i*ˆ-+\OpenWithList]
@Class=“Shell”
“a”=“vlc.exe”
“MRUList”=“a”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=”@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
“Enabled”=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx”
“ThreadingModel”=“Apartment”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@=“0”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@=“ShockwaveFlash.ShockwaveFlash.10”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@=”{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@=“1.0”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=“ShockwaveFlash.ShockwaveFlash”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx”
“ThreadingModel”=“Apartment”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@=“FlashFactory.FlashFactory.1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@=”{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@=“1.0”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=“FlashFactory.FlashFactory”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@=”{00020424-0000-0000-C000-000000000046}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
“Solution”=”{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}”
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
“Key”=“ActionsPane3”
“Location”=“c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd”
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
————————————Andre kørende processer————————————
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ASDR.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Gennemført tid: 2011-12-16 16:25:28 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2011-12-16 15:25
.
Pre-Kørsel: 449.271.230.464 byte ledig
Post-Kørsel: 449.138.057.216 byte ledig
.
- - End Of File - - 63C82661E386F63A702FCCB6CCCFFD49

Det ser fint ud herfra, men hvordan ser det ud hos dog

Nye faner i Explorer starter fortsat i Facemoods. Er det ikke en malware ?

Det var en skam, men la’ os prøve en anden scanner.

Download OTL af OldTimer og gem den på dit skrivebord.

Start OTL

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

Øverst sætter du flueben i “Scan All Users”

I nederste højre hjørne af det øverste panel, sæt fluben ved “LOP Check” og “Purity Check”.

Luk alle åbne vinduer og klik på “Run Scan” øverst til venstre og lad programmet køre. Scanningen kan tage 5-10 minutter.

Det vil give to logfiler på skrivebordet, OTL.txt og Extras.txt.

Så kopier følgende ind i dit næste indlæg (i rækkefølge):

indholdet af OTL.txt
indholdet af Extras.txt

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.

PS Er det kun Internet Explorer det drejer sig om

Jeg oplever kun noget i forbindelse med Explorer. Men min maskine har også genstartet et par gange.

OTL logfile created on: 16-12-2011 19:52:13 - Run 1
OTL by OldTimer - Version 3.2.31.0   Folder = C:\Users\KPK\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

7,98 Gb Total Physical Memory | 6,56 Gb Available Physical Memory | 82,14% Memory free
15,96 Gb Paging File | 13,74 Gb Available in Paging File | 86,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 418,16 Gb Free Space | 89,80% Space Free | Partition Type: NTFS

Computer Name: KPK-PC | User Name: KPK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-12-16 19:50:45 | 000,584,192 |——| M] (OldTimer Tools)—C:\Users\KPK\Desktop\OTL.exe
PRC - [2011-12-04 17:08:59 | 000,247,968 |——| M] (Adobe Systems, Inc.)—C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011-06-17 15:24:56 | 005,140,088 |——| M] (SlySoft, Inc.)—C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2011-06-08 08:06:34 | 000,152,408 |——| M] (BullGuard Ltd.)—C:\Programmer\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe
PRC - [2011-06-06 12:55:28 | 000,064,952 |——| M] (Adobe Systems Incorporated)—C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011-04-08 11:59:52 | 000,507,624 |——| M] (Sun Microsystems, Inc.)—C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011-02-18 07:18:50 | 000,245,760 |——| M] ()—C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
PRC - [2010-12-20 17:24:38 | 002,656,280 |——| M] (Intel Corporation)—C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010-12-20 17:24:36 | 000,325,656 |——| M] (Intel Corporation)—C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010-11-21 04:24:27 | 000,257,536 |——| M] (Microsoft Corporation)—C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010-08-19 06:12:52 | 000,235,624 |——| M] (NVIDIA Corporation)—C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010-04-27 03:09:52 | 000,113,288 |——| M] (Renesas Electronics Corporation)—C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010-03-05 09:15:12 | 000,235,752 |——| M] (DeviceVM, Inc.)—C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2010-03-05 09:15:04 | 000,411,864 |——| M] (DeviceVM, Inc.)—C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009-09-12 22:09:10 | 000,103,768 |——| M] (Citrix Systems, Inc.)—C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009-09-12 22:09:04 | 000,550,232 |——| M] (Citrix Systems, Inc.)—C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009-07-30 17:10:04 | 000,380,928 |——| M] (ASUSTeK Computer Inc.)—C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe
PRC - [2009-07-27 10:13:28 | 000,061,440 |——| M] ()—C:\Windows\SysWOW64\ASDR.exe
PRC - [2009-07-20 03:00:00 | 000,077,824 |——| M] ()—C:\Programmer\Logitech\SetPoint\x86\SetPoint32.exe


========== Modules (No Company Name) ==========

MOD - [2011-10-13 02:24:14 | 012,433,408 |——| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011-10-13 02:24:10 | 001,587,200 |——| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011-10-13 02:24:08 | 000,025,600 |——| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011-10-13 02:23:57 | 005,453,312 |——| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011-10-13 02:23:55 | 000,971,264 |——| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011-10-13 02:23:54 | 007,963,648 |——| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011-10-13 02:23:48 | 011,490,304 |——| M] ()—C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011-06-24 21:56:36 | 000,087,328 |——| M] ()—C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-06-24 21:56:14 | 001,241,888 |——| M] ()—C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011-05-13 18:35:10 | 000,450,392 |——| M] ()—C:\Programmer\BullGuard Ltd\BullGuard\Files32\SQLite.dll
MOD - [2009-07-31 20:39:08 | 000,503,202 |——| M] ()—C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009-07-20 03:00:00 | 000,077,824 |——| M] ()—C:\Programmer\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2009-04-29 19:46:20 | 001,077,248 |——| M] ()—C:\Program Files (x86)\ASUS\GamerOSD\ImageTransform.dll
MOD - [2009-02-17 17:22:16 | 000,184,320 |——| M] ()—C:\Program Files (x86)\ASUS\GamerOSD\AudioOnVistaDLL.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-07-05 14:49:16 | 000,161,112 |——| M] (BullGuard Ltd.) [On_Demand | Stopped]—C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe—(BgRaSvc)
SRV:64bit: - [2010-09-22 17:10:10 | 000,057,184 |——| M] (Microsoft Corporation) [Disabled | Stopped]—C:\Program Files\Windows Live\Mesh\wlcrasvc.exe—(wlcrasvc)
SRV:64bit: - [2009-12-01 13:22:58 | 000,063,488 |——| M] (ASUSTeK COMPUTER INC.) [Auto | Running]—C:\Windows\SysNative\ATKFUSService.exe—(ATKFUSService)
SRV - [2011-11-10 10:59:33 | 000,709,976 |——| M] (BullGuard Ltd.) [Auto | Running]—C:\Programmer\BullGuard Ltd\BullGuard\BsFire.dll—(BsFire)
SRV - [2011-11-10 10:59:33 | 000,341,848 |——| M] (BullGuard Ltd.) [On_Demand | Running]—C:\Programmer\BullGuard Ltd\BullGuard\BullGuardScanner.exe—(BsScanner)
SRV - [2011-09-28 10:14:34 | 000,425,304 |——| M] (BullGuard Ltd.) [Auto | Running]—C:\Programmer\BullGuard Ltd\BullGuard\BsFileScan.dll—(BsFileScan)
SRV - [2011-09-18 15:07:22 | 000,382,808 |——| M] (BullGuard Ltd.) [Auto | Running]—C:\Programmer\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe—(BsBhvScan)
SRV - [2011-09-18 15:07:22 | 000,260,440 |——| M] (BullGuard Ltd.) [Auto | Running]—C:\Programmer\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll—(BsMailProxy)
SRV - [2011-07-05 14:49:17 | 000,087,896 |——| M] (BullGuard Ltd.) [Auto | Running]—C:\Programmer\BullGuard Ltd\BullGuard\BsBrowser.dll—(BsBrowser)
SRV - [2011-07-05 14:49:15 | 000,261,976 |——| M] (BullGuard Ltd.) [Auto | Running]—C:\Programmer\BullGuard Ltd\BullGuard\BsMain.dll—(BsMain)
SRV - [2011-07-05 14:46:11 | 000,392,536 |——| M] (BullGuard Ltd.) [Auto | Running]—C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe—(BsUpdate)
SRV - [2011-06-06 12:55:28 | 000,064,952 |——| M] (Adobe Systems Incorporated) [Auto | Running]—C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe—(AdobeARMservice)
SRV - [2011-02-18 07:18:50 | 000,245,760 |——| M] () [Auto | Running]—C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe—(UsbClientService)
SRV - [2010-12-20 17:24:38 | 002,656,280 |——| M] (Intel Corporation) [Auto | Running]—C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe—(UNS) Intel(R)
SRV - [2010-12-20 17:24:36 | 000,325,656 |——| M] (Intel Corporation) [Auto | Running]—C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe—(LMS) Intel(R)
SRV - [2010-08-19 06:12:52 | 000,235,624 |——| M] (NVIDIA Corporation) [Auto | Running]—C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe—(Stereo Service)
SRV - [2010-03-18 12:16:28 | 000,130,384 |——| M] (Microsoft Corporation) [Auto | Stopped]—C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe—(clr_optimization_v4.0.30319_32)
SRV - [2010-03-05 09:15:12 | 000,235,752 |——| M] (DeviceVM, Inc.) [Auto | Running]—C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe—(BCUService)
SRV - [2009-07-27 10:13:28 | 000,061,440 |——| M] () [Auto | Running]—C:\Windows\SysWOW64\ASDR.exe—(ASDR)
SRV - [2009-07-20 11:36:14 | 000,160,784 |——| M] (Logitech, Inc.) [Auto | Running]—C:\Programmer\Common Files\Logishrd\Bluetooth\LBTServ.exe—(LBTServ)
SRV - [2009-06-10 22:23:09 | 000,066,384 |——| M] (Microsoft Corporation) [Disabled | Stopped]—C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe—(clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-06-09 22:05:13 | 000,138,872 |——| M] (SlySoft, Inc.) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\AnyDVD.sys—(AnyDVD)
DRV:64bit: - [2011-05-13 18:35:14 | 000,255,560 |——| M] (NovaShield, Inc.) [File_System | System | Running]—C:\Windows\SysNative\drivers\NSKernel.sys—(NovaShieldFilterDriver)
DRV:64bit: - [2011-05-13 18:35:14 | 000,025,160 |——| M] (NovaShield, Inc.) [Kernel | System | Running]—C:\Windows\SysNative\drivers\NSNetmon.sys—(NovaShieldTDIDriver)
DRV:64bit: - [2011-05-13 18:35:12 | 000,066,272 |——| M] (BullGuard Ltd.) [File_System | System | Running]—C:\Windows\SysNative\drivers\BdSpy.sys—(BdSpy)
DRV:64bit: - [2011-05-13 18:35:11 | 000,284,232 |——| M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped]—C:\Windows\SysNative\drivers\Trufos.sys—(Trufos)
DRV:64bit: - [2011-05-13 17:46:42 | 000,016,384 |——| M] (ASUSTeK Computer Inc.) [Kernel | System | Running]—C:\Windows\SysNative\drivers\EIO64.sys—(EIO64)
DRV:64bit: - [2011-05-10 07:06:08 | 000,051,712 |——| M] (Apple, Inc.) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\usbaapl64.sys—(USBAAPL64)
DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 |——| M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\amdsata.sys—(amdsata)
DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 |——| M] (Advanced Micro Devices) [Kernel | Boot | Running]—C:\Windows\SysNative\drivers\amdxata.sys—(amdxata)
DRV:64bit: - [2011-02-18 07:20:34 | 000,056,160 |——| M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\busenum.sys—(busenum)
DRV:64bit: - [2010-12-16 23:58:14 | 000,040,816 |——| M] (Elaborate Bytes AG) [Kernel | System | Running]—C:\Windows\SysNative\drivers\ElbyCDIO.sys—(ElbyCDIO)
DRV:64bit: - [2010-11-21 04:24:33 | 000,059,392 |——| M] (Microsoft Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\TsUsbFlt.sys—(TsUsbFlt)
DRV:64bit: - [2010-11-21 04:23:47 | 000,078,720 |——| M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\HpSAMD.sys—(HpSAMD)
DRV:64bit: - [2010-11-21 04:23:47 | 000,031,232 |——| M] (Microsoft Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\TsUsbGD.sys—(TsUsbGD)
DRV:64bit: - [2010-10-19 15:34:26 | 000,056,344 |——| M] (Intel Corporation) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\HECIx64.sys—(MEIx64) Intel(R)
DRV:64bit: - [2010-10-12 11:04:22 | 000,424,040 |——| M] (Agnitum Ltd.) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\afwcore.sys—(afwcore)
DRV:64bit: - [2010-10-12 11:04:22 | 000,039,528 |——| M] (Agnitum Ltd.) [Kernel | System | Running]—C:\Windows\SysNative\drivers\afw.sys—(AFW)
DRV:64bit: - [2010-09-22 23:36:48 | 000,048,488 |——| M] (Microsoft Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\fssfltr.sys—(fssfltr)
DRV:64bit: - [2010-06-21 23:07:36 | 000,131,688 |——| M] (NVIDIA Corporation) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\nvhda64v.sys—(NVHDA)
DRV:64bit: - [2010-05-20 05:09:50 | 000,239,616 |——| M] (Realtek                             ) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\Rt64win7.sys—(RTL8167)
DRV:64bit: - [2010-04-27 02:30:52 | 000,184,968 |——| M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\nusb3xhc.sys—(nusb3xhc)
DRV:64bit: - [2010-04-27 02:29:54 | 000,083,080 |——| M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\nusb3hub.sys—(nusb3hub)
DRV:64bit: - [2010-02-22 14:46:36 | 000,023,680 |——| M] (ASUSTeK Computer Inc.) [Kernel | Disabled | Running]—C:\Windows\SysNative\drivers\IOMap64.sys—(IOMap)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 |——| M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\amdsbs.sys—(amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 |——| M] (LSI Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\lsi_sas2.sys—(LSI_SAS2)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 |——| M] (Promise Technology) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\stexstor.sys—(stexstor)
DRV:64bit: - [2009-06-17 17:54:30 | 000,057,872 |——| M] (Logitech, Inc.) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\LMouFilt.Sys—(LMouFilt)
DRV:64bit: - [2009-06-17 17:54:22 | 000,055,312 |——| M] (Logitech, Inc.) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\LHidFilt.Sys—(LHidFilt)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 |——| M] (Broadcom Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\evbda.sys—(ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 |——| M] (Broadcom Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\bxvbda.sys—(b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 |——| M] (Broadcom Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\b57nd60a.sys—(b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 |——| M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\hcw85cir.sys—(hcw85cir)
DRV:64bit: - [2009-05-18 12:17:08 | 000,034,152 |——| M] (GEAR Software Inc.) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\GEARAspiWDM.sys—(GEARAspiWDM)
DRV:64bit: - [2009-02-17 17:22:22 | 000,039,424 |——| M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\ATKDispLowFilter.sys—(atkdisplf)
DRV:64bit: - [2009-02-17 17:22:22 | 000,017,792 |——| M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\asusgsb.sys—(asusgsb)
DRV:64bit: - [2007-01-12 17:43:40 | 000,037,552 |——| M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\frmupgr.sys—(DFUBTUSB)
DRV - [2011-06-09 22:05:13 | 000,138,872 |——| M] (SlySoft, Inc.) [Kernel | On_Demand | Running]—C:\Windows\SysWOW64\drivers\AnyDVD.sys—(AnyDVD)
DRV - [2009-07-14 02:19:10 | 000,019,008 |——| M] (Microsoft Corporation) [File_System | On_Demand | Stopped]—C:\Windows\SysWOW64\drivers\wimmount.sys—(WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0



IE - HKU\S-1-5-21-3633746016-3117857291-1390477322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKU\S-1-5-21-3633746016-3117857291-1390477322-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@Citrix.com/npagee64,version=9.3.47.5: C:\Program Files\Citrix\Secure Access Client\npagee64.dll (Citrix Systems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.3.47.5: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\ [2011-08-22 14:51:34 | 000,000,000 |—-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin [2011-05-13 18:08:42 | 000,000,000 |—-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter [2011-05-13 18:08:39 | 000,000,000 |—-D | M]

[2011-12-08 20:26:31 | 000,002,048 |——| M] ()—C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

O1 HOSTS File: ([2011-12-16 16:23:19 | 000,000,027 |——| M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1     localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programmer\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (BullGuard Safe Browsing) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Programmer\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (BullGuard Safe Browsing) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Programmer\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O3 - HKU\S-1-5-21-3633746016-3117857291-1390477322-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4:64bit: - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe (BullGuard Ltd.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-21-3633746016-3117857291-1390477322-1000..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-3633746016-3117857291-1390477322-1000..\Run: [Spotify] C:\Users\KPK\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3633746016-3117857291-1390477322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: S&end; til OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: S&end; til OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programmer\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programmer\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmer\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmer\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programmer\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.bankdata.dk/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50202FC4-429F-4275-A706-595762645CBA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\bglink {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Programmer\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\bglink {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Programmer\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\BgGamingMonitor.dll) - C:\Windows\SysNative\BgGamingMonitor.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (C:\Windows\System32\BgGamingMonitor.dll) -C:\Windows\SysWOW64\BgGamingMonitor.dll (BullGuard Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programmer\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open]—“%1” %*
O35:64bit: - HKLM\..exefile [open]—“%1” %*
O35 - HKLM\..comfile [open]—“%1” %*
O35 - HKLM\..exefile [open]—“%1” %*
O37:64bit: - HKLM\...com [@ = ComFile]—“%1” %*
O37:64bit: - HKLM\...exe [@ = exefile]—“%1” %*
O37 - HKLM\...com [@ = ComFile]—“%1” %*
O37 - HKLM\...exe [@ = exefile]—“%1” %*

========== Files/Folders - Created Within 30 Days ==========

[2011-12-16 19:50:41 | 000,584,192 |——| C] (OldTimer Tools)—C:\Users\KPK\Desktop\OTL.exe
[2011-12-16 16:31:10 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{30726F70-0C78-4E1F-AA33-4E1368A15874}
[2011-12-16 16:30:59 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{454F44FB-23DC-47F2-A398-6C1C5D569C99}
[2011-12-16 16:25:30 | 000,000,000 |—-D | C]—C:\Windows\temp
[2011-12-16 16:23:36 | 000,000,000 | -HSD | C]—C:\$RECYCLE.BIN
[2011-12-16 16:17:17 | 000,518,144 |——| C] (SteelWerX)—C:\Windows\SWREG.exe
[2011-12-16 16:17:17 | 000,406,528 |——| C] (SteelWerX)—C:\Windows\SWSC.exe
[2011-12-16 16:17:17 | 000,060,416 |——| C] (NirSoft)—C:\Windows\NIRCMD.exe
[2011-12-16 16:17:10 | 000,000,000 |—-D | C]—C:\Windows\ERDNT
[2011-12-16 16:16:08 | 000,000,000 |—-D | C]—C:\Qoobox
[2011-12-16 16:09:45 | 004,340,701 | R—- | C] (Swearware)—C:\Users\KPK\Desktop\ComboFix.exe
[2011-12-16 16:08:33 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{8CA13419-28B4-4E02-A054-650034E71BD7}
[2011-12-16 16:08:21 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{671887C1-42E9-4FB8-8934-8F4AAA8251EA}
[2011-12-15 18:11:47 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Common Files\Adobe
[2011-12-15 18:11:47 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Adobe
[2011-12-15 18:11:31 | 000,000,000 |—-D | C]—C:\Config.Msi
[2011-12-15 06:52:31 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{DB413BBB-F5A3-4F5A-996C-DB781B354FF6}
[2011-12-15 06:52:20 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{1D55895F-9DA4-4A05-92C8-F4477FE00442}
[2011-12-14 21:22:26 | 000,043,520 |——| C] (Microsoft Corporation)—C:\Windows\SysNative\csrsrv.dll
[2011-12-14 21:22:21 | 000,702,464 |——| C] (Microsoft Corporation)—C:\Windows\SysNative\msfeeds.dll
[2011-12-14 21:22:21 | 000,247,808 |——| C] (Microsoft Corporation)—C:\Windows\SysNative\ieui.dll
[2011-12-14 21:22:21 | 000,176,640 |——| C] (Microsoft Corporation)—C:\Windows\SysWow64\ieui.dll
[2011-12-14 21:22:20 | 000,134,144 |——| C] (Microsoft Corporation)—C:\Windows\SysNative\url.dll
[2011-12-14 21:22:20 | 000,132,096 |——| C] (Microsoft Corporation)—C:\Windows\SysWow64\url.dll
[2011-12-14 21:22:20 | 000,097,280 |——| C] (Microsoft Corporation)—C:\Windows\SysNative\mshtmled.dll
[2011-12-14 21:22:20 | 000,067,072 |——| C] (Microsoft Corporation)—C:\Windows\SysWow64\mshtmled.dll
[2011-12-14 21:21:33 | 000,723,456 |——| C] (Microsoft Corporation)—C:\Windows\SysNative\EncDec.dll
[2011-12-14 21:21:33 | 000,534,528 |——| C] (Microsoft Corporation)—C:\Windows\SysWow64\EncDec.dll
[2011-12-14 16:12:42 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{B12FDF16-9F5D-4DFC-99D6-DDA6C8A9FCAF}
[2011-12-14 16:12:30 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{6DA0F000-B287-447B-AD7B-B34AED56B770}
[2011-12-14 06:36:27 | 000,000,000 |—-D | C]—C:\Windows\Minidump
[2011-12-13 20:23:32 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{68B666F5-6F6B-4FE0-87C9-BF9DF71EF010}
[2011-12-13 20:23:21 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{C907C070-3ABA-4695-87C6-0E3BBB02A3DE}
[2011-12-13 13:59:53 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Roaming\Malwarebytes
[2011-12-13 13:59:47 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes’ Anti-Malware
[2011-12-13 13:59:44 | 000,038,224 |——| C] (Malwarebytes Corporation)—C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011-12-13 13:59:43 | 000,024,664 |——| C] (Malwarebytes Corporation)—C:\Windows\SysNative\drivers\mbam.sys
[2011-12-13 13:59:43 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Malwarebytes’ Anti-Malware
[2011-12-13 13:59:43 | 000,000,000 |—-D | C]—C:\ProgramData\Malwarebytes
[2011-12-13 13:37:56 | 000,000,000 |—-D | C]—C:\Program Files\CCleaner
[2011-12-13 13:36:16 | 000,000,000 |—-D | C]—C:\Users\KPK\Desktop\SWF
[2011-12-09 13:17:17 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{F8E311BF-3093-4187-A74C-CC4C1FB60F94}
[2011-12-09 13:17:05 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{EF5FB508-77C6-452E-A740-6FB247F71CAB}
[2011-12-08 20:26:30 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Mozilla Firefox
[2011-12-08 20:25:08 | 000,000,000 |—-D | C]—C:\Program Files (x86)\JDownloader
[2011-12-08 19:02:25 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Safari
[2011-12-07 14:53:55 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{C622ABD5-78BF-44B7-91E2-7E3DCD531FE0}
[2011-12-07 14:53:43 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{224199E1-D2AE-4DAA-8022-47FFA8F87854}
[2011-12-04 20:27:21 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{9904024F-5C96-4423-85C8-AC550D80BCD4}
[2011-12-04 20:27:10 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{1244B1F9-291E-4704-A9F0-3E59E253B286}
[2011-11-27 15:43:00 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{A68A8B4F-3E96-4E10-A518-F23029B696F1}
[2011-11-27 15:42:49 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{A42CA1DF-D173-4A1D-B103-34429CE4816C}
[2011-11-27 13:40:54 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011-11-27 13:40:01 | 000,000,000 |—-D | C]—C:\Program Files\iTunes
[2011-11-27 13:40:01 | 000,000,000 |—-D | C]—C:\Program Files\iPod
[2011-11-23 16:25:22 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{5CA22225-8E5E-4D80-86EC-9490EA03B727}
[2011-11-23 16:25:10 | 000,000,000 |—-D | C]—C:\Users\KPK\AppData\Local\{8C2F858F-0F8D-4773-8C79-408536B029A3}

========== Files - Modified Within 30 Days ==========

[2011-12-16 19:50:45 | 000,584,192 |——| M] (OldTimer Tools)—C:\Users\KPK\Desktop\OTL.exe
[2011-12-16 19:48:43 | 000,067,584 |—S- | M] ()—C:\Windows\bootstat.dat
[2011-12-16 16:36:51 | 000,022,080 | -H—| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-12-16 16:36:51 | 000,022,080 | -H—| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-12-16 16:33:56 | 001,264,910 |——| M] ()—C:\Windows\SysNative\PerfStringBackup.INI
[2011-12-16 16:33:56 | 000,615,810 |——| M] ()—C:\Windows\SysNative\perfh009.dat
[2011-12-16 16:33:56 | 000,470,086 |——| M] ()—C:\Windows\SysNative\perfh006.dat
[2011-12-16 16:33:56 | 000,106,190 |——| M] ()—C:\Windows\SysNative\perfc009.dat
[2011-12-16 16:33:56 | 000,079,720 |——| M] ()—C:\Windows\SysNative\perfc006.dat
[2011-12-16 16:29:32 | 2132,738,047 | -HS- | M] ()—C:\hiberfil.sys
[2011-12-16 16:23:19 | 000,000,027 |——| M] ()—C:\Windows\SysNative\drivers\etc\hosts
[2011-12-16 16:09:54 | 004,340,701 | R—- | M] (Swearware)—C:\Users\KPK\Desktop\ComboFix.exe
[2011-12-15 18:11:54 | 000,002,019 |——| M] ()—C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011-12-15 03:21:10 | 000,414,584 |——| M] ()—C:\Windows\SysNative\FNTCACHE.DAT
[2011-12-14 06:36:25 | 670,179,536 |——| M] ()—C:\Windows\MEMORY.DMP
[2011-12-04 17:09:00 | 000,414,368 |——| M] (Adobe Systems Incorporated)—C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011-11-27 18:38:35 | 000,000,043 | -HS- | M] ()—C:\ProgramData\.zreglib
[2011-11-27 13:40:54 | 000,001,783 |——| M] ()—C:\Users\Public\Desktop\iTunes.lnk
[2011-11-20 17:12:49 | 000,000,907 |——| M] ()—C:\Users\KPK\Desktop\Spotify.lnk
[2011-11-17 14:59:42 | 000,089,672 |——| M] ()—C:\Users\KPK\Desktop\De unges socialisering-time hjælp til opgave(15_11)

========== Files Created - No Company Name ==========

[2011-12-16 16:17:17 | 000,256,000 |——| C] ()—C:\Windows\PEV.exe
[2011-12-16 16:17:17 | 000,208,896 |——| C] ()—C:\Windows\MBR.exe
[2011-12-16 16:17:17 | 000,098,816 |——| C] ()—C:\Windows\sed.exe
[2011-12-16 16:17:17 | 000,080,412 |——| C] ()—C:\Windows\grep.exe
[2011-12-16 16:17:17 | 000,068,096 |——| C] ()—C:\Windows\zip.exe
[2011-12-15 18:11:54 | 000,002,441 |——| C] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011-12-15 18:11:54 | 000,002,019 |——| C] ()—C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011-12-14 06:36:25 | 670,179,536 |——| C] ()—C:\Windows\MEMORY.DMP
[2011-12-08 19:02:46 | 000,002,503 |——| C] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011-11-27 13:40:54 | 000,001,783 |——| C] ()—C:\Users\Public\Desktop\iTunes.lnk
[2011-11-17 14:59:42 | 000,089,672 |——| C] ()—C:\Users\KPK\Desktop\De unges socialisering-time hjælp til opgave(15_11)
[2011-06-13 14:45:03 | 000,000,043 | -HS- | C] ()—C:\ProgramData\.zreglib
[2011-05-13 17:46:25 | 000,761,856 |——| C] ()—C:\Windows\SysWow64\xvidcore.dll
[2011-05-13 17:46:25 | 000,180,224 |——| C] ()—C:\Windows\SysWow64\xvidvfw.dll
[2011-05-13 17:46:25 | 000,053,248 |——| C] ()—C:\Windows\SysWow64\asrussian.dll
[2011-05-13 17:46:25 | 000,053,248 |——| C] ()—C:\Windows\SysWow64\askorean.dll
[2011-05-13 17:46:25 | 000,053,248 |——| C] ()—C:\Windows\SysWow64\asjapan.dll
[2011-05-13 17:46:25 | 000,053,248 |——| C] ()—C:\Windows\SysWow64\asgerman.dll
[2011-05-13 17:46:25 | 000,053,248 |——| C] ()—C:\Windows\SysWow64\asfrench.dll
[2011-05-13 17:46:25 | 000,053,248 |——| C] ()—C:\Windows\SysWow64\aseng.dll
[2011-05-13 17:46:25 | 000,053,248 |——| C] ()—C:\Windows\SysWow64\ASCHT.dll
[2011-05-13 17:46:25 | 000,053,248 |——| C] ()—C:\Windows\SysWow64\aschs.dll
[2011-05-13 17:27:26 | 000,001,769 |——| C] ()—C:\Windows\Language_trs.ini
[2011-05-13 17:27:21 | 000,021,576 |——| C] ()—C:\Windows\Ascd_tmp.ini
[2009-07-27 10:13:28 | 000,061,440 |——| C] ()—C:\Windows\SysWow64\ASDR.exe
[2009-07-14 06:38:36 | 000,067,584 |—S- | C] ()—C:\Windows\bootstat.dat
[2009-07-14 03:35:51 | 000,000,741 |——| C] ()—C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 03:34:42 | 000,215,943 |——| C] ()—C:\Windows\SysWow64\dssec.dat
[2009-07-14 01:10:29 | 000,043,131 |——| C] ()—C:\Windows\mib.bin
[2009-07-14 00:42:10 | 000,064,000 |——| C] ()—C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:03:59 | 000,364,544 |——| C] ()—C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 22:26:10 | 000,673,088 |——| C] ()—C:\Windows\SysWow64\mlang.dat
[2009-04-02 13:30:14 | 000,010,296 |——| C] ()—C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2011-05-13 18:34:50 | 000,000,000 |—-D | M]—C:\Users\KPK\AppData\Roaming\BullGuard
[2011-05-13 17:34:33 | 000,000,000 |—-D | M]—C:\Users\KPK\AppData\Roaming\DeviceVm
[2011-06-13 14:40:29 | 000,000,000 |—-D | M]—C:\Users\KPK\AppData\Roaming\Elaborate Bytes
[2011-05-23 14:12:36 | 000,000,000 |—-D | M]—C:\Users\KPK\AppData\Roaming\ICAClient
[2011-05-23 05:38:54 | 000,000,000 |—-D | M]—C:\Users\KPK\AppData\Roaming\Juniper Networks
[2011-05-14 09:50:05 | 000,000,000 |—-D | M]—C:\Users\KPK\AppData\Roaming\Leadertech
[2011-07-30 18:41:24 | 000,000,000 |—-D | M]—C:\Users\KPK\AppData\Roaming\Main
[2011-05-13 18:34:50 | 000,000,000 |—-D | M]—C:\Users\KPK\AppData\Roaming\Software Inspection Library
[2011-12-16 16:30:24 | 000,000,000 |—-D | M]—C:\Users\KPK\AppData\Roaming\Spotify
[2011-12-15 10:33:17 | 000,000,000 |—-D | M]—C:\Users\KPK\AppData\Roaming\uTorrent
[2011-05-27 13:54:00 | 000,000,000 |—-D | M]—C:\Users\KPK\AppData\Roaming\Windows Live Writer
[2009-07-14 06:08:49 | 000,030,714 |——| M] ()—C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 16-12-2011 19:52:13 - Run 1
OTL by OldTimer - Version 3.2.31.0   Folder = C:\Users\KPK\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

7,98 Gb Total Physical Memory | 6,56 Gb Available Physical Memory | 82,14% Memory free
15,96 Gb Paging File | 13,74 Gb Available in Paging File | 86,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 418,16 Gb Free Space | 89,80% Space Free | Partition Type: NTFS

Computer Name: KPK-PC | User Name: KPK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut]—C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile]—C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open]—“%1” %*
cmdfile [open]—“%1” %*
comfile [open]—“%1” %*
exefile [open]—“%1” %*
helpfile [open]—Reg Error: Key error.
htmlfile [print]—rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML “%1” (Microsoft Corporation)
inffile [install]—%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open]—“C:\Windows\System32\rundll32.exe” “C:\Windows\System32\ieframe.dll”,OpenURL %l (Microsoft Corporation)
InternetShortcut [print]—“C:\Windows\System32\rundll32.exe” “C:\Windows\System32\mshtml.dll”,PrintHTML “%1” (Microsoft Corporation)
piffile [open]—“%1” %*
regfile [merge]—Reg Error: Key error.
scrfile [config]—“%1”
scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open]—“%1” /S
txtfile [edit]—Reg Error: Key error.
Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC]—“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”—started-from-file—playlist-enqueue “%1” ()
Directory [cmd]—cmd.exe /s /k pushd “%V” (Microsoft Corporation)
Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC]—“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”—started-from-file—no-playlist-enqueue “%1” ()
Folder [open]—%SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore]—Reg Error: Value error.
Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open]—“%1” %*
cmdfile [open]—“%1” %*
comfile [open]—“%1” %*
cplfile [cplopen]—%SystemRoot%\System32\control.exe “%1”,%* (Microsoft Corporation)
exefile [open]—“%1” %*
helpfile [open]—Reg Error: Key error.
piffile [open]—“%1” %*
regfile [merge]—Reg Error: Key error.
scrfile [config]—“%1”
scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open]—“%1” /S
txtfile [edit]—Reg Error: Key error.
Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC]—“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”—started-from-file—playlist-enqueue “%1” ()
Directory [cmd]—cmd.exe /s /k pushd “%V” (Microsoft Corporation)
Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC]—“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”—started-from-file—no-playlist-enqueue “%1” ()
Folder [open]—%SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore]—Reg Error: Value error.
Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“cval” = 1
“FirewallDisableNotify” = 0
“AntiVirusDisableNotify” = 0
“UpdatesDisableNotify” = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
“VistaSp1” = 28 4D B2 76 41 04 CA 01 [binary data]
“AntiVirusOverride” = 0
“AntiSpywareOverride” = 0
“FirewallOverride” = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“FirewallDisableNotify” = 0
“AntiVirusDisableNotify” = 0
“UpdatesDisableNotify” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
“DisableSR” = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall” = 1
“DisableNotifications” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall” = 1
“DisableNotifications” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
“EnableFirewall” = 1
“DisableNotifications” = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{071c9b48-7c32-4621-a0ac-3f809523288f}” = Microsoft Visual C++ 2005 Redistributable (x64)
“{0C826C5B-B131-423A-A229-C71B3CACCD6A}” = CDDRV_Installer
“{1B8ABA62-74F0-47ED-B18C-A43128E591B8}” = Windows Live ID Sign-in Assistant
“{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}” = Windows Live Family Safety
“{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}” = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
“{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}” = iTunes
“{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}” = Bonjour
“{75104836-CAC7-444E-A39E-3F54151942F5}” = Apple Mobile Device Support
“{7714C043-38E4-4D72-B61B-53A6C4F1636A}” = Citrix Access Gateway Endpoint Analysis
“{8220EEFE-38CD-377E-8595-13398D740ACE}” = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
“{850B8072-2EA7-4EDC-B930-7FE569495E76}” = Windows Live Remote Client Resources
“{90140000-002A-0000-1000-0000000FF1CE}” = Microsoft Office Office 64-bit Components 2010
“{90140000-002A-0406-1000-0000000FF1CE}” = Microsoft Office Shared 64-bit MUI (Danish) 2010
“{95120000-00B9-0409-1000-0000000FF1CE}” = Microsoft Application Error Reporting
“{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}” = Microsoft Visual C++ 2005 Redistributable (x64)
“{B6E3757B-5E77-3915-866A-CCFC4B8D194C}” = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
“{D07A61E5-A59C-433C-BCBD-22025FA2287B}” = Windows Live Language Selector
“{D0F8B50E-0D86-4E49-9540-DF785CCAC5A5}” = Windows Live Family Safety
“{DA54F80E-261C-41A2-A855-549A144F2F59}” = Windows Live MIME IFilter
“{DF6D988A-EEA0-4277-AAB8-158E086E439B}” = Windows Live Remote Client
“{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}” = Windows Live Remote Service
“{EE936C7A-EA40-31D5-9B65-8E3E089C3828}” = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
“{F3F18612-7B5D-4C05-86C9-AB50F6F71727}” = KhalInstallWrapper
“{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}” = Microsoft .NET Framework 4 Client Profile
“{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}” = Windows Live Remote Service Resources
“{F83E9BF0-B8D8-3D68-9E07-7505290C2202}” = Microsoft .NET Framework 4 Client Profile DAN Language Pack
“BullGuard” = BullGuard
“CCleaner” = CCleaner
“Microsoft .NET Framework 4 Client Profile” = Microsoft .NET Framework 4 Client Profile
“Microsoft .NET Framework 4 Client Profile DAN Language Pack” = Microsoft .NET Framework 4 Client Profile DAN sprogpakke
“NVIDIA Display Control Panel” = NVIDIA Display Control Panel
“NVIDIA Drivers” = NVIDIA Drivers
“WinRAR archiver” = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}” = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
“{00884F14-05BD-4D8E-90E5-1ABF78948CA4}” = Windows Live Mesh
“{0B0F231F-CE6A-483D-AA23-77B364F75917}” = Windows Live Installer
“{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}” = Citrix online plug-in (Web)
“{10186F1A-6A14-43DF-A404-F0105D09BB07}” = Windows Live Mail
“{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}” = Junk Mail filter update
“{200FEC62-3C34-4D60-9CE8-EC372E01C08F}” = Windows Live SOXE Definitions
“{26A24AE4-039D-4CA4-87B4-2F83216025FF}” = Java(TM) 6 Update 26
“{3336F667-9049-4D46-98B6-4C743EEBC5B1}” = Windows Live Photo Gallery
“{343666E2-A059-48AC-AD67-230BF74E2DB2}” = Apple Application Support
“{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}” = Windows Live Photo Gallery
“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
“{5442DAB8-7177-49E1-8B22-09A049EA5996}” = Renesas Electronics USB 3.0 Host Controller Driver
“{57220148-3B2B-412A-A2E0-82B9DF423696}” = Windows Live Mesh ActiveX-objekt til fjernforbindelser
“{65153EA5-8B6E-43B6-857B-C6E4FC25798A}” = Intel(R) Management Engine Components
“{682B3E4F-696A-42DE-A41C-4C07EA1678B4}” = Windows Live SOXE
“{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable
“{74A14EAE-F60E-450A-A101-C580D97BE2CF}” = Utility
“{770657D0-A123-3C07-8E44-1C83EC895118}” = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
“{781E0319-15CD-4A4C-A47E-D9FFF697E7A1}” = Messenger Companion
“{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}” = Apple Software Update
“{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}” = Windows Live Messenger Companion Core
“{7BE15435-2D3E-4B58-867F-9C75BED0208C}” = QuickTime
“{7F6021AE-E688-4D03-843A-C2260482BA0D}” = Windows Live Messenger
“{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}” = ASUS Gamer OSD
“{809D7E6D-915D-4EAD-821F-E13D93F37161}” = ASUS Smart Doctor
“{827D3E4A-0186-48B7-9801-7D1E9DD40C07}” = Windows Live Essentials
“{83C292B7-38A5-440B-A731-07070E81A64F}” = Windows Live PIMT Platform
“{8833FFB6-5B0C-4764-81AA-06DFEED9A476}” = Realtek Ethernet Controller Driver For Windows Vista and Later
“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
“{8A809006-C25A-4A3A-9DAB-94659BCDB107}” = NVIDIA PhysX
“{8C6D6116-B724-4810-8F2D-D047E6B7D68E}” = Mesh Runtime
“{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}” = MSVCRT
“{90140000-0015-0406-0000-0000000FF1CE}” = Microsoft Office Access MUI (Danish) 2010
“{90140000-0015-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-0016-0406-0000-0000000FF1CE}” = Microsoft Office Excel MUI (Danish) 2010
“{90140000-0016-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-0018-0406-0000-0000000FF1CE}” = Microsoft Office PowerPoint MUI (Danish) 2010
“{90140000-0018-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-0019-0406-0000-0000000FF1CE}” = Microsoft Office Publisher MUI (Danish) 2010
“{90140000-0019-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001A-0406-0000-0000000FF1CE}” = Microsoft Office Outlook MUI (Danish) 2010
“{90140000-001A-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001B-0406-0000-0000000FF1CE}” = Microsoft Office Word MUI (Danish) 2010
“{90140000-001B-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001F-0406-0000-0000000FF1CE}” = Microsoft Office Proof (Danish) 2010
“{90140000-001F-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{59BCA417-5095-450B-931A-AE6194728386}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001F-0407-0000-0000000FF1CE}” = Microsoft Office Proof (German) 2010
“{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001F-0409-0000-0000000FF1CE}” = Microsoft Office Proof (English) 2010
“{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-001F-041D-0000-0000000FF1CE}” = Microsoft Office Proof (Swedish) 2010
“{90140000-001F-041D-0000-0000000FF1CE}_Office14.PROPLUSR_{D00E944F-5ECB-42FF-B58E-8FDCF2219DE8}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-002A-0406-1000-0000000FF1CE}_Office14.PROPLUSR_{2AE96E9C-E4F4-4D18-8A54-C4FABBEA0CDD}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-002C-0406-0000-0000000FF1CE}” = Microsoft Office Proofing (Danish) 2010
“{90140000-002C-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{EC231F64-29AF-4FBD-85B8-EAFFFAE8B7A5}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-0044-0406-0000-0000000FF1CE}” = Microsoft Office InfoPath MUI (Danish) 2010
“{90140000-0044-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-006E-0406-0000-0000000FF1CE}” = Microsoft Office Shared MUI (Danish) 2010
“{90140000-006E-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{63CDEDB9-50F5-4C35-9219-72C4F31A61FE}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-00A1-0406-0000-0000000FF1CE}” = Microsoft Office OneNote MUI (Danish) 2010
“{90140000-00A1-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{90140000-00BA-0406-0000-0000000FF1CE}” = Microsoft Office Groove MUI (Danish) 2010
“{90140000-00BA-0406-0000-0000000FF1CE}_Office14.PROPLUSR_{CCB7569F-D761-4341-BCF2-0219BA60EA4D}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{91140000-0011-0000-0000-0000000FF1CE}” = Microsoft Office Professional Plus 2010
“{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}” = Microsoft Office 2010 Service Pack 1 (SP1)
“{92EA4134-10D1-418A-91E1-5A0453131A38}” = Windows Live Movie Maker
“{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
“{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
“{9D56775A-93F3-44A3-8092-840E3826DE30}” = Windows Live Mail
“{A498D9EB-927B-459B-85D6-DD6EF8C2C564}” = erLT
“{A726AE06-AAA3-43D1-87E3-70F510314F04}” = Windows Live Writer
“{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}” = Windows Live Photo Common
“{AC76BA86-7AD7-1030-7B44-AA1000000001}” = Adobe Reader X (10.1.1) - Dansk
“{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}” = Browser Configuration Utility
“{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}” = Windows Live UX Platform
“{CF671BFE-6BA3-44E7-98C1-500D9C51D947}” = Windows Live Photo Gallery
“{D0B44725-3666-492D-BEF6-587A14BD9BD9}” = MSVCRT_amd64
“{D45240D3-B6B3-4FF9-B243-54ECE3E10066}” = Windows Live Communications Platform
“{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}” = Windows Live Movie Maker
“{DECDCB7C-58CC-4865-91AF-627F9798FE48}” = Windows Live Mesh
“{E09C4DB7-630C-4F06-A631-8EA7239923AF}” = D3DX10
“{E5DD4723-FE0B-436E-A815-DC23CF902A0B}” = Windows Live UX Platform Language Pack
“{E8524B28-3BBB-4763-AC83-0E83FE31C350}” = Windows Live Writer
“{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}” = Windows Live Writer Resources
“{EB4DF488-AAEF-406F-A341-CB2AAA315B90}” = Windows Live Messenger
“{EEA080A7-4331-4593-A071-D0862A8178B9}” = ASUS nVidia Driver
“{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}” = Microsoft SQL Server 2005 Compact Edition [ENU]
“{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}” = Realtek High Definition Audio Driver
“{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}” = Logitech SetPoint
“{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}” = Safari
“{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}” = Windows Live Writer
“Adobe Flash Player ActiveX” = Adobe Flash Player 11 ActiveX
“AnyDVD” = AnyDVD
“CloneDVD2” = CloneDVD2
“InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}” = Renesas Electronics USB 3.0 Host Controller Driver
“InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}” = ASUS Smart Doctor
“Malwarebytes’ Anti-Malware_is1” = Malwarebytes’ Anti-Malware
“NVIDIA StereoUSB Driver” = NVIDIA StereoUSB Driver
“NVIDIAStereo” = NVIDIA Stereoscopic 3D Driver
“Office14.PROPLUSR” = Microsoft Office Professionel Plus 2010
“Synology Assistant” = Synology Assistant (remove only)
“VLC media player” = VLC media player 1.1.9
“WinLiveSuite” = Windows Live Essentials
“xvid” = XviD MPEG-4 Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3633746016-3117857291-1390477322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“Juniper_Citrix_Services” = Juniper Citrix Services Client
“Juniper_Setup_Client” = Juniper Networks, Inc. Setup Client
“Spotify” = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15-12-2011 12:02:16 | Computer Name = KPK-Pc | Source = LBTServ | ID = 262146
Description = The Bluetooth solution has encountered a problem and may not function
properly.  (Get) Bluetooth Hub failed to switch to HCI mode If the problem persists,
please try to re-install the Bluetooth software.

Error - 15-12-2011 12:58:33 | Computer Name = KPK-Pc | Source = LBTServ | ID = 262146
Description = The Bluetooth solution has encountered a problem and may not function
properly.  (Get) Bluetooth Hub failed to switch to HCI mode If the problem persists,
please try to re-install the Bluetooth software.

Error - 15-12-2011 13:45:07 | Computer Name = KPK-Pc | Source = LBTServ | ID = 262146
Description = The Bluetooth solution has encountered a problem and may not function
properly.  (Get) Bluetooth Hub failed to switch to HCI mode If the problem persists,
please try to re-install the Bluetooth software.

Error - 15-12-2011 14:21:23 | Computer Name = KPK-Pc | Source = LBTServ | ID = 262146
Description = The Bluetooth solution has encountered a problem and may not function
properly.  (Get) Bluetooth Hub failed to switch to HCI mode If the problem persists,
please try to re-install the Bluetooth software.

Error - 16-12-2011 11:05:35 | Computer Name = KPK-Pc | Source = WinMgmt | ID = 10
Description =

Error - 16-12-2011 11:24:51 | Computer Name = KPK-Pc | Source = WinMgmt | ID = 10
Description =

Error - 16-12-2011 11:30:04 | Computer Name = KPK-Pc | Source = WinMgmt | ID = 10
Description =

Error - 16-12-2011 12:33:14 | Computer Name = KPK-Pc | Source = LBTServ | ID = 262146
Description = The Bluetooth solution has encountered a problem and may not function
properly.  (Get) Bluetooth Hub failed to switch to HCI mode If the problem persists,
please try to re-install the Bluetooth software.

Error - 16-12-2011 13:52:51 | Computer Name = KPK-Pc | Source = LBTServ | ID = 262146
Description = The Bluetooth solution has encountered a problem and may not function
properly.  (Get) Bluetooth Hub failed to switch to HCI mode If the problem persists,
please try to re-install the Bluetooth software.

Error - 16-12-2011 14:48:38 | Computer Name = KPK-Pc | Source = LBTServ | ID = 262146
Description = The Bluetooth solution has encountered a problem and may not function
properly.  (Get) Bluetooth Hub failed to switch to HCI mode If the problem persists,
please try to re-install the Bluetooth software.

[ System Events ]
Error - 16-12-2011 11:17:59 | Computer Name = KPK-Pc | Source = Application Popup | ID = 1060
Description = Indlæsning af \??\C:\ComboFix\catchme.sys er blevet blokeret på grund
af inkompatibilitet med dette system. Kontakt softwareleverandøren for at få en
kompatibel version af driveren.

Error - 16-12-2011 11:19:02 | Computer Name = KPK-Pc | Source = Service Control Manager | ID = 7031
Description = Tjenesten UsbClientService blev afbrudt uventet. Dette er sket 1 gange.
Følgende korrigerende handling foretages om 200 millisekunder: Genstart tjenesten.

Error - 16-12-2011 11:20:11 | Computer Name = KPK-Pc | Source = Service Control Manager | ID = 7030
Description = Tjenesten PEVSystemStart er markeret som en interaktiv tjeneste. Systemet
er dog konfigureret til ikke at tillade interaktive tjenester. Denne tjeneste fungerer
muligvis ikke korrekt.

Error - 16-12-2011 11:20:51 | Computer Name = KPK-Pc | Source = Service Control Manager | ID = 7031
Description = Tjenesten UsbClientService blev afbrudt uventet. Dette er sket 1 gange.
Følgende korrigerende handling foretages om 200 millisekunder: Genstart tjenesten.

Error - 16-12-2011 11:21:29 | Computer Name = KPK-Pc | Source = Service Control Manager | ID = 7031
Description = Tjenesten UsbClientService blev afbrudt uventet. Dette er sket 1 gange.
Følgende korrigerende handling foretages om 200 millisekunder: Genstart tjenesten.

Error - 16-12-2011 11:21:47 | Computer Name = KPK-Pc | Source = Application Popup | ID = 1060
Description = Indlæsning af \??\C:\ComboFix\catchme.sys er blevet blokeret på grund
af inkompatibilitet med dette system. Kontakt softwareleverandøren for at få en
kompatibel version af driveren.

Error - 16-12-2011 11:21:47 | Computer Name = KPK-Pc | Source = Application Popup | ID = 1060
Description = Indlæsning af \??\C:\ComboFix\catchme.sys er blevet blokeret på grund
af inkompatibilitet med dette system. Kontakt softwareleverandøren for at få en
kompatibel version af driveren.

Error - 16-12-2011 11:22:13 | Computer Name = KPK-Pc | Source = Service Control Manager | ID = 7030
Description = Tjenesten PEVSystemStart er markeret som en interaktiv tjeneste. Systemet
er dog konfigureret til ikke at tillade interaktive tjenester. Denne tjeneste fungerer
muligvis ikke korrekt.

Error - 16-12-2011 12:33:19 | Computer Name = KPK-Pc | Source = BTHUSB | ID = 327697
Description = Der opstod en ukendt fejl i den lokale Bluetooth-adapter og den vil
derfor ikke blive brugt. Driveren vil ikke blive indlæst.

Error - 16-12-2011 13:52:56 | Computer Name = KPK-Pc | Source = BTHUSB | ID = 327697
Description = Der opstod en ukendt fejl i den lokale Bluetooth-adapter og den vil
derfor ikke blive brugt. Driveren vil ikke blive indlæst.


< End of report >

1. Hent dette lille værktøj:

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

2. Dobbeltklik på SystemLook_x64.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

:regfind
Facemoods

3. Luk så alle andre vinduer og klik på knappen Look. Programmet vil nu lede på din computer.

4. Når programmet er færdig med at lede, vil der dukke et notepad-vindue op, med en log fra SystemLook. Den skal du kopiere herind i forum i dit næste svar. Log’en kan også findes på dit Skrivebord med navnet: SystemLook.txt.

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

SystemLook 30.07.11 by jpshortstuff
Log created at 13:15 on 17/12/2011 by KPK
Administrator - Elevation successful

========== regfind ==========

Searching for “Facemoods”
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\facemoods.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\facemoods.com\facemoods]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}]
“URL”=“http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4”
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}]
“DisplayName”=“Facemoods Search”
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
“Tabs”=“http://start.facemoods.com/?a=ddrnw&f=2”
[HKEY_USERS\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\facemoods.com]
[HKEY_USERS\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\facemoods.com\facemoods]
[HKEY_USERS\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}]
“URL”=“http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4”
[HKEY_USERS\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}]
“DisplayName”=“Facemoods Search”

-= EOF =-

Start SystemLook, og kør den med nedenstående.

:regfind
0D7562AE-8EF6-416d-A838-AB665251703A

Kopier loggen herind.

SystemLook 30.07.11 by jpshortstuff
Log created at 15:18 on 17/12/2011 by KPK
Administrator - Elevation successful

========== regfind ==========

Searching for “0D7562AE-8EF6-416d-A838-AB665251703A”
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}]
[HKEY_USERS\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}]

-= EOF =-

Start OTL

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

Kopier nedenstånde med fed skrift ind i feltet “Custom Scans/Fixes”

:Services

:Commands
[purity]
[resethosts]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[emptytemp]
[Reboot]

Luk alle andre åbne vinduer og klik på “Run Fix”

Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd.

Ellers ligger den her: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log

PS Deaktiver dine Sikkerheds programmer, mens “Fixet” kører.

All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev t›mt.
C:\Users\KPK\Desktop\cmd.bat deleted successfully.
C:\Users\KPK\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\facemoods.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\facemoods.com\facemoods\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs\\“Tabs”|“res://ieframe.dll/tabswelcome.htm” /E :invalid edit format. Invalid data type.
Registry key HKEY_USERS\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\facemoods.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\facemoods.com\facemoods\ not found.
Registry key HKEY_USERS\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3633746016-3117857291-1390477322-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: KPK
->Flash cache emptied: 1600 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: KPK
->Temp folder emptied: 531763 bytes
->Temporary Internet Files folder emptied: 51635118 bytes
->Java cache emptied: 9286346 bytes
->Apple Safari cache emptied: 16384 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67596 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 59,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12172011_154140

Files\Folders moved on Reboot…
C:\Users\KPK\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\KPK\AppData\Local\Temp\ppcrlui_3980_2 moved successfully.

Registry entries deleted on Reboot…

Det gik ikke ikke helt som det skulle, så vil du godt køre det OTL Script jeg vedhæfter.

kopier loggen herind.

PS Deaktiver dine Sikkerheds programmer, mens “Fixet” kører.

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev t›mt.
C:\Users\KPK\Desktop\cmd.bat deleted successfully.
C:\Users\KPK\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs\\“Tabs”|“res://ieframe.dll/tabswelcome.htm” /E : value set successfully!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: KPK
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: KPK
->Temp folder emptied: 1179492 bytes
->Temporary Internet Files folder emptied: 1390836 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12172011_162624

Files\Folders moved on Reboot…
C:\Users\KPK\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\KPK\AppData\Local\Temp\ppcrlui_5000_2 moved successfully.

Registry entries deleted on Reboot…