Spywarefri Forum | Mistænker lumskhed i min registry.

1 af 2

Mistænker lumskhed i min registry.

[ Ignorer ] NicolaiNN
21.12.2011 16:44:00 Antal indlæg: 28	Hej SWF Jeg stødte forleden på en trussel, som mit MSE automatisk fjernede, jeg har desværre glemt navnet på denne. Men jeg læste om at den ændrede en masse ting i registy, samt i nogle af windows .dll filer i mappen windows32 samt %APPDATA% mappen. Har også gjort alt det som er i jeres vejledning. Jeg tror det er væk, men for en sikkerheds skyld, er i så ikke friske på en kigger? God jul til jer alle! Malwarebytes’ Anti-Malware 1.51.2.1300 http://www.malwarebytes.org Database version: 8393 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 21-12-2011 14:48:41 mbam-log-2011-12-21 (14-48-41).txt Scan type: Full scan (C:\\|D:\\|E:\\|F:\\|G:\\|I:\\|) Objects scanned: 446383 Time elapsed: 22 minute(s), 25 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ———————————————- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:54:14, on 21-12-2011 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x86\LCDMedia.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Users\Nicolai Nielsen\AppData\Roaming\Spotify\Spotify.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe F:\Steam\steam.exe C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\ccSvcHst.exe C:\Users\Nicolai Nielsen\Downloads\HiJackThis.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 http://www.easyanticheat.se # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.com # misleading site O1 - Hosts: 255.255.255.255 http://www.easyanticheat.com # misleading site O1 - Hosts: 255.255.255.255 easyanticheat.org # misleading site O1 - Hosts: 255.255.255.255 http://www.easyanticheat.org # misleading site O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\coIEPlg.dll O4 - HKLM\..\Run: [NUSB3MON] “C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe” O4 - HKLM\..\Run: [BCSSync] “C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe” /DelayServices O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [Malwarebytes’ Anti-Malware (reboot)] “C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript O4 - HKCU\..\Run: [ccleaner] “C:\Program Files\CCleaner\CCleaner64.exe” /AUTO O4 - HKCU\..\Run: [Steam] “F:\Steam\steam.exe” -silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’) O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’) O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’) O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’) O4 - HKUS\S-1-5-21-3378476827-1488579091-87155459-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘UpdatusUser’) O4 - HKUS\S-1-5-21-3378476827-1488579091-87155459-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘UpdatusUser’) O4 - Startup: CurseClientStartup.ccip O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport; to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd; to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Se&nd; to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked; Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra ‘Tools’ menuitem: OneNote Lin&ked; Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra ‘Tools’ menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Vis eller skjul HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Tjeneste (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Tjeneste (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) — End of file - 12744 bytes ————————————— . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30 Run by Nicolai Nielsen at 15:42:22 on 2011-12-21 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.45.1033.18.6135.2970 [GMT 1:00] . AV: Norton 360 Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 Enabled/Updated {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 Enabled {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\OO Software\Defrag\oodag.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\taskhost.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\Dwm.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files\OO Software\Defrag\oodtray.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Windows\system32\WUDFHost.exe C:\Users\Nicolai Nielsen\AppData\Local\Apps\2.0\CBZ4ADMB.ZCT\A0GJG6ZR.7AR\curs..tion_eee711038731a406_0004.0000_2ad57790d5451048\CurseClient.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x86\LCDMedia.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x64\LCDClock.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Windows Media Player\WMPSideShowGadget.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Users\Nicolai Nielsen\AppData\Roaming\Spotify\Spotify.exe F:\Steam\steam.exe C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\ccSvcHst.exe C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\ccSvcHst.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k swprv C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Program Files (x86)\Secunia\PSI\PSI_TRAY.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage mWinlogon: Userinit=userinit.exe, BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\coIEPlg.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [AdobeBridge] uRun: [ccleaner] “C:\Program Files\CCleaner\CCleaner64.exe” /AUTO uRun: [Steam] “F:\Steam\steam.exe” -silent mRun: [NUSB3MON] “C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe” mRun: [<NO NAME>] mRun: [BCSSync] “C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe” /DelayServices mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe mRun: [Malwarebytes’ Anti-Malware (reboot)] “C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript mRun: [Adobe ARM] “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” StartupFolder: C:\Users\Nicolai Nielsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Secunia PSI Tray.lnk - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe uPolicies-explorer: NoInstrumentation = 1 mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&ksporter; til Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: E&xport; to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd; to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 85.233.224.20 85.233.228.2 TCP: Interfaces\{1E3233CB-0336-46CB-A1B6-45BEB0634A97} : DhcpNameServer = 85.233.224.20 85.233.228.2 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.0.0.125\coIEPlg.dll EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [NUSB3MON] “C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe” mRun-x64: [(Default)] mRun-x64: [BCSSync] “C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe” /DelayServices mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe mRun-x64: [Malwarebytes’ Anti-Malware (reboot)] “C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript mRun-x64: [Adobe ARM] “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL Hosts: 255.255.255.255 easyanticheat.se # misleading site Hosts: 255.255.255.255 http://www.easyanticheat.se # misleading site Hosts: 255.255.255.255 easyanticheat.com # misleading site Hosts: 255.255.255.255 http://www.easyanticheat.com # misleading site Hosts: 255.255.255.255 easyanticheat.org # misleading site . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\Firefox\Profiles\zxsovoul.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/ FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 Si3124r5;SiI-3124 SoftRaid 5 Controller;C:\Windows\system32\DRIVERS\Si3124r5.sys—> C:\Windows\system32\DRIVERS\Si3124r5.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS—> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS—> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [2011-12-10 1156216] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111220.001\IDSviA64.sys [2011-12-20 488568] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS—> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?] R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe [2011-12-21 130008] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-14 2253120] R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2011-6-29 3246920] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys—> C:\Windows\system32\drivers\LGBusEnum.sys [?] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys—> C:\Windows\system32\drivers\LGVirHid.sys [?] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys—> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys—> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys—> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys—> C:\Windows\system32\DRIVERS\psi_mf.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys—> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\N360x64\0500000.07D\SYMNETS.SYS—> C:\Windows\system32\drivers\N360x64\0500000.07D\SYMNETS.SYS [?] R3 USBPNPA;USB PnP Sound Device Interface;C:\Windows\system32\drivers\CM10864.sys—> C:\Windows\system32\drivers\CM10864.sys [?] R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-18 793048] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Tjeneste (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 136176] S3 gupdatem;Google Update Tjeneste (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys—> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys—> C:\Windows\system32\DRIVERS\revoflt.sys [?] S3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys—> C:\Windows\system32\DRIVERS\RzSynapse.sys [?] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys—> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBMULCD;USB Multi-Channel Audio Device Interface;C:\Windows\system32\drivers\CM10664.sys—> C:\Windows\system32\drivers\CM10664.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys—> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe—> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976] S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys—> C:\Windows\system32\DRIVERS\RsFx0103.sys [?] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880] . =============== Created Last 30 ================ . 2011-12-21 14:34:56 479232 ——a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll 2011-12-21 14:34:56 43992 ——a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll 2011-12-21 14:34:55 626688 ——a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll 2011-12-21 14:34:55 548864 ——a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll 2011-12-21 14:29:59 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\Secunia PSI 2011-12-21 14:29:56 ———— d——-w- C:\Program Files (x86)\Secunia 2011-12-21 13:52:14 912504 ——a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symefa64.sys 2011-12-21 13:52:14 744568 ——a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys 2011-12-21 13:52:14 450680 ——a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symds64.sys 2011-12-21 13:52:14 40568 ——a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys 2011-12-21 13:52:14 382584 ——a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys 2011-12-21 13:52:14 171128 ——a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\ironx64.sys 2011-12-21 13:52:10 ———— d——-w- C:\Windows\System32\drivers\N360x64\0501000.01D 2011-12-21 13:12:27 ———— d——-w- C:\Program Files (x86)\ESET 2011-12-21 13:04:29 69000 ——a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1DAB23B1-46D1-4B3D-B5E9-883062100A2F}\offreg.dll 2011-12-21 13:04:28 8822856 ——a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1DAB23B1-46D1-4B3D-B5E9-883062100A2F}\mpengine.dll 2011-12-21 06:55:32 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{06AB31CE-887E-453A-B0C0-30B570804345} 2011-12-21 06:55:22 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{46D7FB4A-74A3-4740-96BF-52B1156583FF} 2011-12-20 18:54:59 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{F7243861-0833-4ED8-B6B2-906613818E59} 2011-12-20 18:54:49 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{A7D4F2AD-E02B-4719-B636-75C0F821A840} 2011-12-19 15:46:26 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{872E2C0A-6F49-45F8-8A65-A32FE8B4BB3A} 2011-12-19 15:46:17 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{1746C9C6-5BB8-40E1-98C2-948628ACB2BB} 2011-12-18 15:06:17 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Roaming\Registry Mechanic 2011-12-18 15:05:00 880640 ——a-w- C:\Windows\SysWow64\UniBox10.ocx 2011-12-18 15:05:00 658432 ——a-w- C:\Windows\SysWow64\MSCOMCT2.OCX 2011-12-18 15:05:00 512472 ——a-w- C:\Windows\SysWow64\msxml.dll 2011-12-18 15:05:00 40408 ——a-w- C:\Windows\System32\CleanMFT64.exe 2011-12-18 15:05:00 212992 ——a-w- C:\Windows\SysWow64\UniBoxVB12.ocx 2011-12-18 15:05:00 1101824 ——a-w- C:\Windows\SysWow64\UniBox210.ocx 2011-12-18 15:04:47 ———— d——-w- C:\Program Files (x86)\PC Tools 2011-12-18 15:04:47 ———— d——-w- C:\Program Files (x86)\Common Files\PC Tools 2011-12-18 15:00:00 ———— d——-w- C:\ProgramData\PC Tools 2011-12-18 14:59:59 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Roaming\Product_RM 2011-12-18 14:58:32 476904 ——a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-12-18 11:03:49 447752 ——a-w- C:\Windows\SysWow64\vp6vfw.dll 2011-12-18 11:03:49 ———— d——-w- C:\Program Files (x86)\Microsoft WSE 2011-12-18 09:31:34 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{772FAAF3-38B4-44CA-8DAD-BDFF6E26E188} 2011-12-18 09:31:24 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{2DE709AD-AAE5-4909-93CA-190BBA08FD5B} 2011-12-17 21:31:01 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{40F24583-EF6B-4074-BF6D-FE894327889E} 2011-12-17 21:30:52 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{4C633AD4-7530-44CE-912C-4291EF1CEFA9} 2011-12-17 09:30:29 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{0D970B06-A41D-4880-A48C-FA3202BDEB86} 2011-12-17 09:30:19 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{77525169-B85A-4E7F-A307-941DC1A87D6F} 2011-12-16 12:30:29 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{B62301F4-BB79-49F0-A3FF-BEC0CD46BE08} 2011-12-16 12:30:19 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{101B4959-17F2-4CD0-B605-4D86FEEBDD68} 2011-12-15 11:10:17 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{91ADF158-36BC-452A-B5C8-72A67DE9E6CD} 2011-12-15 11:10:07 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{B885A39E-FB6D-416A-9754-5A33F5ED3C2B} 2011-12-14 22:29:10 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{AC77B18F-AE17-481D-BF06-1D844BD1AA8D} 2011-12-14 22:29:00 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{14ACADA5-EEA3-4671-8504-C22242DED094} 2011-12-14 20:41:16 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\assembly 2011-12-14 20:36:08 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Roaming\Microsoft Corporation 2011-12-14 20:27:38 78872 ——a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2011-12-14 20:27:38 50200 ——a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2011-12-14 20:27:36 79896 ——a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2011-12-14 20:27:36 111640 ——a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2011-12-14 20:27:21 ———— d——-w- C:\Windows\System32\RsFx 2011-12-14 20:25:38 ———— d——-w- C:\Program Files\Microsoft SQL Server 2011-12-14 20:25:35 ———— d——-w- C:\Program Files (x86)\Microsoft SQL Server 2011-12-14 20:25:26 ———— d——-w- C:\Program Files\Microsoft Synchronization Services 2011-12-14 20:25:26 ———— d——-w- C:\Program Files\Microsoft SQL Server Compact Edition 2011-12-14 20:24:09 ———— d——-w- C:\Program Files (x86)\Microsoft ASP.NET 2011-12-14 20:24:08 ———— d——-w- C:\Program Files\IIS 2011-12-14 20:24:08 ———— d——-w- C:\Program Files (x86)\IIS 2011-12-14 20:23:55 2118848 ——a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2011-12-14 20:22:04 ———— d——-w- C:\Windows\SysWow64\1033 2011-12-14 20:20:50 ———— d——-w- C:\Windows\System32\1033 2011-12-14 20:20:50 ———— d——-w- C:\Program Files\Microsoft Visual Studio 10.0 2011-12-14 20:20:50 ———— d——-w- C:\Program Files\Microsoft Help Viewer 2011-12-14 10:33:13 723456 ——a-w- C:\Windows\System32\EncDec.dll 2011-12-14 10:33:13 534528 ——a-w- C:\Windows\SysWow64\EncDec.dll 2011-12-14 10:33:13 43520 ——a-w- C:\Windows\System32\csrsrv.dll 2011-12-14 10:33:13 3145216 ——a-w- C:\Windows\System32\win32k.sys 2011-12-14 10:33:11 2048 ——a-w- C:\Windows\SysWow64\tzres.dll 2011-12-14 10:33:11 2048 ——a-w- C:\Windows\System32\tzres.dll 2011-12-14 10:28:37 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{5E741805-25BF-4B72-B7CA-6A10E4FE7F8A} 2011-12-14 10:28:27 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{BADADDE2-70B1-459D-A55F-4C19BE6416FB} 2011-12-13 13:10:45 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{0ACC6A9B-E4E7-4C84-A070-DDA985001A26} 2011-12-13 13:10:35 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{915AFA00-5644-41AB-AD03-A1F6E34225C8} 2011-12-12 12:39:07 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{A39A8347-D380-4077-A078-4B4538D44DC0} 2011-12-12 12:38:58 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{629A85F7-96EA-448E-9AF3-5E064F89F45B} 2011-12-11 13:52:03 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{5A4751DD-9B72-4635-8B85-EB2A4EE2268E} 2011-12-11 13:51:53 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{59269AFF-29C5-49EF-B653-A5110C83720A} 2011-12-10 15:22:12 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{B1B73F8B-70B4-4639-BEBD-CFD51EBED0F0} 2011-12-10 15:22:03 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{E51CA023-F17B-4B2A-A7C7-60BC7A9B7DB1} 2011-12-09 12:40:38 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{B182B1E4-B965-46E3-A93F-6183570A8746} 2011-12-09 12:40:29 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{0DD382BD-7490-4D64-9760-BF18788D6B16} 2011-12-08 15:06:26 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{BCFD0A71-94AE-45C2-AB74-49095BC7E8D6} 2011-12-08 15:06:17 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{5B3631C6-BFEB-4158-B2CE-03F3C15042E9} 2011-12-07 12:11:25 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{C23C3602-3D4B-4935-A532-A4BCEB0666FA} 2011-12-07 12:11:16 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{B1703C23-E817-4C53-83E8-A4BE6E9217BB} 2011-12-06 09:55:58 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{8DD8EAB6-8CB0-4C4A-9EFA-3FF861188864} 2011-12-06 09:55:48 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{41FCEDD4-0372-4291-BABB-1AF271E14C20} 2011-12-05 14:36:02 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{EA88BA8B-DEB9-455A-9BCC-DC7EABF17D2C} 2011-12-05 14:35:52 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{48723038-58A9-400D-AA67-A0C97A0584D7} 2011-12-04 15:56:08 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{B70824D4-9D3A-4CDC-B310-70C20FF31950} 2011-12-04 15:55:58 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{C7D397EC-B92B-4E20-9A57-E3290B0EBB0F} 2011-12-03 12:32:53 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{873775AD-BB5D-447A-B612-97D6C444210E} 2011-12-03 12:32:44 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{B2452AB1-DABC-4AC2-8D37-42A154DD1DCD} 2011-12-02 17:11:40 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{EB3C060F-6B26-4AD9-AC65-BA0D9238429C} 2011-12-02 17:11:31 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{660F291E-70CA-4C66-B9D7-612899F171F9} 2011-12-01 10:37:26 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{DEE9A554-8987-4720-83B5-5BE773952D0C} 2011-12-01 10:37:17 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{833D492C-BB4B-41EE-ADC8-B9BF43D66B8F} 2011-11-30 12:35:49 ———— d-sh—w- C:\found.000 2011-11-30 09:09:31 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{B41F9D41-58A0-4930-9951-A79E1CE1DD60} 2011-11-30 09:09:21 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{EC443F97-5ECD-4440-B6A1-E1FDC88D44ED} 2011-11-28 11:13:20 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{B72D3346-7CC7-4FD6-BDAA-75A40395602F} 2011-11-28 11:13:11 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{0195A856-B7BB-42E2-BCCA-2E75720077D9} 2011-11-27 15:46:03 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{9AAA2D4D-A5F5-4031-9D28-8006E21F8DB3} 2011-11-27 15:45:54 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{3020A1C9-FB28-462E-B1F5-7B3BF8DCE25E} 2011-11-26 11:03:40 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{33A8926D-A26E-487C-BC81-9CCB086D486D} 2011-11-26 11:03:31 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{F8EC8792-4757-40C4-B428-99690174E2ED} 2011-11-25 12:08:34 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{6CBB0D05-A361-4B1D-B9F5-DBC52D95AA5E} 2011-11-25 12:08:25 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{528827B8-9C35-4DA6-99BB-73F32166D9AF} 2011-11-24 12:13:27 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{84EBCC96-38E5-4252-BCB8-429F58C8DC20} 2011-11-24 12:13:17 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{77C8A5B0-1647-4225-BDFD-A522F046622E} 2011-11-23 12:37:16 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{377B94B3-639B-4716-8813-2C5621993FFE} 2011-11-23 12:37:06 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{0DEBCC20-AD6D-4BAE-9D45-B9A2A27D2070} 2011-11-22 23:30:08 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{760FF8F2-86CB-4692-9940-DA5C2208EDF0} 2011-11-22 23:29:59 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{AF69ACA5-CD7A-4FFD-B2B7-0D52B01686CB} 2011-11-22 09:49:15 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{2E31E245-3AAC-4472-93AD-C4F8A4DB80E0} 2011-11-22 09:49:05 ———— d——-w- C:\Users\Nicolai Nielsen\AppData\Local\{723C3040-7726-41F1-8003-F97B0F7B30B8} . ==================== Find3M ==================== . 2011-12-21 14:30:49 404640 ——a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-21 13:52:15 174200 ——a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2011-12-18 14:58:28 472808 ——a-w- C:\Windows\SysWow64\deployJava1.dll 2011-11-26 11:43:00 280904 ——a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2011-11-26 11:43:00 280904 ——a-w- C:\Windows\SysWow64\PnkBstrB.exe 2011-11-26 11:41:35 189248 ——a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2011-11-26 11:41:28 75136 ——a-w- C:\Windows\SysWow64\PnkBstrA.exe 2011-11-15 13:29:56 270720 ———w- C:\Windows\System32\MpSigStub.exe 2011-11-04 01:53:39 2309120 ——a-w- C:\Windows\System32\jscript9.dll 2011-11-04 01:44:47 1390080 ——a-w- C:\Windows\System32\wininet.dll 2011-11-04 01:44:21 1493504 ——a-w- C:\Windows\System32\inetcpl.cpl 2011-11-04 01:34:43 2382848 ——a-w- C:\Windows\System32\mshtml.tlb 2011-11-03 22:47:42 1798144 ——a-w- C:\Windows\SysWow64\jscript9.dll 2011-11-03 22:40:21 1427456 ——a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-11-03 22:39:47 1127424 ——a-w- C:\Windows\SysWow64\wininet.dll 2011-11-03 22:31:57 2382848 ——a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-24 13:29:02 94208 ——a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2011-10-24 13:29:02 69632 ——a-w- C:\Windows\SysWow64\QuickTime.qts 2011-10-14 22:54:52 321856 ——a-w- C:\Windows\SysWow64\nvStreaming.exe 2011-09-29 16:29:28 1923952 ——a-w- C:\Windows\System32\drivers\tcpip.sys 2011-09-22 22:41:00 3074368 ——a-w- C:\Windows\System32\nvsvcr.dll . ============= FINISH: 15:42:38,08 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 29-05-2011 18:10:08 System Uptime: 21-12-2011 07:23:25 (8 hours ago) . Motherboard: ASUSTeK Computer INC. \| \| SABERTOOTH X58 Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz \| LGA1366 \| 3068/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 93 GiB total, 10,332 GiB free. D: is FIXED (NTFS) - 69 GiB total, 15,521 GiB free. E: is FIXED (NTFS) - 932 GiB total, 592,516 GiB free. F: is FIXED (NTFS) - 279 GiB total, 145,978 GiB free. G: is FIXED (NTFS) - 373 GiB total, 208,356 GiB free. H: is CDROM () I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP202: 21-12-2011 15:28:39 - Removed Apple Application Support RP203: 21-12-2011 15:28:56 - Removed Apple Mobile Device Support RP204: 21-12-2011 15:29:09 - Removed Apple Software Update RP206: 21-12-2011 15:33:23 - Revo Uninstaller Pro’s restore point - Winamp RP208: 21-12-2011 15:38:37 - Revo Uninstaller Pro’s restore point - QuickTime . ==== Hosts File Hijack ====================== . Hosts: 255.255.255.255 easyanticheat.se # misleading site Hosts: 255.255.255.255 http://www.easyanticheat.se # misleading site Hosts: 255.255.255.255 easyanticheat.com # misleading site Hosts: 255.255.255.255 http://www.easyanticheat.com # misleading site Hosts: 255.255.255.255 easyanticheat.org # misleading site Hosts: 255.255.255.255 http://www.easyanticheat.org # misleading site . ==== Installed Programs ====================== . . Adobe AIR Adobe Community Help Adobe Creative Suite 5 Master Collection Adobe Flash Player 10 ActiveX Adobe Media Player Adobe Reader X (10.1.1) Adobe Shockwave Player 11.6 B110 Battlefield 3™ Battlelog Web Plugins BufferChm Call of Duty: Black Ops - Multiplayer Compatibility Pack for the 2007 Office system Counter-Strike Curse Client D3DX10 Dead Island Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations Deus Ex - Human Revolution version 1.0 DeviceDiscovery Diablo II ESN Sonar FileZilla Client 3.5.0 Fraps (remove only) Google Calendar Sync Google Chrome Google Earth Plug-in Google Talk Plugin Google Update Helper GPBaseService2 HijackThis 2.0.2 HP Update HPAppStudio HPPhotoGadget HPProductAssistant HPSSupply Java Auto Updater Java(TM) 6 Update 30 JDownloader 0.9 Junk Mail filter update League of Legends Magic The Gathering - Duels of the Planeswalkers 2012 Malwarebytes’ Anti-Malware version 1.51.2.1300 MarketResearch Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft ASP.NET MVC 2 Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 R2 Data-Tier Application Framework Microsoft SQL Server 2008 R2 Data-Tier Application Project Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 R2 Transact-SQL Language Service Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft Sync Framework SDK v1.0 SP1 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 Microsoft Visual F# 2.0 Runtime Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio Macro Tools Microsoft WSE 3.0 Runtime Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mozilla Firefox 9.0 (x86 da) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Naga Firmware Updater 1.13 NEC Electronics USB 3.0 Host Controller Driver Norton 360 NVIDIA 3D Vision Controller Driver NVIDIA PhysX NVIDIA Stereoscopic 3D Driver Origin PC Tools Registry Mechanic 11.0 PDF Settings CS5 PS_AIO_07_B110_SW_Min PunkBuster Services QuickTime QuickTransfer Scan Secunia PSI (2.0.0.4003) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Skype Click to Call Skype™ 5.5 SmartWebPrinting SolutionCenter Spotify Status Steam swMSM Team Fortress 2 The Elder Scrolls V: Skyrim The Sims™ 3 The Sims™ 3 Verdenseventyr Toolbox TrayApp Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VLC media player 1.1.11 Warcraft III WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 21-12-2011 13:36:40, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Norton 360 service, but this action failed with the following error: An instance of the service is already running. 21-12-2011 13:34:40, Error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 21-12-2011 11:53:38, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 21-12-2011 07:23:42, Error: Microsoft Antimalware [3002] - 21-12-2011 07:23:40, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 17-12-2011 23:57:56, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File ===========================
[ Ignorer ] [ # 1 ] f-arn TeamSpywarefri
21.12.2011 23:35:38 Administrator Team Spywarefri Antal indlæg: 4202	Hej Hent OTL af OldTimer og gem den på dit skrivebord. Start OTL Vista og Windows 7 - højreklik på filen - Kør som Administrator. Øverst sætter du flueben i “Scan All Users” I nederste højre hjørne af det øverste panel, sæt fluben ved “LOP Check” og “Purity Check”. I boksen “Custom Scans/Fixes” kopierer du det fremhævede ind. %SYSTEMDRIVE%\. %systemroot%\system32\.dll /lockedfiles %systemroot%\Tasks\.job /lockedfiles %systemroot%\system32\drivers\.sys /lockedfiles %systemroot%\. /mp /s %USERPROFILE%\..\|smtmp;true;true;true /FP %systemroot%\System32\config\.sav %programfiles%\. CREATERESTOREPOINT Luk alle åbne vinduer og klik på “Run Scan” øverst til venstre og lad programmet køre. Scanningen kan tage 5-10 minutter. Det vil give to logfiler på skrivebordet, OTL.txt og Extras.txt. Så kopier følgende ind i dit næste indlæg (i rækkefølge): indholdet af OTL.txt indholdet af Extras.txt Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg. Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 2 ] NicolaiNN
22.12.2011 18:50:00 Antal indlæg: 28	Mange tak, det er ny gjort og logs kommer her
[ Ignorer ] [ # 3 ] NicolaiNN
22.12.2011 18:50:15 Antal indlæg: 28	OTL Extras logfile created on: 22-12-2011 17:43:47 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nicolai Nielsen\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 5,99 Gb Total Physical Memory \| 3,98 Gb Available Physical Memory \| 66,45% Memory free 11,98 Gb Paging File \| 9,78 Gb Available in Paging File \| 81,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 93,09 Gb Total Space \| 12,44 Gb Free Space \| 13,37% Space Free \| Partition Type: NTFS Drive D: \| 69,25 Gb Total Space \| 15,52 Gb Free Space \| 22,41% Space Free \| Partition Type: NTFS Drive E: \| 931,51 Gb Total Space \| 592,51 Gb Free Space \| 63,61% Space Free \| Partition Type: NTFS Drive F: \| 279,46 Gb Total Space \| 145,98 Gb Free Space \| 52,24% Space Free \| Partition Type: NTFS Drive G: \| 372,61 Gb Total Space \| 208,36 Gb Free Space \| 55,92% Space Free \| Partition Type: NTFS Drive I: \| 1,87 Gb Total Space \| 1,40 Gb Free Space \| 75,00% Space Free \| Partition Type: FAT Computer Name: NICOLAINIELSEN \| User Name: Nicolai Nielsen \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut]—C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile]—C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3378476827-1488579091-87155459-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML]—C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open]—“%1” %* cmdfile [open]—“%1” %* comfile [open]—“%1” %* exefile [open]—“%1” %* helpfile [open]—Reg Error: Key error. inffile [install]—%SystemRoot%\System32\InfDefaultInstall.exe “%1” (Microsoft Corporation) InternetShortcut [open]—“C:\Windows\System32\rundll32.exe” “C:\Windows\System32\ieframe.dll”,OpenURL %l (Microsoft Corporation) InternetShortcut [print]—“C:\Windows\System32\rundll32.exe” “C:\Windows\System32\mshtml.dll”,PrintHTML “%1” (Microsoft Corporation) piffile [open]—“%1” %* regfile [merge]—Reg Error: Key error. scrfile [config]—“%1” scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open]—“%1” /S txtfile [edit]—Reg Error: Key error. Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC]—“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”—started-from-file—playlist-enqueue “%1” () Directory [Bridge]—C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe “%L” (Adobe Systems, Inc.) Directory [cmd]—cmd.exe /s /k pushd “%V” (Microsoft Corporation) Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC]—“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”—started-from-file—no-playlist-enqueue “%1” () Folder [open]—%SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore]—Reg Error: Value error. Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open]—“%1” %* cmdfile [open]—“%1” %* comfile [open]—“%1” %* cplfile [cplopen]—%SystemRoot%\System32\control.exe “%1”,%* (Microsoft Corporation) exefile [open]—“%1” %* helpfile [open]—Reg Error: Key error. inffile [install]—%SystemRoot%\System32\InfDefaultInstall.exe “%1” (Microsoft Corporation) piffile [open]—“%1” %* regfile [merge]—Reg Error: Key error. scrfile [config]—“%1” scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open]—“%1” /S txtfile [edit]—Reg Error: Key error. Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC]—“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”—started-from-file—playlist-enqueue “%1” () Directory [Bridge]—C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe “%L” (Adobe Systems, Inc.) Directory [cmd]—cmd.exe /s /k pushd “%V” (Microsoft Corporation) Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC]—“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”—started-from-file—no-playlist-enqueue “%1” () Folder [open]—%SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore]—Reg Error: Value error. Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] “cval” = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] “VistaSp1” = 28 4D B2 76 41 04 CA 01 [binary data] “AntiVirusOverride” = 0 “AntiSpywareOverride” = 0 “FirewallOverride” = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] “DisableNotifications” = 0 “EnableFirewall” = 1 “DefaultOutboundAction” = 0 “DefaultInboundAction” = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] “DisableNotifications” = 0 “EnableFirewall” = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] “DisableNotifications” = 0 “EnableFirewall” = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] “{014E482A-0C27-47E3-BA82-307E9DCA2F47}” = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 “{034106B5-54B7-467F-B477-5B7DBB492624}” = Microsoft Sync Framework Services v1.0 SP1 (x64) “{0826F9E4-787E-481D-83E0-BC6A57B056D5}” = Microsoft SQL Server VSS Writer “{0F37D969-1260-419E-B308-EF7D29ABDE20}” = Web Deployment Tool “{180C8888-50F1-426B-A9DC-AB83A1989C65}” = Windows Live Language Selector “{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}” = Microsoft Team Foundation Server 2010 Object Model - ENU “{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}” = Windows Live ID Sign-in Assistant “{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}” = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) “{1D8E6291-B0D5-35EC-8441-6616F567A0F7}” = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 “{1E9FC118-651D-4934-97BE-E53CAE5C7D45}” = Microsoft_VC80_MFCLOC_x86_x64 “{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}” = Sql Server Customer Experience Improvement Program “{377672F0-6B8A-467D-8DDC-79338BCCD531}” = 64 Bit HP CIO Components Installer “{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}” = Microsoft_VC80_CRT_x86_x64 “{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}” = Microsoft SQL Server System CLR Types (x64) “{5340A3B5-3853-4745-BED2-DD9FF5371331}” = Microsoft SQL Server 2008 Common Files “{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}” = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 “{662014D2-0450-37ED-ABAE-157C88127BEB}” = Visual Studio 2010 Prerequisites - English “{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1” = Revo Uninstaller Pro 2.5.7 “{690285C2-2481-44FB-8402-162EA970A6DD}” = Logitech Gaming Software 8.00 “{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}” = Network64 “{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}” = Microsoft SQL Server 2008 RsFx Driver “{7D088FD6-67B8-4186-947C-5FB4CC7227B5}” = O&O Defrag Professional “{8220EEFE-38CD-377E-8595-13398D740ACE}” = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 “{8438EC02-B8A9-462D-AC72-1B521349C001}” = Microsoft Sync Framework Runtime v1.0 SP1 (x64) “{8557397C-A42D-486F-97B3-A2CBC2372593}” = Microsoft_VC90_ATL_x86_x64 “{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}” = Microsoft SQL Server 2008 Common Files “{8E34682C-8118-31F1-BC4C-98CD9675E1C2}” = Microsoft .NET Framework 4 Extended “{90140000-002A-0000-1000-0000000FF1CE}” = Microsoft Office Office 64-bit Components 2010 “{90140000-002A-0409-1000-0000000FF1CE}” = Microsoft Office Shared 64-bit MUI (English) 2010 “{90140000-0116-0409-1000-0000000FF1CE}” = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 “{925D058B-564A-443A-B4B2-7E90C6432E55}” = Microsoft_VC80_ATL_x86_x64 “{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}” = Microsoft_VC90_CRT_x86_x64 “{94D70749-4281-39AC-AD90-B56A0E0A402E}” = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 “{95120000-00B9-0409-1000-0000000FF1CE}” = Microsoft Application Error Reporting “{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}” = Microsoft_VC90_MFC_x86_x64 “{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision” = NVIDIA 3D Vision Driver 285.62 “{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel” = NVIDIA Control Panel 285.62 “{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver” = NVIDIA Graphics Driver 285.62 “{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB” = NVIDIA 3D Vision Controller Driver 285.62 “{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX” = NVIDIA PhysX System Software 9.11.0621 “{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update” = NVIDIA Update 1.5.20 “{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver” = NVIDIA HD Audio Driver 1.2.24.0 “{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer” = NVIDIA Install Application “{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update” = NVIDIA Update Components “{B40EE88B-400A-4266-A17B-E3DE64E94431}” = Microsoft SQL Server 2008 Setup Support Files “{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}” = Microsoft SQL Server 2008 Native Client “{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}” = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) “{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}” = Microsoft_VC80_MFC_x86_x64 “{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}” = Microsoft SQL Server 2008 Database Engine Shared “{CE47BA54-78AC-409F-9151-BDF5BE15A804}” = Network64 “{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}” = Microsoft SQL Server Compact 3.5 SP2 x64 ENU “{DA54F80E-261C-41A2-A855-549A144F2F59}” = Windows Live MIME IFilter “{DA67488A-2689-4F10-B90F-D2F6977509D6}” = Microsoft SQL Server 2008 R2 Management Objects (x64) “{DF167CE3-60E7-44EA-99EC-2507C51F37AE}” = Microsoft SQL Server 2008 Database Engine Shared “{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}” = Ventrilo Client for Windows x64 “{F5079164-1DB9-3BDA-853B-F78AF67CE071}” = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 “{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}” = Microsoft .NET Framework 4 Client Profile “{FA7394B8-CE65-4F9E-AC99-F372AD365424}” = Microsoft SQL Server 2008 Database Engine Services “{FBD367D1-642F-47CF-B79B-9BE48FB34007}” = Microsoft SQL Server 2008 Database Engine Services “{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}” = Microsoft Help Viewer 1.0 “Adobe Flash Player Plugin” = Adobe Flash Player 11 Plugin 64-bit “CCleaner” = CCleaner “C-Media CM108 Like Sound Driver” = SteelSeries USB Soundcard v1.20 “HP Imaging Device Functions” = HP Imaging Device Functions 14.0 “HP Smart Web Printing” = HP Smart Web Printing 4.60 “HP Solution Center & Imaging Support Tools” = HP Solution Center 14.0 “HPExtendedCapabilities” = HP Customer Participation Program 14.0 “Microsoft .NET Framework 4 Client Profile” = Microsoft .NET Framework 4 Client Profile “Microsoft .NET Framework 4 Extended” = Microsoft .NET Framework 4 Extended “Microsoft Help Viewer 1.0” = Microsoft Help Viewer 1.0 “Microsoft SQL Server 10” = Microsoft SQL Server 2008 (64-bit) “Microsoft SQL Server 10 Release” = Microsoft SQL Server 2008 (64-bit) “Microsoft Team Foundation Server 2010 Object Model - ENU” = Microsoft Team Foundation Server 2010 Object Model - ENU “Microsoft Visual Studio 2010 Tools for Office Runtime (x64)” = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) “Shop for HP Supplies” = Shop for HP Supplies “WinRAR archiver” = WinRAR 4.00 beta 4 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] “{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}” = Microsoft_VC90_ATL_x86 “{048298C9-A4D3-490B-9FF9-AB023A9238F3}” = Steam “{05D08C4D-58A2-438B-A419-EE994E64E15D}” = B110 “{08D2E121-7F6A-43EB-97FD-629B44903403}” = Microsoft_VC90_CRT_x86 “{0B0F231F-CE6A-483D-AA23-77B364F75917}” = Windows Live Installer “{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}” = Adobe Community Help “{0DDCEC37-369C-484B-B16D-B4413FD42FB9}” = Microsoft SQL Server 2008 R2 Data-Tier Application Framework “{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}” = Microsoft Sync Framework SDK v1.0 SP1 “{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}” = Microsoft_VC80_ATL_x86 “{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}” = Scan “{112C23F2-C036-4D40-BED4-0CB47BF5555C}” = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU “{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1” = Deus Ex - Human Revolution version 1.0 “{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}” = DeviceDiscovery “{14DD7530-CCD2-3798-B37D-3839ED6A441C}” = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools “{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}” = HPProductAssistant “{1803A630-3C38-4D2B-9B9A-0CB37243539C}” = Microsoft ASP.NET MVC 2 “{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 “{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}” = Junk Mail filter update “{200FEC62-3C34-4D60-9CE8-EC372E01C08F}” = Windows Live SOXE Definitions “{2012098D-EEE9-4769-8DD3-B038050854D4}” = Microsoft Silverlight 3 SDK “{26A24AE4-039D-4CA4-87B4-2F83216030FF}” = Java(TM) 6 Update 30 “{288DB08D-0708-4A94-B055-55B99E39EB62}” = Adobe Creative Suite 5 Master Collection “{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}” = Google Earth Plug-in “{2A2F3AE8-246A-4252-BB26-1BEB45627074}” = Microsoft SQL Server System CLR Types “{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}” = Windows Live Messenger “{2FB9EA69-51D4-4913-9AD5-762C034DE811}” = Status “{3A9FC03D-C685-4831-94CF-4EDFD3749497}” = Microsoft SQL Server Compact 3.5 SP2 ENU “{40416836-56CC-4C0E-A6AF-5C34BADCE483}” = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools “{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater “{4CB0307C-565E-4441-86BE-0DF2E4FB828C}” = Microsoft Games for Windows Marketplace “{4E968D9C-21A7-4915-B698-F7AEB913541D}” = Microsoft SQL Server 2008 R2 Management Objects “{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}” = HPAppStudio “{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}” = Windows Live UX Platform Language Pack “{5A336D74-E680-4986-96F4-E9CEBC784F56}” = Naga Firmware Updater 1.13 “{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}” = Google Talk Plugin “{612C34C7-5E90-47D8-9B5C-0F717DD82726}” = swMSM “{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}” = Microsoft_VC90_MFC_x86 “{682B3E4F-696A-42DE-A41C-4C07EA1678B4}” = Windows Live SOXE “{6A86554B-8928-30E4-A53C-D7337689134D}” = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 “{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}” = Microsoft Visual Studio Macro Tools “{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable “{7299052b-02a4-4627-81f2-1818da5d550d}” = Microsoft Visual C++ 2005 Redistributable “{729A3000-BC8A-3B74-BA5D-5068FE12D70C}” = Microsoft Visual F# 2.0 Runtime “{74DC0593-6BC6-4001-AD5F-D810AFB68D86}” = HP Update “{76285C16-411A-488A-BCE3-C83CB933D8CF}” = Battlefield 3™ “{78C3657E-742C-40B1-9F53-E5A921D40F17}” = Microsoft SQL Server 2008 R2 Transact-SQL Language Service “{7BE15435-2D3E-4B58-867F-9C75BED0208C}” = QuickTime “{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}” = NVIDIA PhysX “{837b34e3-7c30-493c-8f6a-2b0f04e2912c}” = Microsoft Visual C++ 2005 Redistributable “{83C292B7-38A5-440B-A731-07070E81A64F}” = Windows Live PIMT Platform “{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight “{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}” = MSVCRT “{8E4B1BE8-DCF3-4B90-A726-B28107442623}” = SolutionCenter “{8EE94FD8-5F52-4463-A340-185D16328158}” = WebReg “{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}” = SmartWebPrinting “{90120000-0020-0409-0000-0000000FF1CE}” = Compatibility Pack for the 2007 Office system “{90140000-0011-0000-0000-0000000FF1CE}” = Microsoft Office Professional Plus 2010 “{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}” = “{90140000-0015-0409-0000-0000000FF1CE}” = Microsoft Office Access MUI (English) 2010 “{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-0016-0409-0000-0000000FF1CE}” = Microsoft Office Excel MUI (English) 2010 “{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-0018-0409-0000-0000000FF1CE}” = Microsoft Office PowerPoint MUI (English) 2010 “{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-0019-0409-0000-0000000FF1CE}” = Microsoft Office Publisher MUI (English) 2010 “{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-001A-0409-0000-0000000FF1CE}” = Microsoft Office Outlook MUI (English) 2010 “{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-001B-0409-0000-0000000FF1CE}” = Microsoft Office Word MUI (English) 2010 “{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-001F-0409-0000-0000000FF1CE}” = Microsoft Office Proof (English) 2010 “{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-001F-040C-0000-0000000FF1CE}” = Microsoft Office Proof (French) 2010 “{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-001F-0C0A-0000-0000000FF1CE}” = Microsoft Office Proof (Spanish) 2010 “{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-002C-0409-0000-0000000FF1CE}” = Microsoft Office Proofing (English) 2010 “{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-0044-0409-0000-0000000FF1CE}” = Microsoft Office InfoPath MUI (English) 2010 “{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-006E-0409-0000-0000000FF1CE}” = Microsoft Office Shared MUI (English) 2010 “{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-00A1-0409-0000-0000000FF1CE}” = Microsoft Office OneNote MUI (English) 2010 “{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-00BA-0409-0000-0000000FF1CE}” = Microsoft Office Groove MUI (English) 2010 “{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-0115-0409-0000-0000000FF1CE}” = Microsoft Office Shared Setup Metadata MUI (English) 2010 “{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-0117-0409-0000-0000000FF1CE}” = Microsoft Office Access Setup Metadata MUI (English) 2010 “{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}” = Microsoft Office 2010 Service Pack 1 (SP1) “{90140000-2005-0000-0000-0000000FF1CE}” = Microsoft Office File Validation Add-In “{92606477-9366-4D3B-8AE3-6BE4B29727AB}” = League of Legends “{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}” = Microsoft_VC80_CRT_x86 “{95120000-00B9-0409-0000-0000000FF1CE}” = Microsoft Application Error Reporting “{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 “{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 “{9D56775A-93F3-44A3-8092-840E3826DE30}” = Windows Live Mail “{A78FE97A-C0C8-49CE-89D0-EDD524A17392}” = PDF Settings CS5 “{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper “{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}” = Windows Live Photo Common “{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}” = HPSSupply “{AC76BA86-7AD7-1033-7B44-AA1000000001}” = Adobe Reader X (10.1.1) “{ACE28263-76A4-4BF5-B6F4-8BD719595969}” = Microsoft SQL Server Database Publishing Wizard 1.4 “{B6CF2967-C81E-40C0-9815-C05774FEF120}” = Skype Click to Call “{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}” = The Sims™ 3 Verdenseventyr “{BB3447F6-9553-4AA9-960E-0DB5310C5779}” = GPBaseService2 “{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}” = Toolbox “{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}” = Destinations “{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}” = The Sims™ 3 “{C66824E4-CBB3-4851-BB3F-E8CFD6350923}” = Windows Live Mail “{C688457E-03FD-4941-923B-A27F4D42A7DD}” = Microsoft SQL Server 2008 Browser “{CAE4213F-F797-439D-BD9E-79B71D115BE3}” = HPPhotoGadget “{CD31E63D-47FD-491C-8117-CF201D0AFAB5}” = TrayApp “{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}” = Windows Live UX Platform “{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}” = Microsoft .NET Framework 4 Multi-Targeting Pack “{D0B44725-3666-492D-BEF6-587A14BD9BD9}” = MSVCRT_amd64 “{D1A19B02-817E-4296-A45B-07853FD74D57}” = Microsoft_VC80_MFC_x86 “{D360FA88-17C8-4F14-B67F-13AAF9607B12}” = MarketResearch “{D436F577-1695-4D2F-8B44-AC76C99E0002}” = Windows Live Photo Common “{D45240D3-B6B3-4FF9-B243-54ECE3E10066}” = Windows Live Communications Platform “{D7BF9739-8A68-4335-BBEE-37752AD9E86B}” = NEC Electronics USB 3.0 Host Controller Driver “{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}” = Microsoft_VC80_MFCLOC_x86 “{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}” = Windows Live Writer Resources “{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}” = Adobe Media Player “{E09C4DB7-630C-4F06-A631-8EA7239923AF}” = D3DX10 “{E3E71D07-CD27-46CB-8448-16D4FB29AA13}” = Microsoft WSE 3.0 Runtime “{E517094C-06B6-419F-8FFD-EF4F57972130}” = QuickTransfer “{E5AE9031-79A5-4627-9641-BEFA82819B08}” = Microsoft SQL Server 2008 R2 Data-Tier Application Project “{E5B21F11-6933-4E0B-A25C-7963E3C07D11}” = Windows Live Messenger “{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}” = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 “{F2508213-9989-4E85-A078-72BE483917EF}” = Microsoft Games for Windows - LIVE Redistributable “{F88E2E04-7EF5-488C-8E38-C94EB808458E}” = PS_AIO_07_B110_SW_Min “{FA0FF682-CC70-4C57-93CD-E276F3E7537E}” = BufferChm “{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}” = Windows Live Essentials “{FE23D063-934D-4829-A0D8-00634CE79B4A}” = Adobe AIR “{AA59DDE4-B672-4621-A016-4C248204957A}” = Skype™ 5.5 “{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}” = Windows Live Writer “1489-3350-5074-6281” = JDownloader 0.9 “Adobe AIR” = Adobe AIR “Adobe Flash Player ActiveX” = Adobe Flash Player 10 ActiveX “Adobe Shockwave Player” = Adobe Shockwave Player 11.6 “Battlelog Web Plugins” = Battlelog Web Plugins “chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1” = Adobe Community Help “com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1” = Adobe Media Player “Diablo II” = Diablo II “ESN Sonar-0.70.0” = ESN Sonar “ESN Sonar-0.70.4” = ESN Sonar “FileZilla Client” = FileZilla Client 3.5.0 “Fraps” = Fraps (remove only) “Google Calendar Sync” = Google Calendar Sync “HijackThis” = HijackThis 2.0.2 “InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}” = NEC Electronics USB 3.0 Host Controller Driver “Magic The Gathering - Duels of the Planeswalkers 2012_is1” = Magic The Gathering - Duels of the Planeswalkers 2012 “Malwarebytes’ Anti-Malware_is1” = Malwarebytes’ Anti-Malware version 1.51.2.1300 “Microsoft Visual Studio Macro Tools” = Microsoft Visual Studio Macro Tools “Mozilla Firefox 9.0 (x86 da)” = Mozilla Firefox 9.0 (x86 da) “N360” = Norton 360 “NVIDIA StereoUSB Driver” = NVIDIA 3D Vision Controller Driver “NVIDIAStereo” = NVIDIA Stereoscopic 3D Driver “Office14.PROPLUS” = Microsoft Office Professional Plus 2010 “Origin” = Origin “PunkBusterSvc” = PunkBuster Services “Registry Mechanic_is1” = PC Tools Registry Mechanic 11.0 “Secunia PSI” = Secunia PSI (2.0.0.4003) “Steam App 10” = Counter-Strike “Steam App 42710” = Call of Duty: Black Ops - Multiplayer “Steam App 440” = Team Fortress 2 “Steam App 72850” = The Elder Scrolls V: Skyrim “Steam App 91310” = Dead Island “VLC media player” = VLC media player 1.1.11 “Warcraft III” = Warcraft III “WinLiveSuite” = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3378476827-1488579091-87155459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] “090215de958f1060” = Curse Client “Google Chrome” = Google Chrome “Spotify” = Spotify ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 19-12-2011 12:25:57 \| Computer Name = NicolaiNielsen \| Source = SideBySide \| ID = 16842824 Description = Activation context generation failed for “c:\program files\microsoft security client\MSESysprep.dll”.Error in manifest or policy file “c:\program files\microsoft security client\MSESysprep.dll” on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error - 19-12-2011 12:26:04 \| Computer Name = NicolaiNielsen \| Source = SideBySide \| ID = 16842815 Description = Activation context generation failed for “c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll”.Error in manifest or policy file “c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll” on line 3. The value “MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR” of attribute “version” in element “assemblyIdentity” is invalid. Error - 21-12-2011 08:32:44 \| Computer Name = NicolaiNielsen \| Source = Application Hang \| ID = 1002 Description = The program OUTLOOK.EXE version 14.0.6109.5005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 168c Start Time: 01ccbfb1a2f4c574 Termination Time: 33 Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Report Id: db879f41-2bcf-11e1-a2f6-20cf306136cb Error - 21-12-2011 08:48:29 \| Computer Name = NicolaiNielsen \| Source = VSS \| ID = 8194 Description = Error - 21-12-2011 09:12:27 \| Computer Name = NicolaiNielsen \| Source = SideBySide \| ID = 16842832 Description = Activation context generation failed for “C:\Users\Nicolai Nielsen\Downloads\esetsmartinstaller_enu.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 21-12-2011 09:26:57 \| Computer Name = NicolaiNielsen \| Source = SideBySide \| ID = 16842832 Description = Activation context generation failed for “C:\Users\Nicolai Nielsen\Downloads\esetsmartinstaller_enu.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 21-12-2011 09:51:22 \| Computer Name = NicolaiNielsen \| Source = SideBySide \| ID = 16842832 Description = Activation context generation failed for “C:\Users\Nicolai Nielsen\Downloads\esetsmartinstaller_enu.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 21-12-2011 10:28:50 \| Computer Name = NicolaiNielsen \| Source = Microsoft-Windows-RestartManager \| ID = 10007 Description = Application or service ‘Apple Mobile Device’ could not be restarted. Error - 21-12-2011 11:45:55 \| Computer Name = NicolaiNielsen \| Source = SideBySide \| ID = 16842827 Description = Activation context generation failed for “C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe”.Error in manifest or policy file “C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe” on line 2. Multiple requestedPrivileges elements are not allowed in manifest. Error - 21-12-2011 11:46:20 \| Computer Name = NicolaiNielsen \| Source = SideBySide \| ID = 16842832 Description = Activation context generation failed for “c:\Users\nicolai nielsen\downloads\esetsmartinstaller_enu.exe”.Error in manifest or policy file “” on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. [ System Events ] Error - 24-09-2011 07:30:54 \| Computer Name = NicolaiNielsen \| Source = Service Control Manager \| ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: V Error - 24-09-2011 07:30:57 \| Computer Name = NicolaiNielsen \| Source = Service Control Manager \| ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: V Error - 24-09-2011 07:30:57 \| Computer Name = NicolaiNielsen \| Source = Service Control Manager \| ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: V Error - 24-09-2011 07:31:54 \| Computer Name = NicolaiNielsen \| Source = Service Control Manager \| ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: V Error - 24-09-2011 07:31:57 \| Computer Name = NicolaiNielsen \| Source = Service Control Manager \| ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: V Error - 24-09-2011 07:31:57 \| Computer Name = NicolaiNielsen \| Source = Service Control Manager \| ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: V Error - 25-09-2011 03:45:26 \| Computer Name = NicolaiNielsen \| Source = Disk \| ID = 262151 Description = The device, \Device\Harddisk1\DR1, has a bad block. Error - 25-09-2011 03:48:51 \| Computer Name = NicolaiNielsen \| Source = Disk \| ID = 262151 Description = The device, \Device\Harddisk1\DR1, has a bad block. Error - 26-09-2011 05:30:28 \| Computer Name = NicolaiNielsen \| Source = Disk \| ID = 262151 Description = The device, \Device\Harddisk1\DR1, has a bad block. Error - 26-09-2011 05:33:36 \| Computer Name = NicolaiNielsen \| Source = Disk \| ID = 262151 Description = The device, \Device\Harddisk1\DR1, has a bad block. < End of report >
[ Ignorer ] [ # 4 ] NicolaiNN
22.12.2011 18:50:31 Antal indlæg: 28	OTL logfile created on: 22-12-2011 17:43:47 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nicolai Nielsen\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 5,99 Gb Total Physical Memory \| 3,98 Gb Available Physical Memory \| 66,45% Memory free 11,98 Gb Paging File \| 9,78 Gb Available in Paging File \| 81,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 93,09 Gb Total Space \| 12,44 Gb Free Space \| 13,37% Space Free \| Partition Type: NTFS Drive D: \| 69,25 Gb Total Space \| 15,52 Gb Free Space \| 22,41% Space Free \| Partition Type: NTFS Drive E: \| 931,51 Gb Total Space \| 592,51 Gb Free Space \| 63,61% Space Free \| Partition Type: NTFS Drive F: \| 279,46 Gb Total Space \| 145,98 Gb Free Space \| 52,24% Space Free \| Partition Type: NTFS Drive G: \| 372,61 Gb Total Space \| 208,36 Gb Free Space \| 55,92% Space Free \| Partition Type: NTFS Drive I: \| 1,87 Gb Total Space \| 1,40 Gb Free Space \| 75,00% Space Free \| Partition Type: FAT Computer Name: NICOLAINIELSEN \| User Name: Nicolai Nielsen \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011-12-22 17:42:21 \| 000,584,192 \|——\| M] (OldTimer Tools)—C:\Users\Nicolai Nielsen\Downloads\OTL.exe PRC - [2011-12-21 15:34:55 \| 000,924,632 \|——\| M] (Mozilla Corporation)—C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011-12-12 14:06:58 \| 000,103,896 \|——\| M] (PC Tools)—C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2011-11-26 12:41:28 \| 000,075,136 \|——\| M] ()—C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011-10-15 09:53:00 \| 002,253,120 \|——\| M] (NVIDIA Corporation)—C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-10-14 23:54:40 \| 000,381,248 \|——\| M] (NVIDIA Corporation)—C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011-10-14 07:01:50 \| 000,994,360 \|——\| M] (Secunia)—C:\Program Files (x86)\Secunia\PSI\psia.exe PRC - [2011-10-14 07:01:48 \| 000,399,416 \|——\| M] (Secunia)—C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011-10-14 07:01:46 \| 000,291,896 \|——\| M] (Secunia)—C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2011-09-04 15:09:22 \| 001,242,448 \|——\| M] (Valve Corporation)—F:\Steam\Steam.exe PRC - [2011-07-27 13:57:16 \| 000,522,824 \|——\| M] (Logitech Inc.)—C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x86\LCDMedia.exe PRC - [2011-06-06 12:55:28 \| 000,064,952 \|——\| M] (Adobe Systems Incorporated)—C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-04-17 01:45:11 \| 000,130,008 \| R—- \| M] (Symantec Corporation)—C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe PRC - [2011-04-08 13:50:02 \| 000,542,264 \|——\| M] (Google)—C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe PRC - [2010-11-20 13:17:56 \| 000,164,864 \|——\| M] (Microsoft Corporation)—C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010-01-22 11:29:40 \| 000,106,496 \|——\| M] (NEC Electronics Corporation)—C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ========== Modules (No Company Name) ========== MOD - [2011-12-21 15:34:55 \| 002,124,760 \|——\| M] ()—C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011-12-09 17:16:26 \| 014,410,024 \|——\| M] ()—F:\Steam\bin\libcef.dll MOD - [2011-12-09 17:16:26 \| 000,914,216 \|——\| M] ()—F:\Steam\bin\avcodec-52.dll MOD - [2011-12-09 17:16:26 \| 000,194,344 \|——\| M] ()—F:\Steam\bin\chromehtml.dll MOD - [2011-12-09 17:16:26 \| 000,155,432 \|——\| M] ()—F:\Steam\bin\avformat-52.dll MOD - [2011-12-09 17:16:26 \| 000,091,432 \|——\| M] ()—F:\Steam\bin\avutil-50.dll MOD - [2011-10-14 23:54:26 \| 000,265,536 \|——\| M] ()—C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011-03-17 00:11:16 \| 004,297,568 \|——\| M] ()—C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010-12-21 01:15:30 \| 001,041,248 \|——\| M] ()—C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010-10-20 16:08:14 \| 000,122,720 \|——\| M] ()—C:\Program Files (x86)\Microsoft Office\Office14\OUTLCTL.DLL MOD - [2010-10-20 15:45:26 \| 008,801,120 \|——\| M] ()—C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011-06-29 16:25:12 \| 003,246,920 \|——\| M] (O&O Software GmbH) [Auto \| Running]—C:\Program Files\OO Software\Defrag\oodag.exe—(OODefragAgent) SRV:64bit: - [2009-07-14 02:41:27 \| 001,011,712 \|——\| M] (Microsoft Corporation) [Auto \| Running]—C:\Program Files\Windows Defender\MpSvc.dll—(WinDefend) SRV:64bit: - [2009-07-14 02:40:01 \| 000,193,536 \|——\| M] (Microsoft Corporation) [On_Demand \| Stopped]—C:\Windows\SysNative\appmgmts.dll—(AppMgmt) SRV - [2011-12-12 14:07:00 \| 000,793,048 \|——\| M] (PC Tools) [Disabled \| Stopped]—C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe—(PCToolsSSDMonitorSvc) SRV - [2011-11-26 12:41:28 \| 000,075,136 \|——\| M] () [Auto \| Running]—C:\Windows\SysWOW64\PnkBstrA.exe—(PnkBstrA) SRV - [2011-10-15 09:53:00 \| 002,253,120 \|——\| M] (NVIDIA Corporation) [Auto \| Running]—C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe—(nvUpdatusService) SRV - [2011-10-14 23:54:40 \| 000,381,248 \|——\| M] (NVIDIA Corporation) [Auto \| Running]—C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe—(Stereo Service) SRV - [2011-10-14 07:01:50 \| 000,994,360 \|——\| M] (Secunia) [Auto \| Running]—C:\Program Files (x86)\Secunia\PSI\PSIA.exe—(Secunia PSI Agent) SRV - [2011-10-14 07:01:48 \| 000,399,416 \|——\| M] (Secunia) [Auto \| Running]—C:\Program Files (x86)\Secunia\PSI\sua.exe—(Secunia Update Agent) SRV - [2011-06-06 12:55:28 \| 000,064,952 \|——\| M] (Adobe Systems Incorporated) [Auto \| Running]—C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe—(AdobeARMservice) SRV - [2011-04-17 01:45:11 \| 000,130,008 \| R—- \| M] (Symantec Corporation) [Unknown \| Running]—C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe—(N360) SRV - [2011-03-16 09:42:06 \| 000,407,336 \|——\| M] (Valve Corporation) [On_Demand \| Stopped]—C:\Program Files (x86)\Common Files\Steam\SteamService.exe—(Steam Client Service) SRV - [2010-10-22 12:08:18 \| 001,039,360 \|——\| M] (Hewlett-Packard Co.) [Auto \| Running]—C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL—(HPSLPSVC) SRV - [2010-03-18 12:16:28 \| 000,130,384 \|——\| M] (Microsoft Corporation) [Auto \| Stopped]—C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe—(clr_optimization_v4.0.30319_32) SRV - [2010-02-19 12:37:14 \| 000,517,096 \|——\| M] (Adobe Systems Incorporated) [On_Demand \| Stopped]—C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe—(SwitchBoard) SRV - [2009-06-10 22:23:09 \| 000,066,384 \|——\| M] (Microsoft Corporation) [Disabled \| Stopped]—C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe—(clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011-12-21 14:52:15 \| 000,174,200 \|——\| M] (Symantec Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS—(SymEvent) DRV:64bit: - [2011-07-27 13:57:17 \| 000,022,408 \|——\| M] (Logitech Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\LGBusEnum.sys—(LGBusEnum) DRV:64bit: - [2011-07-27 13:57:17 \| 000,016,008 \|——\| M] (Logitech Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\LGVirHid.sys—(LGVirHid) DRV:64bit: - [2011-07-08 00:21:28 \| 000,174,184 \|——\| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\nvhda64v.sys—(NVHDA) DRV:64bit: - [2011-05-10 07:06:08 \| 000,051,712 \|——\| M] (Apple, Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\usbaapl64.sys—(USBAAPL64) DRV:64bit: - [2011-03-31 14:01:50 \| 000,126,464 \|——\| M] (Razer USA Ltd) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\RzSynapse.sys—(RzSynapse) DRV:64bit: - [2011-03-31 04:00:09 \| 000,744,568 \|——\| M] (Symantec Corporation) [File_System \| System \| Running]—C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys—(SRTSP) DRV:64bit: - [2011-03-31 04:00:09 \| 000,040,568 \|——\| M] (Symantec Corporation) [Kernel \| System \| Running]—C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys—(SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011-03-22 01:39:49 \| 000,382,584 \|——\| M] (Symantec Corporation) [Kernel \| System \| Running]—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys—(SymNetS) DRV:64bit: - [2011-03-21 12:22:06 \| 000,452,200 \|——\| M] (Realtek ) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\Rt64win7.sys—(RTL8167) DRV:64bit: - [2011-03-15 03:31:23 \| 000,912,504 \|——\| M] (Symantec Corporation) [File_System \| Boot \| Running]—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys—(SymEFA) DRV:64bit: - [2011-03-11 07:41:12 \| 000,107,904 \|——\| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\amdsata.sys—(amdsata) DRV:64bit: - [2011-03-11 07:41:12 \| 000,027,008 \|——\| M] (Advanced Micro Devices) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\amdxata.sys—(amdxata) DRV:64bit: - [2011-01-27 07:47:10 \| 000,450,680 \|——\| M] (Symantec Corporation) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys—(SymDS) DRV:64bit: - [2010-11-20 14:33:35 \| 000,078,720 \|——\| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\HpSAMD.sys—(HpSAMD) DRV:64bit: - [2010-11-20 12:07:05 \| 000,059,392 \|——\| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\TsUsbFlt.sys—(TsUsbFlt) DRV:64bit: - [2010-11-20 12:03:42 \| 000,020,992 \|——\| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\rdpvideominiport.sys—(RdpVideoMiniport) DRV:64bit: - [2010-11-16 02:45:33 \| 000,171,128 \| R—- \| M] (Symantec Corporation) [Kernel \| System \| Running]—C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys—(SymIRON) DRV:64bit: - [2010-09-01 09:30:58 \| 000,017,976 \|——\| M] (Secunia) [File_System \| On_Demand \| Running]—C:\Windows\SysNative\drivers\psi_mf.sys—(PSI) DRV:64bit: - [2010-08-21 05:59:12 \| 000,034,152 \|——\| M] (GEAR Software Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\GEARAspiWDM.sys—(GEARAspiWDM) DRV:64bit: - [2010-04-14 00:08:04 \| 000,022,568 \|——\| M] (Silicon Image, Inc.) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\SiWinAcc.sys—(SiFilter) DRV:64bit: - [2010-04-14 00:08:04 \| 000,016,936 \|——\| M] (Silicon Image, Inc.) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\SiRemFil.sys—(SiRemFil) DRV:64bit: - [2010-04-14 00:08:00 \| 000,340,008 \|——\| M] (Silicon Image, Inc) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\Si3124r5.sys—(Si3124r5) DRV:64bit: - [2010-01-22 11:22:22 \| 000,180,224 \|——\| M] (NEC Electronics Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\nusb3xhc.sys—(nusb3xhc) DRV:64bit: - [2010-01-22 11:22:18 \| 000,077,824 \|——\| M] (NEC Electronics Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\nusb3hub.sys—(nusb3hub) DRV:64bit: - [2009-12-30 10:21:26 \| 000,031,800 \|——\| M] (VS Revo Group) [File_System \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\revoflt.sys—(Revoflt) DRV:64bit: - [2009-12-22 00:54:00 \| 001,308,160 \|——\| M] (C-Media Electronics Inc) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\CM10864.sys—(USBPNPA) DRV:64bit: - [2009-09-30 03:04:54 \| 001,307,648 \|——\| M] (C-Media Electronics Inc) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\CM10664.sys—(USBMULCD) DRV:64bit: - [2009-07-14 02:52:20 \| 000,194,128 \|——\| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\amdsbs.sys—(amdsbs) DRV:64bit: - [2009-07-14 02:48:04 \| 000,065,600 \|——\| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\lsi_sas2.sys—(LSI_SAS2) DRV:64bit: - [2009-07-14 02:45:55 \| 000,024,656 \|——\| M] (Promise Technology) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\stexstor.sys—(stexstor) DRV:64bit: - [2009-06-10 21:34:33 \| 003,286,016 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\evbda.sys—(ebdrv) DRV:64bit: - [2009-06-10 21:34:28 \| 000,468,480 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\bxvbda.sys—(b06bdrv) DRV:64bit: - [2009-06-10 21:34:23 \| 000,270,848 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\b57nd60a.sys—(b57nd60a) DRV:64bit: - [2009-06-10 21:31:59 \| 000,031,232 \|——\| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\hcw85cir.sys—(hcw85cir) DRV:64bit: - [2009-03-18 16:35:42 \| 000,033,856 \| -H—\| M] (LogMeIn, Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\hamachi.sys—(hamachi) DRV:64bit: - [2005-03-29 00:30:38 \| 000,008,192 \|——\| M] () [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\ASACPI.sys—(MTsensor) DRV - [2011-12-21 14:52:08 \| 002,048,632 \|——\| M] (Symantec Corporation) [Kernel \| On_Demand \| Running]—C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111221.034\EX64.SYS—(NAVEX15) DRV - [2011-12-21 14:52:08 \| 000,482,936 \|——\| M] (Symantec Corporation) [Kernel \| System \| Running]—C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys—(eeCtrl) DRV - [2011-12-21 14:52:08 \| 000,138,360 \|——\| M] (Symantec Corporation) [Kernel \| On_Demand \| Running]—C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys—(EraserUtilRebootDrv) DRV - [2011-12-21 14:52:08 \| 000,117,880 \|——\| M] (Symantec Corporation) [Kernel \| On_Demand \| Running]—C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111221.034\ENG64.SYS—(NAVENG) DRV - [2011-12-20 09:25:44 \| 000,488,568 \|——\| M] (Symantec Corporation) [Kernel \| System \| Running]—C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111220.001\IDSviA64.sys—(IDSVia64) DRV - [2011-12-10 02:24:18 \| 001,156,216 \|——\| M] (Symantec Corporation) [Kernel \| System \| Running]—C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111210.003\BHDrvx64.sys—(BHDrvx64) DRV - [2009-07-14 02:19:10 \| 000,019,008 \|——\| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped]—C:\Windows\SysWOW64\drivers\wimmount.sys—(WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\S-1-5-21-3378476827-1488579091-87155459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-21-3378476827-1488579091-87155459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\S-1-5-21-3378476827-1488579091-87155459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3378476827-1488579091-87155459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da-DK IE - HKU\S-1-5-21-3378476827-1488579091-87155459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 68 78 01 68 75 CC 01 [binary data] IE - HKU\S-1-5-21-3378476827-1488579091-87155459-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-21-3378476827-1488579091-87155459-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-21-3378476827-1488579091-87155459-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage ========== FireFox ========== FF - prefs.js..browser.startup.homepage: “http://www.google.dk/” FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-06-14 02:59:16 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011-12-21 18:48:09 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011-12-21 14:52:10 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-12-21 15:34:56 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-12-21 15:36:19 \| 000,000,000 \|—-D \| M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-06-14 02:59:16 \| 000,000,000 \|—-D \| M] [2011-05-29 18:59:27 \| 000,000,000 \|—-D \| M] (No name found)—C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\Extensions [2011-08-30 23:52:14 \| 000,000,000 \|—-D \| M] (No name found)—C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\Firefox\Profiles\zxsovoul.default\extensions [2011-08-30 23:52:14 \| 000,000,000 \|—-D \| M] (British English Dictionary)—C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\Firefox\Profiles\zxsovoul.default\extensions\en-GB@dictionaries.addons.mozilla.org [2011-12-21 15:34:57 \| 000,000,000 \|—-D \| M] (No name found)—C:\Program Files (x86)\Mozilla Firefox\extensions [2011-11-12 11:58:06 \| 000,000,000 \|—-D \| M] (Skype Click to Call)—C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-12-21 15:34:55 \| 000,121,816 \|——\| M] (Mozilla Foundation)—C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011-12-18 15:58:29 \| 000,476,904 \|——\| M] (Sun Microsystems, Inc.)—C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-10-18 16:03:04 \| 000,001,525 \|——\| M] ()—C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml [2011-10-18 16:03:04 \| 000,002,252 \|——\| M] ()—C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011-10-18 16:03:04 \| 000,001,178 \|——\| M] ()—C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie;={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl;={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nicolai Nielsen\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Nicolai Nielsen\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nicolai Nielsen\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Nicolai Nielsen\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2011-10-26 16:07:51 \| 000,002,288 \|——\| M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 21 more lines… O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3378476827-1488579091-87155459-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3378476827-1488579091-87155459-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKU\S-1-5-21-3378476827-1488579091-87155459-1000..\Run: [Steam] F:\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-3378476827-1488579091-87155459-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3378476827-1488579091-87155459-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Nicolai Nielsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3378476827-1488579091-87155459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra ‘Tools’ menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.233.224.20 85.233.228.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E3233CB-0336-46CB-A1B6-45BEB0634A97}: DhcpNameServer = 85.233.224.20 85.233.228.2 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk ) O34 - HKLM BootExecute: (OODBS) O35:64bit:* - HKLM\..comfile [open]—“%1” %* O35:64bit: - HKLM\..exefile [open]—“%1” %* O35 - HKLM\..comfile [open]—“%1” %* O35 - HKLM\..exefile [open]—“%1” %* O37:64bit: - HKLM\...com [@ = comfile]—“%1” %* O37:64bit: - HKLM\...exe [@ = exefile]—“%1” %* O37 - HKLM\...com [@ = comfile]—“%1” %* O37 - HKLM\...exe [@ = exefile]—“%1” %* CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011-12-21 18:46:07 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\NPE [2011-12-21 15:34:06 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011-12-21 15:29:59 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\Secunia PSI [2011-12-21 15:29:56 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Secunia [2011-12-21 14:52:14 \| 000,912,504 \|——\| C] (Symantec Corporation)—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys [2011-12-21 14:52:14 \| 000,744,568 \|——\| C] (Symantec Corporation)—C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys [2011-12-21 14:52:14 \| 000,450,680 \|——\| C] (Symantec Corporation)—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys [2011-12-21 14:52:14 \| 000,382,584 \|——\| C] (Symantec Corporation)—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys [2011-12-21 14:52:14 \| 000,171,128 \| R—- \| C] (Symantec Corporation)—C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys [2011-12-21 14:52:14 \| 000,040,568 \|——\| C] (Symantec Corporation)—C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys [2011-12-21 14:52:10 \| 000,000,000 \|—-D \| C]—C:\Windows\SysNative\drivers\N360x64\0501000.01D [2011-12-21 14:14:22 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\Desktop\New folder (2) [2011-12-21 13:32:56 \| 000,034,152 \|——\| C] (GEAR Software Inc.)—C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2011-12-21 13:32:55 \| 000,174,200 \|——\| C] (Symantec Corporation)—C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2011-12-21 13:32:55 \| 000,000,000 \|—-D \| C]—C:\Program Files\Common Files\Symantec Shared [2011-12-21 13:32:55 \| 000,000,000 \|—-D \| C]—C:\Program Files\Symantec [2011-12-21 13:32:33 \| 000,000,000 \|—-D \| C]—C:\Windows\SysNative\drivers\N360x64 [2011-12-21 13:32:29 \| 000,000,000 \| R—D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 [2011-12-21 13:32:29 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Norton 360 [2011-12-21 13:32:23 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\NortonInstaller [2011-12-21 12:48:12 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\Desktop\Norton 2011 Trial Reset v3.3.0 (NAV-NIS-N360) by BOX! [2011-12-21 12:47:59 \| 148,385,760 \|——\| C] (Symantec Corporation)—C:\Users\Nicolai Nielsen\Desktop\n360_5.0.0.125_symtb_tmd_loem_mrftt_226_5621.exe [2011-12-21 12:06:39 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\Desktop\New folder [2011-12-21 07:55:32 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{06AB31CE-887E-453A-B0C0-30B570804345} [2011-12-21 07:55:22 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{46D7FB4A-74A3-4740-96BF-52B1156583FF} [2011-12-20 19:54:59 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{F7243861-0833-4ED8-B6B2-906613818E59} [2011-12-20 19:54:49 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{A7D4F2AD-E02B-4719-B636-75C0F821A840} [2011-12-19 16:46:26 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{872E2C0A-6F49-45F8-8A65-A32FE8B4BB3A} [2011-12-19 16:46:17 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{1746C9C6-5BB8-40E1-98C2-948628ACB2BB} [2011-12-18 16:06:17 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Roaming\Registry Mechanic [2011-12-18 16:05:00 \| 001,101,824 \|——\| C] (Woodbury Associates Limited)—C:\Windows\SysWow64\UniBox210.ocx [2011-12-18 16:05:00 \| 000,880,640 \|——\| C] (Woodbury Associates Limited)—C:\Windows\SysWow64\UniBox10.ocx [2011-12-18 16:05:00 \| 000,658,432 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\MSCOMCT2.OCX [2011-12-18 16:05:00 \| 000,512,472 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\msxml.dll [2011-12-18 16:05:00 \| 000,212,992 \|——\| C] (Woodbury Associates Limited)—C:\Windows\SysWow64\UniBoxVB12.ocx [2011-12-18 16:05:00 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic [2011-12-18 16:04:47 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\PC Tools [2011-12-18 16:04:47 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Common Files\PC Tools [2011-12-18 16:00:03 \| 000,000,000 \|—-D \| C]—C:\ProgramData\TEMP [2011-12-18 16:00:00 \| 000,000,000 \|—-D \| C]—C:\ProgramData\PC Tools [2011-12-18 15:59:59 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Roaming\Product_RM [2011-12-18 15:58:39 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Common Files\Java [2011-12-18 15:58:32 \| 000,157,472 \|——\| C] (Sun Microsystems, Inc.)—C:\Windows\SysWow64\javaws.exe [2011-12-18 15:58:32 \| 000,149,280 \|——\| C] (Sun Microsystems, Inc.)—C:\Windows\SysWow64\javaw.exe [2011-12-18 15:58:32 \| 000,149,280 \|——\| C] (Sun Microsystems, Inc.)—C:\Windows\SysWow64\java.exe [2011-12-18 12:17:37 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\Documents\Electronic Arts [2011-12-18 12:03:49 \| 000,447,752 \|——\| C] (On2.com)—C:\Windows\SysWow64\vp6vfw.dll [2011-12-18 12:03:49 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Microsoft WSE [2011-12-18 10:31:34 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{772FAAF3-38B4-44CA-8DAD-BDFF6E26E188} [2011-12-18 10:31:24 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{2DE709AD-AAE5-4909-93CA-190BBA08FD5B} [2011-12-17 22:31:01 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{40F24583-EF6B-4074-BF6D-FE894327889E} [2011-12-17 22:30:52 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{4C633AD4-7530-44CE-912C-4291EF1CEFA9} [2011-12-17 10:30:29 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{0D970B06-A41D-4880-A48C-FA3202BDEB86} [2011-12-17 10:30:19 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{77525169-B85A-4E7F-A307-941DC1A87D6F} [2011-12-16 13:30:29 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B62301F4-BB79-49F0-A3FF-BEC0CD46BE08} [2011-12-16 13:30:19 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{101B4959-17F2-4CD0-B605-4D86FEEBDD68} [2011-12-15 12:10:42 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\Documents\My Curse [2011-12-15 12:10:17 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{91ADF158-36BC-452A-B5C8-72A67DE9E6CD} [2011-12-15 12:10:07 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B885A39E-FB6D-416A-9754-5A33F5ED3C2B} [2011-12-14 23:29:10 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{AC77B18F-AE17-481D-BF06-1D844BD1AA8D} [2011-12-14 23:29:00 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{14ACADA5-EEA3-4671-8504-C22242DED094} [2011-12-14 21:51:41 \| 000,000,000 \|—SD \| C]—C:\Users\Nicolai Nielsen\Documents\My Data Sources [2011-12-14 21:41:16 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\assembly [2011-12-14 21:36:08 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Roaming\Microsoft Corporation [2011-12-14 21:27:38 \| 000,078,872 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll [2011-12-14 21:27:38 \| 000,050,200 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll [2011-12-14 21:27:36 \| 000,111,640 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll [2011-12-14 21:27:36 \| 000,079,896 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll [2011-12-14 21:27:21 \| 000,000,000 \|—-D \| C]—C:\Windows\SysNative\RsFx [2011-12-14 21:27:03 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft Visual Studio 9.0 [2011-12-14 21:26:52 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft.NET [2011-12-14 21:26:29 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 [2011-12-14 21:25:38 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft SQL Server [2011-12-14 21:25:35 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Microsoft SQL Server [2011-12-14 21:25:30 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework [2011-12-14 21:25:28 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft Sync Framework [2011-12-14 21:25:26 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft Synchronization Services [2011-12-14 21:25:26 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft SQL Server Compact Edition [2011-12-14 21:24:38 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK [2011-12-14 21:24:09 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Microsoft ASP.NET [2011-12-14 21:24:08 \| 000,000,000 \|—-D \| C]—C:\Program Files\IIS [2011-12-14 21:24:08 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\IIS [2011-12-14 21:23:55 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\Documents\Visual Studio 2008 [2011-12-14 21:23:46 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\Documents\Visual Studio 2010 [2011-12-14 21:22:04 \| 000,000,000 \|—-D \| C]—C:\Windows\SysWow64\1033 [2011-12-14 21:20:56 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Microsoft Visual Studio 9.0 [2011-12-14 21:20:50 \| 000,000,000 \|—-D \| C]—C:\Windows\symbols [2011-12-14 21:20:50 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft Visual Studio 10.0 [2011-12-14 21:20:50 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Microsoft SDKs [2011-12-14 21:20:50 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft Help Viewer [2011-12-14 21:20:50 \| 000,000,000 \|—-D \| C]—C:\Windows\SysNative\1033 [2011-12-14 14:42:43 \| 000,096,256 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\mshtmled.dll [2011-12-14 14:42:43 \| 000,072,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\mshtmled.dll [2011-12-14 14:42:42 \| 000,237,056 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\url.dll [2011-12-14 14:42:42 \| 000,231,936 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\url.dll [2011-12-14 14:42:41 \| 001,427,456 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\inetcpl.cpl [2011-12-14 14:42:41 \| 000,248,320 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\ieui.dll [2011-12-14 14:42:41 \| 000,176,640 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\ieui.dll [2011-12-14 14:42:40 \| 002,309,120 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\jscript9.dll [2011-12-14 14:42:40 \| 001,493,504 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\inetcpl.cpl [2011-12-14 14:42:40 \| 000,818,688 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\jscript.dll [2011-12-14 14:42:40 \| 000,716,800 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\jscript.dll [2011-12-14 11:33:13 \| 000,723,456 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\EncDec.dll [2011-12-14 11:33:13 \| 000,534,528 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\EncDec.dll [2011-12-14 11:33:13 \| 000,043,520 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\csrsrv.dll [2011-12-14 11:28:37 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{5E741805-25BF-4B72-B7CA-6A10E4FE7F8A} [2011-12-14 11:28:27 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{BADADDE2-70B1-459D-A55F-4C19BE6416FB} [2011-12-13 14:10:45 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{0ACC6A9B-E4E7-4C84-A070-DDA985001A26} [2011-12-13 14:10:35 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{915AFA00-5644-41AB-AD03-A1F6E34225C8} [2011-12-12 13:39:07 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{A39A8347-D380-4077-A078-4B4538D44DC0} [2011-12-12 13:38:58 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{629A85F7-96EA-448E-9AF3-5E064F89F45B} [2011-12-11 14:52:03 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{5A4751DD-9B72-4635-8B85-EB2A4EE2268E} [2011-12-11 14:51:53 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{59269AFF-29C5-49EF-B653-A5110C83720A} [2011-12-10 16:22:12 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B1B73F8B-70B4-4639-BEBD-CFD51EBED0F0} [2011-12-10 16:22:03 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{E51CA023-F17B-4B2A-A7C7-60BC7A9B7DB1} [2011-12-09 13:40:38 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B182B1E4-B965-46E3-A93F-6183570A8746} [2011-12-09 13:40:29 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{0DD382BD-7490-4D64-9760-BF18788D6B16} [2011-12-08 16:06:26 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{BCFD0A71-94AE-45C2-AB74-49095BC7E8D6} [2011-12-08 16:06:17 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{5B3631C6-BFEB-4158-B2CE-03F3C15042E9} [2011-12-07 13:11:25 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{C23C3602-3D4B-4935-A532-A4BCEB0666FA} [2011-12-07 13:11:16 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B1703C23-E817-4C53-83E8-A4BE6E9217BB} [2011-12-06 10:55:58 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{8DD8EAB6-8CB0-4C4A-9EFA-3FF861188864} [2011-12-06 10:55:48 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{41FCEDD4-0372-4291-BABB-1AF271E14C20} [2011-12-05 15:36:02 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{EA88BA8B-DEB9-455A-9BCC-DC7EABF17D2C} [2011-12-05 15:35:52 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{48723038-58A9-400D-AA67-A0C97A0584D7} [2011-12-04 16:56:08 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B70824D4-9D3A-4CDC-B310-70C20FF31950} [2011-12-04 16:55:58 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{C7D397EC-B92B-4E20-9A57-E3290B0EBB0F} [2011-12-03 13:32:53 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{873775AD-BB5D-447A-B612-97D6C444210E} [2011-12-03 13:32:44 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B2452AB1-DABC-4AC2-8D37-42A154DD1DCD} [2011-12-02 18:11:40 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{EB3C060F-6B26-4AD9-AC65-BA0D9238429C} [2011-12-02 18:11:31 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{660F291E-70CA-4C66-B9D7-612899F171F9} [2011-12-01 11:37:26 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{DEE9A554-8987-4720-83B5-5BE773952D0C} [2011-12-01 11:37:17 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{833D492C-BB4B-41EE-ADC8-B9BF43D66B8F} [2011-11-30 13:35:49 \| 000,000,000 \| -HSD \| C]—C:\found.000 [2011-11-30 10:09:31 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B41F9D41-58A0-4930-9951-A79E1CE1DD60} [2011-11-30 10:09:21 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{EC443F97-5ECD-4440-B6A1-E1FDC88D44ED} [2011-11-28 12:13:20 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B72D3346-7CC7-4FD6-BDAA-75A40395602F} [2011-11-28 12:13:11 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{0195A856-B7BB-42E2-BCCA-2E75720077D9} [2011-11-27 16:46:03 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{9AAA2D4D-A5F5-4031-9D28-8006E21F8DB3} [2011-11-27 16:45:54 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{3020A1C9-FB28-462E-B1F5-7B3BF8DCE25E} [2011-11-26 12:41:26 \| 002,526,056 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\D3DCompiler_43.dll [2011-11-26 12:41:26 \| 002,106,216 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\D3DCompiler_43.dll [2011-11-26 12:41:26 \| 000,527,192 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\XAudio2_7.dll [2011-11-26 12:41:26 \| 000,518,488 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\XAudio2_7.dll [2011-11-26 12:41:26 \| 000,239,960 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\xactengine3_7.dll [2011-11-26 12:41:26 \| 000,176,984 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\xactengine3_7.dll [2011-11-26 12:41:26 \| 000,077,656 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\XAPOFX1_5.dll [2011-11-26 12:41:26 \| 000,074,072 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\XAPOFX1_5.dll [2011-11-26 12:41:25 \| 002,401,112 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\D3DX9_43.dll [2011-11-26 12:41:25 \| 001,998,168 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\D3DX9_43.dll [2011-11-26 12:41:25 \| 001,907,552 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\d3dcsx_43.dll [2011-11-26 12:41:25 \| 001,868,128 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\d3dcsx_43.dll [2011-11-26 12:41:25 \| 000,511,328 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\d3dx10_43.dll [2011-11-26 12:41:25 \| 000,470,880 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\d3dx10_43.dll [2011-11-26 12:41:25 \| 000,276,832 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\d3dx11_43.dll [2011-11-26 12:41:25 \| 000,248,672 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\d3dx11_43.dll [2011-11-26 12:03:40 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{33A8926D-A26E-487C-BC81-9CCB086D486D} [2011-11-26 12:03:31 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{F8EC8792-4757-40C4-B428-99690174E2ED} [2011-11-25 13:08:34 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{6CBB0D05-A361-4B1D-B9F5-DBC52D95AA5E} [2011-11-25 13:08:25 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{528827B8-9C35-4DA6-99BB-73F32166D9AF} [2011-11-24 13:13:27 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{84EBCC96-38E5-4252-BCB8-429F58C8DC20} [2011-11-24 13:13:17 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{77C8A5B0-1647-4225-BDFD-A522F046622E} [2011-11-23 13:37:16 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{377B94B3-639B-4716-8813-2C5621993FFE} [2011-11-23 13:37:06 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{0DEBCC20-AD6D-4BAE-9D45-B9A2A27D2070} [2011-11-23 00:30:08 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{760FF8F2-86CB-4692-9940-DA5C2208EDF0} [2011-11-23 00:29:59 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{AF69ACA5-CD7A-4FFD-B2B7-0D52B01686CB} ========== Files - Modified Within 30 Days ========== [2011-12-22 17:44:32 \| 000,876,990 \|——\| M] ()—C:\Windows\SysNative\PerfStringBackup.INI [2011-12-22 17:44:32 \| 000,721,264 \|——\| M] ()—C:\Windows\SysNative\perfh009.dat [2011-12-22 17:44:32 \| 000,147,226 \|——\| M] ()—C:\Windows\SysNative\perfc009.dat [2011-12-22 17:43:42 \| 000,018,832 \| -H—\| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-12-22 17:43:42 \| 000,018,832 \| -H—\| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-12-22 17:38:38 \| 000,000,946 \|——\| M] ()—C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011-12-22 17:38:36 \| 000,067,584 \|—S- \| M] ()—C:\Windows\bootstat.dat [2011-12-22 17:38:35 \| 529,879,039 \| -HS- \| M] ()—C:\hiberfil.sys [2011-12-22 17:38:35 \| 000,329,208 \|——\| M] ()—C:\Windows\SysNative\oodbs.lor [2011-12-22 13:09:00 \| 000,000,950 \|——\| M] ()—C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-12-22 12:54:00 \| 000,000,982 \|——\| M] ()—C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3378476827-1488579091-87155459-1000UA.job [2011-12-21 19:00:42 \| 000,000,324 \|——\| M] ()—C:\Windows\tasks\RMSchedule.job [2011-12-21 18:48:07 \| 004,968,016 \|——\| M] ()—C:\Windows\SysNative\FNTCACHE.DAT [2011-12-21 18:48:06 \| 000,002,350 \|——\| M] ()—C:\Users\Public\Desktop\Norton 360.lnk [2011-12-21 18:47:53 \| 001,420,078 \|——\| M] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB [2011-12-21 15:34:06 \| 000,001,026 \|——\| M] ()—C:\Users\Public\Desktop\VLC media player.lnk [2011-12-21 15:33:11 \| 000,001,979 \|——\| M] ()—C:\Users\Public\Desktop\Adobe Reader X.lnk [2011-12-21 15:30:49 \| 000,404,640 \|——\| M] (Adobe Systems Incorporated)—C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011-12-21 15:29:56 \| 000,001,066 \|——\| M] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2011-12-21 14:54:00 \| 000,000,930 \|——\| M] ()—C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3378476827-1488579091-87155459-1000Core.job [2011-12-21 14:52:15 \| 000,174,200 \|——\| M] (Symantec Corporation)—C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2011-12-21 14:52:15 \| 000,007,488 \|——\| M] ()—C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2011-12-21 14:52:15 \| 000,000,855 \|——\| M] ()—C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2011-12-21 13:49:19 \| 000,001,945 \|——\| M] ()—C:\Windows\epplauncher.mif [2011-12-21 13:43:36 \| 000,001,103 \|——\| M] ()—C:\Users\Nicolai Nielsen\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk [2011-12-21 13:43:36 \| 000,001,079 \|——\| M] ()—C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk [2011-12-21 12:54:01 \| 148,385,760 \|——\| M] (Symantec Corporation)—C:\Users\Nicolai Nielsen\Desktop\n360_5.0.0.125_symtb_tmd_loem_mrftt_226_5621.exe [2011-12-18 16:05:03 \| 000,001,283 \|——\| M] ()—C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk [2011-12-18 15:58:28 \| 000,472,808 \|——\| M] (Sun Microsystems, Inc.)—C:\Windows\SysWow64\deployJava1.dll [2011-12-18 15:58:28 \| 000,157,472 \|——\| M] (Sun Microsystems, Inc.)—C:\Windows\SysWow64\javaws.exe [2011-12-18 15:58:28 \| 000,149,280 \|——\| M] (Sun Microsystems, Inc.)—C:\Windows\SysWow64\javaw.exe [2011-12-18 15:58:28 \| 000,149,280 \|——\| M] (Sun Microsystems, Inc.)—C:\Windows\SysWow64\java.exe [2011-12-18 12:16:20 \| 000,000,723 \|——\| M] ()—C:\Users\Public\Desktop\The Sims™ 3 Verdenseventyr.lnk [2011-12-16 13:55:37 \| 000,002,409 \|——\| M] ()—C:\Users\Nicolai Nielsen\Desktop\Google Chrome.lnk [2011-12-13 20:49:35 \| 003,561,117 \|——\| M] ()—C:\Users\Nicolai Nielsen\Desktop\Untitled-2.png [2011-12-13 20:49:35 \| 000,001,456 \|——\| M] ()—C:\Users\Nicolai Nielsen\AppData\Local\Adobe Save for Web 12.0 Prefs [2011-12-12 14:07:06 \| 000,512,472 \|——\| M] (Microsoft Corporation)—C:\Windows\SysWow64\msxml.dll [2011-12-12 14:07:00 \| 000,040,408 \|——\| M] ()—C:\Windows\SysNative\CleanMFT64.exe [2011-12-03 16:41:26 \| 000,636,699 \|——\| M] ()—C:\Users\Nicolai Nielsen\Desktop\Untitled-1.png [2011-12-02 23:20:23 \| 000,001,091 \|——\| M] ()—C:\Users\Nicolai Nielsen\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2011-11-26 12:43:00 \| 000,280,904 \|——\| M] ()—C:\Windows\SysWow64\PnkBstrB.xtr [2011-11-26 12:43:00 \| 000,280,904 \|——\| M] ()—C:\Windows\SysWow64\PnkBstrB.exe [2011-11-26 12:41:51 \| 000,000,642 \|——\| M] ()—C:\Users\Public\Desktop\Battlefield 3.lnk [2011-11-26 12:41:35 \| 000,189,248 \|——\| M] ()—C:\Windows\SysWow64\PnkBstrB.ex0 [2011-11-26 12:41:28 \| 000,075,136 \|——\| M] ()—C:\Windows\SysWow64\PnkBstrA.exe ========== Files Created - No Company Name ========== [2011-12-21 18:47:50 \| 001,420,078 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB [2011-12-21 15:34:06 \| 000,001,026 \|——\| C] ()—C:\Users\Public\Desktop\VLC media player.lnk [2011-12-21 15:33:11 \| 000,002,471 \|——\| C] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011-12-21 15:33:11 \| 000,001,979 \|——\| C] ()—C:\Users\Public\Desktop\Adobe Reader X.lnk [2011-12-21 15:29:56 \| 000,001,066 \|——\| C] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2011-12-21 15:29:56 \| 000,001,029 \|——\| C] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2011-12-21 14:52:14 \| 000,007,492 \| R—- \| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat [2011-12-21 14:52:14 \| 000,007,462 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat [2011-12-21 14:52:14 \| 000,007,460 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.cat [2011-12-21 14:52:14 \| 000,007,458 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat [2011-12-21 14:52:14 \| 000,007,458 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat [2011-12-21 14:52:14 \| 000,003,373 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa.inf [2011-12-21 14:52:14 \| 000,002,792 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds.inf [2011-12-21 14:52:14 \| 000,001,446 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet.inf [2011-12-21 14:52:14 \| 000,001,438 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf [2011-12-21 14:52:14 \| 000,001,422 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf [2011-12-21 14:52:14 \| 000,000,772 \| R—- \| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.inf [2011-12-21 14:52:11 \| 000,000,000 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.cat [2011-12-21 14:52:10 \| 000,000,172 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini [2011-12-21 13:32:55 \| 000,007,488 \|——\| C] ()—C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2011-12-21 13:32:55 \| 000,002,350 \|——\| C] ()—C:\Users\Public\Desktop\Norton 360.lnk [2011-12-21 13:32:55 \| 000,000,855 \|——\| C] ()—C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2011-12-18 16:07:45 \| 000,000,324 \|——\| C] ()—C:\Windows\tasks\RMSchedule.job [2011-12-18 16:05:03 \| 000,001,283 \|——\| C] ()—C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk [2011-12-18 16:05:00 \| 000,040,408 \|——\| C] ()—C:\Windows\SysNative\CleanMFT64.exe [2011-12-18 12:16:20 \| 000,000,723 \|——\| C] ()—C:\Users\Public\Desktop\The Sims™ 3 Verdenseventyr.lnk [2011-12-15 12:10:29 \| 000,000,312 \|——\| C] ()—C:\Users\Nicolai Nielsen\Desktop\Curse Client.appref-ms [2011-12-13 20:48:48 \| 003,561,117 \|——\| C] ()—C:\Users\Nicolai Nielsen\Desktop\Untitled-2.png [2011-12-03 16:41:25 \| 000,636,699 \|——\| C] ()—C:\Users\Nicolai Nielsen\Desktop\Untitled-1.png [2011-10-14 23:54:52 \| 000,321,856 \|——\| C] ()—C:\Windows\SysWow64\nvStreaming.exe [2011-09-20 22:12:52 \| 000,000,000 \|——\| C] ()—C:\Windows\HPMProp.INI [2011-09-19 08:07:23 \| 000,000,000 \|——\| C] ()—C:\Windows\Viewer.INI [2011-07-25 19:56:13 \| 000,000,130 \|——\| C] ()—C:\Windows\SysWow64\lp3codec32win.dll [2011-07-21 15:29:12 \| 000,094,540 \| -H—\| C] ()—C:\Windows\SysWow64\mlfcache.dat [2011-07-08 12:00:59 \| 000,000,262 \|——\| C] ()—C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2011-06-14 02:56:44 \| 000,214,686 \|——\| C] ()—C:\Windows\hpoins47.dat [2011-06-14 02:56:44 \| 000,000,601 \|——\| C] ()—C:\Windows\hpomdl47.dat [2011-06-08 00:55:08 \| 000,001,456 \|——\| C] ()—C:\Users\Nicolai Nielsen\AppData\Local\Adobe Save for Web 12.0 Prefs [2011-06-04 18:27:48 \| 000,000,376 \|——\| C] ()—C:\Windows\ODBC.INI [2011-06-01 01:35:02 \| 000,007,621 \|——\| C] ()—C:\Users\Nicolai Nielsen\AppData\Local\Resmon.ResmonCfg [2011-05-29 22:51:26 \| 000,143,360 \|——\| C] ()—C:\Windows\Vmix108.dll [2011-05-29 22:51:26 \| 000,000,259 \|——\| C] ()—C:\Windows\Cm108.ini.cfl [2011-05-29 22:51:20 \| 000,008,042 \|——\| C] ()—C:\Windows\Cm108.ini.imi [2011-05-29 22:51:20 \| 000,002,029 \|——\| C] ()—C:\Windows\Cm108.ini.cfg [2011-05-29 22:51:20 \| 000,001,320 \|——\| C] ()—C:\Windows\cm108.ini [2011-05-29 22:48:15 \| 000,000,056 \| -H—\| C] ()—C:\Windows\SysWow64\ezsidmv.
[ Ignorer ] [ # 5 ] f-arn TeamSpywarefri
22.12.2011 21:13:52 Administrator Team Spywarefri Antal indlæg: 4202	Vil du godt kopiere resten af OTL.txt herind. Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 6 ] NicolaiNN
22.12.2011 21:54:02 Antal indlæg: 28	OTL logfile created on: 22-12-2011 20:50:01 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nicolai Nielsen\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000406 \| Country: Danmark \| Language: DAN \| Date Format: dd-MM-yyyy 5,99 Gb Total Physical Memory \| 3,14 Gb Available Physical Memory \| 52,42% Memory free 11,98 Gb Paging File \| 8,81 Gb Available in Paging File \| 73,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 93,09 Gb Total Space \| 11,84 Gb Free Space \| 12,72% Space Free \| Partition Type: NTFS Drive D: \| 69,25 Gb Total Space \| 15,52 Gb Free Space \| 22,41% Space Free \| Partition Type: NTFS Drive E: \| 931,51 Gb Total Space \| 592,51 Gb Free Space \| 63,61% Space Free \| Partition Type: NTFS Drive F: \| 279,46 Gb Total Space \| 145,97 Gb Free Space \| 52,23% Space Free \| Partition Type: NTFS Drive G: \| 372,61 Gb Total Space \| 208,36 Gb Free Space \| 55,92% Space Free \| Partition Type: NTFS Drive I: \| 1,87 Gb Total Space \| 1,40 Gb Free Space \| 75,00% Space Free \| Partition Type: FAT Computer Name: NICOLAINIELSEN \| User Name: Nicolai Nielsen \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011-12-22 19:36:38 \| 000,924,632 \|——\| M] (Mozilla Corporation)—C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011-12-22 17:42:21 \| 000,584,192 \|——\| M] (OldTimer Tools)—C:\Users\Nicolai Nielsen\Downloads\OTL.exe PRC - [2011-12-21 07:34:25 \| 004,010,160 \|——\| M] (Spotify Ltd)—C:\Users\Nicolai Nielsen\AppData\Roaming\Spotify\spotify.exe PRC - [2011-12-12 14:06:58 \| 000,103,896 \|——\| M] (PC Tools)—C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe PRC - [2011-11-26 12:41:28 \| 000,075,136 \|——\| M] ()—C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011-10-15 09:53:00 \| 002,253,120 \|——\| M] (NVIDIA Corporation)—C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-10-14 23:54:40 \| 000,381,248 \|——\| M] (NVIDIA Corporation)—C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011-10-14 07:01:50 \| 000,994,360 \|——\| M] (Secunia)—C:\Program Files (x86)\Secunia\PSI\psia.exe PRC - [2011-10-14 07:01:48 \| 000,399,416 \|——\| M] (Secunia)—C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011-10-14 07:01:46 \| 000,291,896 \|——\| M] (Secunia)—C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2011-10-14 07:01:44 \| 001,707,576 \|——\| M] (Secunia)—C:\Program Files (x86)\Secunia\PSI\psi.exe PRC - [2011-09-04 15:09:22 \| 001,242,448 \|——\| M] (Valve Corporation)—F:\Steam\Steam.exe PRC - [2011-07-27 13:57:16 \| 000,522,824 \|——\| M] (Logitech Inc.)—C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x86\LCDMedia.exe PRC - [2011-06-06 12:55:28 \| 000,064,952 \|——\| M] (Adobe Systems Incorporated)—C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-04-17 01:45:11 \| 000,130,008 \| R—- \| M] (Symantec Corporation)—C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccsvchst.exe PRC - [2011-04-08 13:50:02 \| 000,542,264 \|——\| M] (Google)—C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe PRC - [2010-11-20 13:17:56 \| 000,164,864 \|——\| M] (Microsoft Corporation)—C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010-01-22 11:29:40 \| 000,106,496 \|——\| M] (NEC Electronics Corporation)—C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe ========== Modules (No Company Name) ========== MOD - [2011-12-22 20:46:40 \| 000,494,592 \|——\| M] ()—C:\Program Files (x86)\Secunia\PSI\psires.dll MOD - [2011-12-22 19:36:38 \| 002,124,760 \|——\| M] ()—C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011-12-21 07:34:19 \| 019,900,928 \|——\| M] ()—C:\Users\Nicolai Nielsen\AppData\Roaming\Spotify\Data\libcef.dll MOD - [2011-12-09 17:16:26 \| 014,410,024 \|——\| M] ()—F:\Steam\bin\libcef.dll MOD - [2011-12-09 17:16:26 \| 000,914,216 \|——\| M] ()—F:\Steam\bin\avcodec-52.dll MOD - [2011-12-09 17:16:26 \| 000,194,344 \|——\| M] ()—F:\Steam\bin\chromehtml.dll MOD - [2011-12-09 17:16:26 \| 000,155,432 \|——\| M] ()—F:\Steam\bin\avformat-52.dll MOD - [2011-12-09 17:16:26 \| 000,091,432 \|——\| M] ()—F:\Steam\bin\avutil-50.dll MOD - [2011-11-12 11:57:56 \| 008,527,008 \|——\| M] ()—C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011-10-14 23:54:26 \| 000,265,536 \|——\| M] ()—C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2011-05-22 18:21:36 \| 000,093,696 \|——\| M] ()—C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2011-03-17 00:11:16 \| 004,297,568 \|——\| M] ()—C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010-12-21 01:15:30 \| 001,041,248 \|——\| M] ()—C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll MOD - [2010-10-20 15:45:26 \| 008,801,120 \|——\| M] ()—C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011-06-29 16:25:12 \| 003,246,920 \|——\| M] (O&O Software GmbH) [Auto \| Running]—C:\Program Files\OO Software\Defrag\oodag.exe—(OODefragAgent) SRV:64bit: - [2009-07-14 02:41:27 \| 001,011,712 \|——\| M] (Microsoft Corporation) [Auto \| Running]—C:\Program Files\Windows Defender\MpSvc.dll—(WinDefend) SRV:64bit: - [2009-07-14 02:40:01 \| 000,193,536 \|——\| M] (Microsoft Corporation) [On_Demand \| Stopped]—C:\Windows\SysNative\appmgmts.dll—(AppMgmt) SRV - [2011-12-12 14:07:00 \| 000,793,048 \|——\| M] (PC Tools) [Disabled \| Stopped]—C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe—(PCToolsSSDMonitorSvc) SRV - [2011-11-26 12:41:28 \| 000,075,136 \|——\| M] () [Auto \| Running]—C:\Windows\SysWOW64\PnkBstrA.exe—(PnkBstrA) SRV - [2011-10-15 09:53:00 \| 002,253,120 \|——\| M] (NVIDIA Corporation) [Auto \| Running]—C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe—(nvUpdatusService) SRV - [2011-10-14 23:54:40 \| 000,381,248 \|——\| M] (NVIDIA Corporation) [Auto \| Running]—C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe—(Stereo Service) SRV - [2011-10-14 07:01:50 \| 000,994,360 \|——\| M] (Secunia) [Auto \| Running]—C:\Program Files (x86)\Secunia\PSI\PSIA.exe—(Secunia PSI Agent) SRV - [2011-10-14 07:01:48 \| 000,399,416 \|——\| M] (Secunia) [Auto \| Running]—C:\Program Files (x86)\Secunia\PSI\sua.exe—(Secunia Update Agent) SRV - [2011-06-06 12:55:28 \| 000,064,952 \|——\| M] (Adobe Systems Incorporated) [Auto \| Running]—C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe—(AdobeARMservice) SRV - [2011-04-17 01:45:11 \| 000,130,008 \| R—- \| M] (Symantec Corporation) [Unknown \| Running]—C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe—(N360) SRV - [2011-03-16 09:42:06 \| 000,407,336 \|——\| M] (Valve Corporation) [On_Demand \| Stopped]—C:\Program Files (x86)\Common Files\Steam\SteamService.exe—(Steam Client Service) SRV - [2010-10-22 12:08:18 \| 001,039,360 \|——\| M] (Hewlett-Packard Co.) [Auto \| Running]—C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL—(HPSLPSVC) SRV - [2010-03-18 12:16:28 \| 000,130,384 \|——\| M] (Microsoft Corporation) [Auto \| Stopped]—C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe—(clr_optimization_v4.0.30319_32) SRV - [2010-02-19 12:37:14 \| 000,517,096 \|——\| M] (Adobe Systems Incorporated) [On_Demand \| Stopped]—C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe—(SwitchBoard) SRV - [2009-06-10 22:23:09 \| 000,066,384 \|——\| M] (Microsoft Corporation) [Disabled \| Stopped]—C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe—(clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011-12-21 14:52:15 \| 000,174,200 \|——\| M] (Symantec Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS—(SymEvent) DRV:64bit: - [2011-07-27 13:57:17 \| 000,022,408 \|——\| M] (Logitech Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\LGBusEnum.sys—(LGBusEnum) DRV:64bit: - [2011-07-27 13:57:17 \| 000,016,008 \|——\| M] (Logitech Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\LGVirHid.sys—(LGVirHid) DRV:64bit: - [2011-07-08 00:21:28 \| 000,174,184 \|——\| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\nvhda64v.sys—(NVHDA) DRV:64bit: - [2011-05-10 07:06:08 \| 000,051,712 \|——\| M] (Apple, Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\usbaapl64.sys—(USBAAPL64) DRV:64bit: - [2011-03-31 14:01:50 \| 000,126,464 \|——\| M] (Razer USA Ltd) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\RzSynapse.sys—(RzSynapse) DRV:64bit: - [2011-03-31 04:00:09 \| 000,744,568 \|——\| M] (Symantec Corporation) [File_System \| System \| Running]—C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys—(SRTSP) DRV:64bit: - [2011-03-31 04:00:09 \| 000,040,568 \|——\| M] (Symantec Corporation) [Kernel \| System \| Running]—C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys—(SRTSPX) Symantec Real Time Storage Protection (PEL) DRV:64bit: - [2011-03-22 01:39:49 \| 000,382,584 \|——\| M] (Symantec Corporation) [Kernel \| System \| Running]—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys—(SymNetS) DRV:64bit: - [2011-03-21 12:22:06 \| 000,452,200 \|——\| M] (Realtek ) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\Rt64win7.sys—(RTL8167) DRV:64bit: - [2011-03-15 03:31:23 \| 000,912,504 \|——\| M] (Symantec Corporation) [File_System \| Boot \| Running]—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys—(SymEFA) DRV:64bit: - [2011-03-11 07:41:12 \| 000,107,904 \|——\| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\amdsata.sys—(amdsata) DRV:64bit: - [2011-03-11 07:41:12 \| 000,027,008 \|——\| M] (Advanced Micro Devices) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\amdxata.sys—(amdxata) DRV:64bit: - [2011-01-27 07:47:10 \| 000,450,680 \|——\| M] (Symantec Corporation) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys—(SymDS) DRV:64bit: - [2010-11-20 14:33:35 \| 000,078,720 \|——\| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\HpSAMD.sys—(HpSAMD) DRV:64bit: - [2010-11-20 12:07:05 \| 000,059,392 \|——\| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\TsUsbFlt.sys—(TsUsbFlt) DRV:64bit: - [2010-11-20 12:03:42 \| 000,020,992 \|——\| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\rdpvideominiport.sys—(RdpVideoMiniport) DRV:64bit: - [2010-11-16 02:45:33 \| 000,171,128 \| R—- \| M] (Symantec Corporation) [Kernel \| System \| Running]—C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys—(SymIRON) DRV:64bit: - [2010-09-01 09:30:58 \| 000,017,976 \|——\| M] (Secunia) [File_System \| On_Demand \| Running]—C:\Windows\SysNative\drivers\psi_mf.sys—(PSI) DRV:64bit: - [2010-08-21 05:59:12 \| 000,034,152 \|——\| M] (GEAR Software Inc.) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\GEARAspiWDM.sys—(GEARAspiWDM) DRV:64bit: - [2010-04-14 00:08:04 \| 000,022,568 \|——\| M] (Silicon Image, Inc.) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\SiWinAcc.sys—(SiFilter) DRV:64bit: - [2010-04-14 00:08:04 \| 000,016,936 \|——\| M] (Silicon Image, Inc.) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\SiRemFil.sys—(SiRemFil) DRV:64bit: - [2010-04-14 00:08:00 \| 000,340,008 \|——\| M] (Silicon Image, Inc) [Kernel \| Boot \| Running]—C:\Windows\SysNative\drivers\Si3124r5.sys—(Si3124r5) DRV:64bit: - [2010-01-22 11:22:22 \| 000,180,224 \|——\| M] (NEC Electronics Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\nusb3xhc.sys—(nusb3xhc) DRV:64bit: - [2010-01-22 11:22:18 \| 000,077,824 \|——\| M] (NEC Electronics Corporation) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\nusb3hub.sys—(nusb3hub) DRV:64bit: - [2009-12-30 10:21:26 \| 000,031,800 \|——\| M] (VS Revo Group) [File_System \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\revoflt.sys—(Revoflt) DRV:64bit: - [2009-12-22 00:54:00 \| 001,308,160 \|——\| M] (C-Media Electronics Inc) [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\CM10864.sys—(USBPNPA) DRV:64bit: - [2009-09-30 03:04:54 \| 001,307,648 \|——\| M] (C-Media Electronics Inc) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\CM10664.sys—(USBMULCD) DRV:64bit: - [2009-07-14 02:52:20 \| 000,194,128 \|——\| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\amdsbs.sys—(amdsbs) DRV:64bit: - [2009-07-14 02:48:04 \| 000,065,600 \|——\| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\lsi_sas2.sys—(LSI_SAS2) DRV:64bit: - [2009-07-14 02:45:55 \| 000,024,656 \|——\| M] (Promise Technology) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\stexstor.sys—(stexstor) DRV:64bit: - [2009-06-10 21:34:33 \| 003,286,016 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\evbda.sys—(ebdrv) DRV:64bit: - [2009-06-10 21:34:28 \| 000,468,480 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\bxvbda.sys—(b06bdrv) DRV:64bit: - [2009-06-10 21:34:23 \| 000,270,848 \|——\| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\b57nd60a.sys—(b57nd60a) DRV:64bit: - [2009-06-10 21:31:59 \| 000,031,232 \|——\| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\hcw85cir.sys—(hcw85cir) DRV:64bit: - [2009-03-18 16:35:42 \| 000,033,856 \| -H—\| M] (LogMeIn, Inc.) [Kernel \| On_Demand \| Stopped]—C:\Windows\SysNative\drivers\hamachi.sys—(hamachi) DRV:64bit: - [2005-03-29 00:30:38 \| 000,008,192 \|——\| M] () [Kernel \| On_Demand \| Running]—C:\Windows\SysNative\drivers\ASACPI.sys—(MTsensor) DRV - [2011-12-21 14:52:08 \| 002,048,632 \|——\| M] (Symantec Corporation) [Kernel \| On_Demand \| Running]—C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111222.002\EX64.SYS—(NAVEX15) DRV - [2011-12-21 14:52:08 \| 000,482,936 \|——\| M] (Symantec Corporation) [Kernel \| System \| Running]—C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys—(eeCtrl) DRV - [2011-12-21 14:52:08 \| 000,138,360 \|——\| M] (Symantec Corporation) [Kernel \| On_Demand \| Running]—C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys—(EraserUtilRebootDrv) DRV - [2011-12-21 14:52:08 \| 000,117,880 \|——\| M] (Symantec Corporation) [Kernel \| On_Demand \| Running]—C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111222.002\ENG64.SYS—(NAVENG) DRV - [2011-12-20 09:25:44 \| 000,488,568 \|——\| M] (Symantec Corporation) [Kernel \| System \| Running]—C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111221.001\IDSviA64.sys—(IDSVia64) DRV - [2011-12-10 02:24:18 \| 001,156,216 \|——\| M] (Symantec Corporation) [Kernel \| System \| Running]—C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx64.sys—(BHDrvx64) DRV - [2009-07-14 02:19:10 \| 000,019,008 \|——\| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped]—C:\Windows\SysWOW64\drivers\wimmount.sys—(WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\S-1-5-21-3378476827-1488579091-87155459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-21-3378476827-1488579091-87155459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\S-1-5-21-3378476827-1488579091-87155459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3378476827-1488579091-87155459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da-DK IE - HKU\S-1-5-21-3378476827-1488579091-87155459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 68 78 01 68 75 CC 01 [binary data] IE - HKU\S-1-5-21-3378476827-1488579091-87155459-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0 IE - HKU\S-1-5-21-3378476827-1488579091-87155459-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-21-3378476827-1488579091-87155459-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage ========== FireFox ========== FF - prefs.js..browser.startup.homepage: “http://www.google.dk/” FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-06-14 02:59:16 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011-12-21 18:48:09 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011-12-21 14:52:10 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-12-22 19:36:38 \| 000,000,000 \|—-D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-12-21 15:36:19 \| 000,000,000 \|—-D \| M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-06-14 02:59:16 \| 000,000,000 \|—-D \| M] [2011-05-29 18:59:27 \| 000,000,000 \|—-D \| M] (No name found)—C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\Extensions [2011-08-30 23:52:14 \| 000,000,000 \|—-D \| M] (No name found)—C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\Firefox\Profiles\zxsovoul.default\extensions [2011-08-30 23:52:14 \| 000,000,000 \|—-D \| M] (British English Dictionary)—C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\Firefox\Profiles\zxsovoul.default\extensions\en-GB@dictionaries.addons.mozilla.org [2011-12-21 15:34:57 \| 000,000,000 \|—-D \| M] (No name found)—C:\Program Files (x86)\Mozilla Firefox\extensions [2011-11-12 11:58:06 \| 000,000,000 \|—-D \| M] (Skype Click to Call)—C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-12-22 19:36:38 \| 000,121,816 \|——\| M] (Mozilla Foundation)—C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011-12-18 15:58:29 \| 000,476,904 \|——\| M] (Sun Microsystems, Inc.)—C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-10-18 16:03:04 \| 000,001,525 \|——\| M] ()—C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml [2011-10-18 16:03:04 \| 000,002,252 \|——\| M] ()—C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011-10-18 16:03:04 \| 000,001,178 \|——\| M] ()—C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie;={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl;={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nicolai Nielsen\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Nicolai Nielsen\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nicolai Nielsen\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Nicolai Nielsen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Nicolai Nielsen\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2011-10-26 16:07:51 \| 000,002,288 \|——\| M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 21 more lines… O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3378476827-1488579091-87155459-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3378476827-1488579091-87155459-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKU\S-1-5-21-3378476827-1488579091-87155459-1000..\Run: [Steam] F:\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-3378476827-1488579091-87155459-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3378476827-1488579091-87155459-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Nicolai Nielsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3378476827-1488579091-87155459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra ‘Tools’ menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.233.224.20 85.233.228.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E3233CB-0336-46CB-A1B6-45BEB0634A97}: DhcpNameServer = 85.233.224.20 85.233.228.2 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk ) O34 - HKLM BootExecute: (OODBS) O35:64bit:* - HKLM\..comfile [open]—“%1” %* O35:64bit: - HKLM\..exefile [open]—“%1” %* O35 - HKLM\..comfile [open]—“%1” %* O35 - HKLM\..exefile [open]—“%1” %* O37:64bit: - HKLM\...com [@ = comfile]—“%1” %* O37:64bit: - HKLM\...exe [@ = exefile]—“%1” %* O37 - HKLM\...com [@ = comfile]—“%1” %* O37 - HKLM\...exe [@ = exefile]—“%1” %* CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011-12-21 18:46:07 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\NPE [2011-12-21 15:34:06 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011-12-21 15:29:59 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\Secunia PSI [2011-12-21 15:29:56 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Secunia [2011-12-21 14:52:14 \| 000,912,504 \|——\| C] (Symantec Corporation)—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys [2011-12-21 14:52:14 \| 000,744,568 \|——\| C] (Symantec Corporation)—C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys [2011-12-21 14:52:14 \| 000,450,680 \|——\| C] (Symantec Corporation)—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys [2011-12-21 14:52:14 \| 000,382,584 \|——\| C] (Symantec Corporation)—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys [2011-12-21 14:52:14 \| 000,171,128 \| R—- \| C] (Symantec Corporation)—C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys [2011-12-21 14:52:14 \| 000,040,568 \|——\| C] (Symantec Corporation)—C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys [2011-12-21 14:52:10 \| 000,000,000 \|—-D \| C]—C:\Windows\SysNative\drivers\N360x64\0501000.01D [2011-12-21 14:14:22 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\Desktop\New folder (2) [2011-12-21 13:32:56 \| 000,034,152 \|——\| C] (GEAR Software Inc.)—C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2011-12-21 13:32:55 \| 000,174,200 \|——\| C] (Symantec Corporation)—C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2011-12-21 13:32:55 \| 000,000,000 \|—-D \| C]—C:\Program Files\Common Files\Symantec Shared [2011-12-21 13:32:55 \| 000,000,000 \|—-D \| C]—C:\Program Files\Symantec [2011-12-21 13:32:33 \| 000,000,000 \|—-D \| C]—C:\Windows\SysNative\drivers\N360x64 [2011-12-21 13:32:29 \| 000,000,000 \| R—D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 [2011-12-21 13:32:29 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Norton 360 [2011-12-21 13:32:23 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\NortonInstaller [2011-12-21 12:48:12 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\Desktop\Norton 2011 Trial Reset v3.3.0 (NAV-NIS-N360) by BOX! [2011-12-21 12:47:59 \| 148,385,760 \|——\| C] (Symantec Corporation)—C:\Users\Nicolai Nielsen\Desktop\n360_5.0.0.125_symtb_tmd_loem_mrftt_226_5621.exe [2011-12-21 12:06:39 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\Desktop\New folder [2011-12-21 07:55:32 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{06AB31CE-887E-453A-B0C0-30B570804345} [2011-12-21 07:55:22 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{46D7FB4A-74A3-4740-96BF-52B1156583FF} [2011-12-20 19:54:59 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{F7243861-0833-4ED8-B6B2-906613818E59} [2011-12-20 19:54:49 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{A7D4F2AD-E02B-4719-B636-75C0F821A840} [2011-12-19 16:46:26 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{872E2C0A-6F49-45F8-8A65-A32FE8B4BB3A} [2011-12-19 16:46:17 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{1746C9C6-5BB8-40E1-98C2-948628ACB2BB} [2011-12-18 16:06:17 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Roaming\Registry Mechanic [2011-12-18 16:05:00 \| 001,101,824 \|——\| C] (Woodbury Associates Limited)—C:\Windows\SysWow64\UniBox210.ocx [2011-12-18 16:05:00 \| 000,880,640 \|——\| C] (Woodbury Associates Limited)—C:\Windows\SysWow64\UniBox10.ocx [2011-12-18 16:05:00 \| 000,658,432 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\MSCOMCT2.OCX [2011-12-18 16:05:00 \| 000,512,472 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\msxml.dll [2011-12-18 16:05:00 \| 000,212,992 \|——\| C] (Woodbury Associates Limited)—C:\Windows\SysWow64\UniBoxVB12.ocx [2011-12-18 16:05:00 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic [2011-12-18 16:04:47 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\PC Tools [2011-12-18 16:04:47 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Common Files\PC Tools [2011-12-18 16:00:03 \| 000,000,000 \|—-D \| C]—C:\ProgramData\TEMP [2011-12-18 16:00:00 \| 000,000,000 \|—-D \| C]—C:\ProgramData\PC Tools [2011-12-18 15:59:59 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Roaming\Product_RM [2011-12-18 15:58:39 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Common Files\Java [2011-12-18 15:58:32 \| 000,157,472 \|——\| C] (Sun Microsystems, Inc.)—C:\Windows\SysWow64\javaws.exe [2011-12-18 15:58:32 \| 000,149,280 \|——\| C] (Sun Microsystems, Inc.)—C:\Windows\SysWow64\javaw.exe [2011-12-18 15:58:32 \| 000,149,280 \|——\| C] (Sun Microsystems, Inc.)—C:\Windows\SysWow64\java.exe [2011-12-18 12:17:37 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\Documents\Electronic Arts [2011-12-18 12:03:49 \| 000,447,752 \|——\| C] (On2.com)—C:\Windows\SysWow64\vp6vfw.dll [2011-12-18 12:03:49 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Microsoft WSE [2011-12-18 10:31:34 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{772FAAF3-38B4-44CA-8DAD-BDFF6E26E188} [2011-12-18 10:31:24 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{2DE709AD-AAE5-4909-93CA-190BBA08FD5B} [2011-12-17 22:31:01 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{40F24583-EF6B-4074-BF6D-FE894327889E} [2011-12-17 22:30:52 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{4C633AD4-7530-44CE-912C-4291EF1CEFA9} [2011-12-17 10:30:29 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{0D970B06-A41D-4880-A48C-FA3202BDEB86} [2011-12-17 10:30:19 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{77525169-B85A-4E7F-A307-941DC1A87D6F} [2011-12-16 13:30:29 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B62301F4-BB79-49F0-A3FF-BEC0CD46BE08} [2011-12-16 13:30:19 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{101B4959-17F2-4CD0-B605-4D86FEEBDD68} [2011-12-15 12:10:42 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\Documents\My Curse [2011-12-15 12:10:17 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{91ADF158-36BC-452A-B5C8-72A67DE9E6CD} [2011-12-15 12:10:07 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B885A39E-FB6D-416A-9754-5A33F5ED3C2B} [2011-12-14 23:29:10 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{AC77B18F-AE17-481D-BF06-1D844BD1AA8D} [2011-12-14 23:29:00 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{14ACADA5-EEA3-4671-8504-C22242DED094} [2011-12-14 21:51:41 \| 000,000,000 \|—SD \| C]—C:\Users\Nicolai Nielsen\Documents\My Data Sources [2011-12-14 21:41:16 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\assembly [2011-12-14 21:36:08 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Roaming\Microsoft Corporation [2011-12-14 21:27:38 \| 000,078,872 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll [2011-12-14 21:27:38 \| 000,050,200 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll [2011-12-14 21:27:36 \| 000,111,640 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll [2011-12-14 21:27:36 \| 000,079,896 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll [2011-12-14 21:27:21 \| 000,000,000 \|—-D \| C]—C:\Windows\SysNative\RsFx [2011-12-14 21:27:03 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft Visual Studio 9.0 [2011-12-14 21:26:52 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft.NET [2011-12-14 21:26:29 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 [2011-12-14 21:25:38 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft SQL Server [2011-12-14 21:25:35 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Microsoft SQL Server [2011-12-14 21:25:30 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework [2011-12-14 21:25:28 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft Sync Framework [2011-12-14 21:25:26 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft Synchronization Services [2011-12-14 21:25:26 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft SQL Server Compact Edition [2011-12-14 21:24:38 \| 000,000,000 \|—-D \| C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK [2011-12-14 21:24:09 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Microsoft ASP.NET [2011-12-14 21:24:08 \| 000,000,000 \|—-D \| C]—C:\Program Files\IIS [2011-12-14 21:24:08 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\IIS [2011-12-14 21:23:55 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\Documents\Visual Studio 2008 [2011-12-14 21:23:46 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\Documents\Visual Studio 2010 [2011-12-14 21:22:04 \| 000,000,000 \|—-D \| C]—C:\Windows\SysWow64\1033 [2011-12-14 21:20:56 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Microsoft Visual Studio 9.0 [2011-12-14 21:20:50 \| 000,000,000 \|—-D \| C]—C:\Windows\symbols [2011-12-14 21:20:50 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft Visual Studio 10.0 [2011-12-14 21:20:50 \| 000,000,000 \|—-D \| C]—C:\Program Files (x86)\Microsoft SDKs [2011-12-14 21:20:50 \| 000,000,000 \|—-D \| C]—C:\Program Files\Microsoft Help Viewer [2011-12-14 21:20:50 \| 000,000,000 \|—-D \| C]—C:\Windows\SysNative\1033 [2011-12-14 14:42:43 \| 000,096,256 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\mshtmled.dll [2011-12-14 14:42:43 \| 000,072,704 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\mshtmled.dll [2011-12-14 14:42:42 \| 000,237,056 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\url.dll [2011-12-14 14:42:42 \| 000,231,936 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\url.dll [2011-12-14 14:42:41 \| 001,427,456 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\inetcpl.cpl [2011-12-14 14:42:41 \| 000,248,320 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\ieui.dll [2011-12-14 14:42:41 \| 000,176,640 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\ieui.dll [2011-12-14 14:42:40 \| 002,309,120 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\jscript9.dll [2011-12-14 14:42:40 \| 001,493,504 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\inetcpl.cpl [2011-12-14 14:42:40 \| 000,818,688 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\jscript.dll [2011-12-14 14:42:40 \| 000,716,800 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\jscript.dll [2011-12-14 11:33:13 \| 000,723,456 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\EncDec.dll [2011-12-14 11:33:13 \| 000,534,528 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\EncDec.dll [2011-12-14 11:33:13 \| 000,043,520 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\csrsrv.dll [2011-12-14 11:28:37 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{5E741805-25BF-4B72-B7CA-6A10E4FE7F8A} [2011-12-14 11:28:27 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{BADADDE2-70B1-459D-A55F-4C19BE6416FB} [2011-12-13 14:10:45 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{0ACC6A9B-E4E7-4C84-A070-DDA985001A26} [2011-12-13 14:10:35 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{915AFA00-5644-41AB-AD03-A1F6E34225C8} [2011-12-12 13:39:07 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{A39A8347-D380-4077-A078-4B4538D44DC0} [2011-12-12 13:38:58 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{629A85F7-96EA-448E-9AF3-5E064F89F45B} [2011-12-11 14:52:03 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{5A4751DD-9B72-4635-8B85-EB2A4EE2268E} [2011-12-11 14:51:53 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{59269AFF-29C5-49EF-B653-A5110C83720A} [2011-12-10 16:22:12 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B1B73F8B-70B4-4639-BEBD-CFD51EBED0F0} [2011-12-10 16:22:03 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{E51CA023-F17B-4B2A-A7C7-60BC7A9B7DB1} [2011-12-09 13:40:38 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B182B1E4-B965-46E3-A93F-6183570A8746} [2011-12-09 13:40:29 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{0DD382BD-7490-4D64-9760-BF18788D6B16} [2011-12-08 16:06:26 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{BCFD0A71-94AE-45C2-AB74-49095BC7E8D6} [2011-12-08 16:06:17 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{5B3631C6-BFEB-4158-B2CE-03F3C15042E9} [2011-12-07 13:11:25 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{C23C3602-3D4B-4935-A532-A4BCEB0666FA} [2011-12-07 13:11:16 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B1703C23-E817-4C53-83E8-A4BE6E9217BB} [2011-12-06 10:55:58 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{8DD8EAB6-8CB0-4C4A-9EFA-3FF861188864} [2011-12-06 10:55:48 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{41FCEDD4-0372-4291-BABB-1AF271E14C20} [2011-12-05 15:36:02 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{EA88BA8B-DEB9-455A-9BCC-DC7EABF17D2C} [2011-12-05 15:35:52 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{48723038-58A9-400D-AA67-A0C97A0584D7} [2011-12-04 16:56:08 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B70824D4-9D3A-4CDC-B310-70C20FF31950} [2011-12-04 16:55:58 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{C7D397EC-B92B-4E20-9A57-E3290B0EBB0F} [2011-12-03 13:32:53 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{873775AD-BB5D-447A-B612-97D6C444210E} [2011-12-03 13:32:44 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B2452AB1-DABC-4AC2-8D37-42A154DD1DCD} [2011-12-02 18:11:40 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{EB3C060F-6B26-4AD9-AC65-BA0D9238429C} [2011-12-02 18:11:31 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{660F291E-70CA-4C66-B9D7-612899F171F9} [2011-12-01 11:37:26 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{DEE9A554-8987-4720-83B5-5BE773952D0C} [2011-12-01 11:37:17 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{833D492C-BB4B-41EE-ADC8-B9BF43D66B8F} [2011-11-30 13:35:49 \| 000,000,000 \| -HSD \| C]—C:\found.000 [2011-11-30 10:09:31 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B41F9D41-58A0-4930-9951-A79E1CE1DD60} [2011-11-30 10:09:21 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{EC443F97-5ECD-4440-B6A1-E1FDC88D44ED} [2011-11-28 12:13:20 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{B72D3346-7CC7-4FD6-BDAA-75A40395602F} [2011-11-28 12:13:11 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{0195A856-B7BB-42E2-BCCA-2E75720077D9} [2011-11-27 16:46:03 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{9AAA2D4D-A5F5-4031-9D28-8006E21F8DB3} [2011-11-27 16:45:54 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{3020A1C9-FB28-462E-B1F5-7B3BF8DCE25E} [2011-11-26 12:41:26 \| 002,526,056 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\D3DCompiler_43.dll [2011-11-26 12:41:26 \| 002,106,216 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\D3DCompiler_43.dll [2011-11-26 12:41:26 \| 000,527,192 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\XAudio2_7.dll [2011-11-26 12:41:26 \| 000,518,488 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\XAudio2_7.dll [2011-11-26 12:41:26 \| 000,239,960 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\xactengine3_7.dll [2011-11-26 12:41:26 \| 000,176,984 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\xactengine3_7.dll [2011-11-26 12:41:26 \| 000,077,656 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\XAPOFX1_5.dll [2011-11-26 12:41:26 \| 000,074,072 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\XAPOFX1_5.dll [2011-11-26 12:41:25 \| 002,401,112 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\D3DX9_43.dll [2011-11-26 12:41:25 \| 001,998,168 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\D3DX9_43.dll [2011-11-26 12:41:25 \| 001,907,552 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\d3dcsx_43.dll [2011-11-26 12:41:25 \| 001,868,128 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\d3dcsx_43.dll [2011-11-26 12:41:25 \| 000,511,328 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\d3dx10_43.dll [2011-11-26 12:41:25 \| 000,470,880 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\d3dx10_43.dll [2011-11-26 12:41:25 \| 000,276,832 \|——\| C] (Microsoft Corporation)—C:\Windows\SysNative\d3dx11_43.dll [2011-11-26 12:41:25 \| 000,248,672 \|——\| C] (Microsoft Corporation)—C:\Windows\SysWow64\d3dx11_43.dll [2011-11-26 12:03:40 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{33A8926D-A26E-487C-BC81-9CCB086D486D} [2011-11-26 12:03:31 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{F8EC8792-4757-40C4-B428-99690174E2ED} [2011-11-25 13:08:34 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{6CBB0D05-A361-4B1D-B9F5-DBC52D95AA5E} [2011-11-25 13:08:25 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{528827B8-9C35-4DA6-99BB-73F32166D9AF} [2011-11-24 13:13:27 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{84EBCC96-38E5-4252-BCB8-429F58C8DC20} [2011-11-24 13:13:17 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{77C8A5B0-1647-4225-BDFD-A522F046622E} [2011-11-23 13:37:16 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{377B94B3-639B-4716-8813-2C5621993FFE} [2011-11-23 13:37:06 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{0DEBCC20-AD6D-4BAE-9D45-B9A2A27D2070} [2011-11-23 00:30:08 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{760FF8F2-86CB-4692-9940-DA5C2208EDF0} [2011-11-23 00:29:59 \| 000,000,000 \|—-D \| C]—C:\Users\Nicolai Nielsen\AppData\Local\{AF69ACA5-CD7A-4FFD-B2B7-0D52B01686CB} ========== Files - Modified Within 30 Days ========== [2011-12-22 20:09:52 \| 000,000,418 \| RHS- \| M] ()—C:\ProgramData\ntuser.pol [2011-12-22 20:09:00 \| 000,000,950 \|——\| M] ()—C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011-12-22 19:54:00 \| 000,000,982 \|——\| M] ()—C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3378476827-1488579091-87155459-1000UA.job [2011-12-22 19:21:24 \| 000,000,324 \|——\| M] ()—C:\Windows\tasks\RMSchedule.job [2011-12-22 17:44:32 \| 000,876,990 \|——\| M] ()—C:\Windows\SysNative\PerfStringBackup.INI [2011-12-22 17:44:32 \| 000,721,264 \|——\| M] ()—C:\Windows\SysNative\perfh009.dat [2011-12-22 17:44:32 \| 000,147,226 \|——\| M] ()—C:\Windows\SysNative\perfc009.dat [2011-12-22 17:43:42 \| 000,018,832 \| -H—\| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011-12-22 17:43:42 \| 000,018,832 \| -H—\| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011-12-22 17:38:38 \| 000,000,946 \|——\| M] ()—C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011-12-22 17:38:36 \| 000,067,584 \|—S- \| M] ()—C:\Windows\bootstat.dat [2011-12-22 17:38:35 \| 529,879,039 \| -HS- \| M] ()—C:\hiberfil.sys [2011-12-22 17:38:35 \| 000,329,208 \|——\| M] ()—C:\Windows\SysNative\oodbs.lor [2011-12-21 18:48:07 \| 004,968,016 \|——\| M] ()—C:\Windows\SysNative\FNTCACHE.DAT [2011-12-21 18:48:06 \| 000,002,350 \|——\| M] ()—C:\Users\Public\Desktop\Norton 360.lnk [2011-12-21 18:47:53 \| 001,420,078 \|——\| M] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB [2011-12-21 15:34:06 \| 000,001,026 \|——\| M] ()—C:\Users\Public\Desktop\VLC media player.lnk [2011-12-21 15:33:11 \| 000,001,979 \|——\| M] ()—C:\Users\Public\Desktop\Adobe Reader X.lnk [2011-12-21 15:30:49 \| 000,404,640 \|——\| M] (Adobe Systems Incorporated)—C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011-12-21 15:29:56 \| 000,001,066 \|——\| M] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2011-12-21 14:54:00 \| 000,000,930 \|——\| M] ()—C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3378476827-1488579091-87155459-1000Core.job [2011-12-21 14:52:15 \| 000,174,200 \|——\| M] (Symantec Corporation)—C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2011-12-21 14:52:15 \| 000,007,488 \|——\| M] ()—C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2011-12-21 14:52:15 \| 000,000,855 \|——\| M] ()—C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2011-12-21 13:49:19 \| 000,001,945 \|——\| M] ()—C:\Windows\epplauncher.mif [2011-12-21 13:43:36 \| 000,001,103 \|——\| M] ()—C:\Users\Nicolai Nielsen\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk [2011-12-21 13:43:36 \| 000,001,079 \|——\| M] ()—C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk [2011-12-21 12:54:01 \| 148,385,760 \|——\| M] (Symantec Corporation)—C:\Users\Nicolai Nielsen\Desktop\n360_5.0.0.125_symtb_tmd_loem_mrftt_226_5621.exe [2011-12-18 16:05:03 \| 000,001,283 \|——\| M] ()—C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk [2011-12-18 15:58:28 \| 000,472,808 \|——\| M] (Sun Microsystems, Inc.)—C:\Windows\SysWow64\deployJava1.dll [2011-12-18 15:58:28 \| 000,157,472 \|——\| M] (Sun Microsystems, Inc.)—C:\Windows\SysWow64\javaws.exe [2011-12-18 15:58:28 \| 000,149,280 \|——\| M] (Sun Microsystems, Inc.)—C:\Windows\SysWow64\javaw.exe [2011-12-18 15:58:28 \| 000,149,280 \|——\| M] (Sun Microsystems, Inc.)—C:\Windows\SysWow64\java.exe [2011-12-18 12:16:20 \| 000,000,723 \|——\| M] ()—C:\Users\Public\Desktop\The Sims™ 3 Verdenseventyr.lnk [2011-12-16 13:55:37 \| 000,002,409 \|——\| M] ()—C:\Users\Nicolai Nielsen\Desktop\Google Chrome.lnk [2011-12-13 20:49:35 \| 003,561,117 \|——\| M] ()—C:\Users\Nicolai Nielsen\Desktop\Untitled-2.png [2011-12-13 20:49:35 \| 000,001,456 \|——\| M] ()—C:\Users\Nicolai Nielsen\AppData\Local\Adobe Save for Web 12.0 Prefs [2011-12-12 14:07:06 \| 000,512,472 \|——\| M] (Microsoft Corporation)—C:\Windows\SysWow64\msxml.dll [2011-12-12 14:07:00 \| 000,040,408 \|——\| M] ()—C:\Windows\SysNative\CleanMFT64.exe [2011-12-03 16:41:26 \| 000,636,699 \|——\| M] ()—C:\Users\Nicolai Nielsen\Desktop\Untitled-1.png [2011-12-02 23:20:23 \| 000,001,091 \|——\| M] ()—C:\Users\Nicolai Nielsen\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2011-11-26 12:43:00 \| 000,280,904 \|——\| M] ()—C:\Windows\SysWow64\PnkBstrB.xtr [2011-11-26 12:43:00 \| 000,280,904 \|——\| M] ()—C:\Windows\SysWow64\PnkBstrB.exe [2011-11-26 12:41:51 \| 000,000,642 \|——\| M] ()—C:\Users\Public\Desktop\Battlefield 3.lnk [2011-11-26 12:41:35 \| 000,189,248 \|——\| M] ()—C:\Windows\SysWow64\PnkBstrB.ex0 [2011-11-26 12:41:28 \| 000,075,136 \|——\| M] ()—C:\Windows\SysWow64\PnkBstrA.exe ========== Files Created - No Company Name ========== [2011-12-22 20:09:52 \| 000,000,418 \| RHS- \| C] ()—C:\ProgramData\ntuser.pol [2011-12-21 18:47:50 \| 001,420,078 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB [2011-12-21 15:34:06 \| 000,001,026 \|——\| C] ()—C:\Users\Public\Desktop\VLC media player.lnk [2011-12-21 15:33:11 \| 000,002,471 \|——\| C] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011-12-21 15:33:11 \| 000,001,979 \|——\| C] ()—C:\Users\Public\Desktop\Adobe Reader X.lnk [2011-12-21 15:29:56 \| 000,001,066 \|——\| C] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2011-12-21 15:29:56 \| 000,001,029 \|——\| C] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2011-12-21 14:52:14 \| 000,007,492 \| R—- \| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat [2011-12-21 14:52:14 \| 000,007,462 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat [2011-12-21 14:52:14 \| 000,007,460 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.cat [2011-12-21 14:52:14 \| 000,007,458 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat [2011-12-21 14:52:14 \| 000,007,458 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat [2011-12-21 14:52:14 \| 000,003,373 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa.inf [2011-12-21 14:52:14 \| 000,002,792 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds.inf [2011-12-21 14:52:14 \| 000,001,446 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet.inf [2011-12-21 14:52:14 \| 000,001,438 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf [2011-12-21 14:52:14 \| 000,001,422 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf [2011-12-21 14:52:14 \| 000,000,772 \| R—- \| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.inf [2011-12-21 14:52:11 \| 000,000,000 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.cat [2011-12-21 14:52:10 \| 000,000,172 \|——\| C] ()—C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini [2011-12-21 13:32:55 \| 000,007,488 \|——\| C] ()—C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2011-12-21 13:32:55 \| 000,002,350 \|——\| C] ()—C:\Users\Public\Desktop\Norton 360.lnk [2011-12-21 13:32:55 \| 000,000,855 \|——\| C] ()—C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2011-12-18 16:07:45 \| 000,000,324 \|——\| C] ()—C:\Windows\tasks\RMSchedule.job [2011-12-18 16:05:03 \| 000,001,283 \|——\| C] ()—C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk [2011-12-18 16:05:00 \| 000,040,408 \|——\| C] ()—C:\Windows\SysNative\CleanMFT64.exe [2011-12-18 12:16:20 \| 000,000,723 \|——\| C] ()—C:\Users\Public\Desktop\The Sims™ 3 Verdenseventyr.lnk [2011-12-15 12:10:29 \| 000,000,312 \|——\| C] ()—C:\Users\Nicolai Nielsen\Desktop\Curse Client.appref-ms [2011-12-13 20:48:48 \| 003,561,117 \|——\| C] ()—C:\Users\Nicolai Nielsen\Desktop\Untitled-2.png [2011-12-03 16:41:25 \| 000,636,699 \|——\| C] ()—C:\Users\Nicolai Nielsen\Desktop\Untitled-1.png [2011-10-14 23:54:52 \| 000,321,856 \|——\| C] ()—C:\Windows\SysWow64\nvStreaming.exe [2011-09-20 22:12:52 \| 000,000,000 \|——\| C] ()—C:\Windows\HPMProp.INI [2011-09-19 08:07:23 \| 000,000,000 \|——\| C] ()—C:\Windows\Viewer.INI [2011-07-25 19:56:13 \| 000,000,130 \|——\| C] ()—C:\Windows\SysWow64\lp3codec32win.dll [2011-07-21 15:29:12 \| 000,094,540 \| -H—\| C] ()—C:\Windows\SysWow64\mlfcache.dat [2011-07-08 12:00:59 \| 000,000,262 \|——\| C] ()—C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2011-06-14 02:56:44 \| 000,214,686 \|——\| C] ()—C:\Windows\hpoins47.dat [2011-06-14 02:56:44 \| 000,000,601 \|——\| C] ()—C:\Windows\hpomdl47.dat [2011-06-08 00:55:08 \| 000,001,456
[ Ignorer ] [ # 7 ] NicolaiNN
22.12.2011 21:57:23 Antal indlæg: 28	[2011-06-08 00:55:08 \| 000,001,456 \|——\| C] ()—C:\Users\Nicolai Nielsen\AppData\Local\Adobe Save for Web 12.0 Prefs [2011-06-04 18:27:48 \| 000,000,376 \|——\| C] ()—C:\Windows\ODBC.INI [2011-06-01 01:35:02 \| 000,007,621 \|——\| C] ()—C:\Users\Nicolai Nielsen\AppData\Local\Resmon.ResmonCfg [2011-05-29 22:51:26 \| 000,143,360 \|——\| C] ()—C:\Windows\Vmix108.dll [2011-05-29 22:51:26 \| 000,000,259 \|——\| C] ()—C:\Windows\Cm108.ini.cfl [2011-05-29 22:51:20 \| 000,008,042 \|——\| C] ()—C:\Windows\Cm108.ini.imi [2011-05-29 22:51:20 \| 000,002,029 \|——\| C] ()—C:\Windows\Cm108.ini.cfg [2011-05-29 22:51:20 \| 000,001,320 \|——\| C] ()—C:\Windows\cm108.ini [2011-05-29 22:48:15 \| 000,000,056 \| -H—\| C] ()—C:\Windows\SysWow64\ezsidmv.dat [2011-05-29 18:59:22 \| 000,000,000 \|——\| C] ()—C:\Windows\nsreg.dat [2011-05-29 17:48:02 \| 000,280,904 \|——\| C] ()—C:\Windows\SysWow64\PnkBstrB.exe [2011-05-29 17:47:55 \| 002,434,856 \|——\| C] ()—C:\Windows\SysWow64\pbsvc_bc2.exe [2011-05-29 17:47:55 \| 000,075,136 \|——\| C] ()—C:\Windows\SysWow64\PnkBstrA.exe [2011-05-29 17:32:54 \| 000,772,322 \|——\| C] ()—C:\Windows\SysWow64\PerfStringBackup.INI [2011-04-09 17:55:28 \| 000,179,261 \|——\| C] ()—C:\Windows\SysWow64\xlive.dll.cat [2009-07-14 06:38:36 \| 000,067,584 \|—S- \| C] ()—C:\Windows\bootstat.dat [2009-07-14 03:35:51 \| 000,000,741 \|——\| C] ()—C:\Windows\SysWow64\NOISE.DAT [2009-07-14 03:34:42 \| 000,215,943 \|——\| C] ()—C:\Windows\SysWow64\dssec.dat [2009-07-14 01:10:29 \| 000,043,131 \|——\| C] ()—C:\Windows\mib.bin [2009-07-14 00:42:10 \| 000,064,000 \|——\| C] ()—C:\Windows\SysWow64\BWContextHandler.dll [2009-07-13 22:03:59 \| 000,364,544 \|——\| C] ()—C:\Windows\SysWow64\msjetoledb40.dll [2009-06-10 22:26:10 \| 000,673,088 \|——\| C] ()—C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011-12-02 18:11:20 \| 000,000,000 \|—-D \| M]—C:\Users\Nicolai Nielsen\AppData\Roaming\FileZilla [2011-06-22 16:56:54 \| 000,000,000 \|—-D \| M]—C:\Users\Nicolai Nielsen\AppData\Roaming\Leadertech [2011-05-29 20:19:47 \| 000,000,000 \|—-D \| M]—C:\Users\Nicolai Nielsen\AppData\Roaming\Lionhead Studios [2011-05-31 13:17:32 \| 000,000,000 \|—-D \| M]—C:\Users\Nicolai Nielsen\AppData\Roaming\LolClient [2011-10-20 11:59:02 \| 000,000,000 \|—-D \| M]—C:\Users\Nicolai Nielsen\AppData\Roaming\Origin [2011-12-18 15:59:59 \| 000,000,000 \|—-D \| M]—C:\Users\Nicolai Nielsen\AppData\Roaming\Product_RM [2011-12-18 16:06:17 \| 000,000,000 \|—-D \| M]—C:\Users\Nicolai Nielsen\AppData\Roaming\Registry Mechanic [2011-08-03 12:47:06 \| 000,000,000 \|—-D \| M]—C:\Users\Nicolai Nielsen\AppData\Roaming\Rift [2011-12-22 19:45:36 \| 000,000,000 \|—-D \| M]—C:\Users\Nicolai Nielsen\AppData\Roaming\Spotify [2011-09-17 16:07:55 \| 000,000,000 \|—-D \| M]—C:\Users\Nicolai Nielsen\AppData\Roaming\Thunderbird [2011-08-09 02:05:00 \| 000,000,000 \|—-D \| M]—C:\Users\Nicolai Nielsen\AppData\Roaming\VS Revo Group [2011-07-23 16:54:55 \| 000,000,000 \|—-D \| M]—C:\Users\Nicolai Nielsen\AppData\Roaming\Wargaming.net [2011-06-06 00:55:12 \| 000,000,000 \|—-D \| M]—C:\Users\Nicolai Nielsen\AppData\Roaming\Windows Live Writer [2011-12-22 19:21:24 \| 000,000,324 \|——\| M] ()—C:\Windows\Tasks\RMSchedule.job [2011-10-24 21:47:19 \| 000,032,620 \|——\| M] ()—C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\. > [2011-12-22 17:38:35 \| 529,879,039 \| -HS- \| M] ()—C:\hiberfil.sys [2011-12-22 17:38:35 \| 2138,161,151 \| -HS- \| M] ()—C:\pagefile.sys [2011-11-26 12:57:18 \| 000,086,160 \|——\| M] ()—C:\shared.log [2011-12-21 10:41:15 \| 000,001,718 \|——\| M] ()—C:\tracert.txt < %systemroot%\system32\.dll /lockedfiles > < %systemroot%\Tasks\.job /lockedfiles > < %systemroot%\system32\drivers\.sys /lockedfiles > < %systemroot%\. /mp /s > < %USERPROFILE%\..\|smtmp;true;true;true /FP > < %systemroot%\System32\config\.sav > < %programfiles%\. > [2011-12-21 15:37:07 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Adobe [2011-06-07 23:55:37 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Adobe Media Player [2011-11-06 11:04:25 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Battlelog Web Plugins [2011-12-21 15:29:04 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Common Files [2011-06-07 23:51:37 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\FileZilla FTP Client [2011-10-25 10:05:24 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Google [2011-06-14 02:59:20 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\HP [2011-12-14 21:24:08 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\IIS [2011-12-18 12:15:06 \| 000,000,000 \| -H-D \| M]—C:\Program Files (x86)\InstallShield Installation Information [2011-12-14 16:44:41 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Internet Explorer [2011-12-18 15:58:27 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Java [2011-11-21 11:04:53 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\JDownloader [2011-09-23 22:30:31 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Malwarebytes’ Anti-Malware [2011-09-30 12:05:27 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Microsoft Analysis Services [2011-12-14 21:24:09 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Microsoft ASP.NET [2011-05-29 20:18:29 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2011-09-30 12:08:05 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Microsoft Office [2011-12-14 21:25:30 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Microsoft SDKs [2011-10-14 10:50:48 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Microsoft Silverlight [2011-12-14 21:27:01 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Microsoft SQL Server [2011-09-30 12:08:05 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2011-09-30 12:08:05 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Microsoft Sync Framework [2011-09-30 12:08:18 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Microsoft Synchronization Services [2011-09-30 12:05:45 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Microsoft Visual Studio 8 [2011-12-14 21:20:57 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Microsoft Visual Studio 9.0 [2011-12-18 12:03:49 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Microsoft WSE [2011-05-31 21:55:59 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Microsoft XNA [2011-12-14 21:26:52 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Microsoft.NET [2011-12-22 19:36:40 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Mozilla Firefox [2011-12-14 21:21:54 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\MSBuild [2011-08-10 04:07:38 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\MSECache [2011-07-13 23:53:53 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\MSXML 4.0 [2011-05-29 19:53:09 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\NEC Electronics [2011-12-21 13:32:33 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Norton 360 [2011-12-21 13:32:23 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\NortonInstaller [2011-10-25 14:12:50 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\NVIDIA Corporation [2011-10-22 13:44:44 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Origin Games [2011-09-30 12:57:53 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Pando Networks [2011-12-18 16:04:47 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\PC Tools [2011-10-31 12:25:20 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\QuickTime [2011-10-08 13:43:44 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Razer [2009-07-14 06:32:38 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Reference Assemblies [2011-12-21 15:29:56 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Secunia [2011-11-12 11:58:05 \| 000,000,000 \| R—D \| M]—C:\Program Files (x86)\Skype [2011-09-30 12:09:44 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Unigine [2009-07-14 05:57:06 \| 000,000,000 \| -H-D \| M]—C:\Program Files (x86)\Uninstall Information [2011-05-29 19:05:02 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\VideoLAN [2011-12-21 15:24:17 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\VS Revo Group [2009-07-14 06:37:47 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Windows Defender [2011-08-05 13:02:02 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Windows Live [2011-06-01 00:53:50 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Windows Mail [2011-06-01 00:53:50 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Windows Media Player [2009-07-14 06:32:38 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Windows NT [2011-06-01 00:53:50 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Windows Photo Viewer [2011-06-01 00:53:50 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Windows Portable Devices [2011-06-01 00:53:50 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Windows Sidebar [2011-12-22 17:59:18 \| 000,000,000 \|—-D \| M]—C:\Program Files (x86)\Wizards of the Coast LLC ========== Alternate Data Streams ========== @Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report >
[ Ignorer ] [ # 8 ] NicolaiNN
22.12.2011 21:58:03 Antal indlæg: 28	Beklager, jeg troede at det hele var kommet med.
[ Ignorer ] [ # 9 ] NicolaiNN
22.12.2011 22:02:56 Antal indlæg: 28	Jeg har forresten fundet ud af navnet på den infektion jeg fik. Kan læses om på http://blog.teesupport.com/how-to-remove-exploitjavacve-2011-3544-d-get-rid-of-exploitjavacve-2011-3544-d-quickly/
[ Ignorer ] [ # 10 ] f-arn TeamSpywarefri
22.12.2011 22:21:38 Administrator Team Spywarefri Antal indlæg: 4202	Start OTL Vista og Windows 7 - højreklik på filen - Kør som Administrator. Kopier nedenstånde med fed skrift ind i feltet “Custom Scans/Fixes” :OTL :files ipconfig /flushdns /c :Commands [resethosts] [CREATERESTOREPOINT] [EMPTYFLASH] [emptytemp] [Reboot] Luk alle andre åbne vinduer og klik på “Run Fix” Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd. Ellers ligger den her: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log PS Deaktiver dine Sikkerheds programmer, mens “Fixet” kører. ——— Hent og gem ComboFix på dit skrivebord. <- Vigtigt Kør så ComboFix og følg anvisningerne. Da ComboFix kan konflikte med dine sikkerhedsprogrammer, er det vigtigt at du deaktiverer dem. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når ComboFix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: ComboFix.txt Indholdet af denne fil må du gerne lægge herind. Den kan findes her: C:\ComboFix.txt Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 11 ] NicolaiNN
22.12.2011 22:34:20 Antal indlæg: 28	All processes killed ========== OTL ========== ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Nicolai Nielsen\Downloads\cmd.bat deleted successfully. C:\Users\Nicolai Nielsen\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore point Set: OTL Restore Point [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 56475 bytes User: Default User ->Flash cache emptied: 0 bytes User: Nicolai Nielsen ->Flash cache emptied: 57835 bytes User: Public User: UpdatusUser ->Flash cache emptied: 41620 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Nicolai Nielsen ->Temp folder emptied: 11450675 bytes ->Temporary Internet Files folder emptied: 4553531 bytes ->Java cache emptied: 11649136 bytes ->FireFox cache emptied: 134121614 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 9308 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 154,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12222011_213025 Files\Folders moved on Reboot… C:\Users\Nicolai Nielsen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Nicolai Nielsen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9NQX3CJ\addons-tracker-v4[1].htm moved successfully. Registry entries deleted on Reboot…
[ Ignorer ] [ # 12 ] NicolaiNN
22.12.2011 22:43:23 Antal indlæg: 28	ComboFix 11-12-22.04 - Nicolai Nielsen 22-12-2011 21:37:23.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.45.1033.18.6135.4146 [GMT 1:00] Kører fra: c:\users\Nicolai Nielsen\Desktop\ComboFix.exe AV: Norton 360 Disabled/Updated {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 Disabled {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 Enabled/Updated {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Nicolai Nielsen\AppData\Local\assembly\tmp c:\users\Nicolai Nielsen\AppData\Roaming\Rift c:\users\Nicolai Nielsen\AppData\Roaming\Rift\rift.cfg c:\users\Nicolai Nielsen\AppData\Roaming\Rift\riftpatch.cfg c:\windows\system\fltr106.dll . . ((((((((((((((((((((((((((((( Filer skabt fra 2011-11-22 til 2011-12-22 ))))))))))))))))))))))))))))))))))) . . 2011-12-22 20:39 . 2011-12-22 20:39 ———— d——-w- c:\users\UpdatusUser\AppData\Local\temp 2011-12-22 20:39 . 2011-12-22 20:39 ———— d——-w- c:\users\Default\AppData\Local\temp 2011-12-22 20:30 . 2011-12-22 20:30 ———— d——-w- C:\_OTL 2011-12-22 20:10 . 2011-12-22 20:10 22 —sha-w- c:\users\Nicolai Nielsen\AppData\Roaming\Sys2662.Config.Repository.bin 2011-12-22 20:10 . 2011-12-22 20:10 ———— d——-w- c:\program files (x86)\jv16 PowerTools 2011 2011-12-21 17:46 . 2011-12-21 18:02 ———— d——-w- c:\users\Nicolai Nielsen\AppData\Local\NPE 2011-12-21 14:34 . 2011-12-22 18:36 43992 ——a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll 2011-12-21 14:34 . 2011-12-21 14:34 479232 ——a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll 2011-12-21 14:34 . 2011-12-21 14:34 548864 ——a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll 2011-12-21 14:34 . 2011-12-21 14:34 626688 ——a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll 2011-12-21 14:29 . 2011-12-21 14:29 ———— d——-w- c:\users\Nicolai Nielsen\AppData\Local\Secunia PSI 2011-12-21 14:29 . 2011-12-21 14:29 ———— d——-w- c:\program files (x86)\Secunia 2011-12-21 13:04 . 2011-11-30 01:21 8822856 ——a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DAB23B1-46D1-4B3D-B5E9-883062100A2F}\mpengine.dll 2011-12-21 12:32 . 2010-08-21 04:59 34152 ——a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-12-21 12:32 . 2011-12-21 13:52 174200 ——a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2011-12-21 12:32 . 2011-12-21 13:52 ———— d——-w- c:\program files\Symantec 2011-12-21 12:32 . 2011-12-21 12:32 ———— d——-w- c:\program files\Common Files\Symantec Shared 2011-12-21 12:32 . 2011-12-21 17:48 ———— d——-w- c:\windows\system32\drivers\N360x64 2011-12-21 12:32 . 2011-12-21 12:32 ———— d——-w- c:\program files (x86)\Norton 360 2011-12-21 12:32 . 2011-12-21 12:32 ———— d——-w- c:\program files (x86)\NortonInstaller 2011-12-18 15:06 . 2011-12-18 15:06 ———— d——-w- c:\users\Nicolai Nielsen\AppData\Roaming\Registry Mechanic 2011-12-18 15:05 . 2011-12-12 13:07 512472 ——a-w- c:\windows\SysWow64\msxml.dll 2011-12-18 15:05 . 2011-12-12 13:07 40408 ——a-w- c:\windows\system32\CleanMFT64.exe 2011-12-18 15:05 . 2008-09-17 21:17 658432 ——a-w- c:\windows\SysWow64\MSCOMCT2.OCX 2011-12-18 15:05 . 2008-04-02 15:54 1101824 ——a-w- c:\windows\SysWow64\UniBox210.ocx 2011-12-18 15:05 . 2008-04-02 15:53 212992 ——a-w- c:\windows\SysWow64\UniBoxVB12.ocx 2011-12-18 15:05 . 2008-04-02 15:53 880640 ——a-w- c:\windows\SysWow64\UniBox10.ocx 2011-12-18 15:04 . 2011-12-18 15:04 ———— d——-w- c:\program files (x86)\Common Files\PC Tools 2011-12-18 15:04 . 2011-12-18 15:04 ———— d——-w- c:\program files (x86)\PC Tools 2011-12-18 15:00 . 2011-12-18 15:00 ———— d——-w- c:\programdata\PC Tools 2011-12-18 14:59 . 2011-12-18 14:59 ———— d——-w- c:\users\Nicolai Nielsen\AppData\Roaming\Product_RM 2011-12-18 14:58 . 2011-12-18 14:58 ———— d——-w- c:\program files (x86)\Common Files\Java 2011-12-18 14:58 . 2011-12-18 14:58 476904 ——a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-12-18 11:03 . 2011-12-18 11:03 ———— d——-w- c:\program files (x86)\Microsoft WSE 2011-12-18 11:03 . 2008-09-04 18:17 447752 ——a-w- c:\windows\SysWow64\vp6vfw.dll 2011-12-14 20:41 . 2011-12-22 20:39 ———— d——-w- c:\users\Nicolai Nielsen\AppData\Local\assembly 2011-12-14 20:36 . 2011-12-14 20:36 ———— d——-w- c:\users\Nicolai Nielsen\AppData\Roaming\Microsoft Corporation 2011-12-14 20:27 . 2009-07-22 08:17 78872 ——a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2011-12-14 20:27 . 2009-07-22 08:17 50200 ——a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2011-12-14 20:27 . 2009-07-22 08:17 79896 ——a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2011-12-14 20:27 . 2009-07-22 08:17 111640 ——a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2011-12-14 20:27 . 2011-12-14 20:27 ———— d——-w- c:\windows\system32\RsFx 2011-12-14 20:27 . 2011-12-14 20:27 ———— d——-w- c:\program files\Microsoft Visual Studio 9.0 2011-12-14 20:26 . 2011-12-14 20:26 ———— d——-w- c:\program files\Microsoft.NET 2011-12-14 20:25 . 2011-12-14 20:27 ———— d——-w- c:\program files\Microsoft SQL Server 2011-12-14 20:20 . 2011-12-14 20:20 ———— d——-w- c:\windows\symbols 2011-12-14 20:20 . 2011-12-14 20:20 ———— d——-w- c:\program files\Microsoft Help Viewer 2011-12-14 10:33 . 2011-11-24 04:52 3145216 ——a-w- c:\windows\system32\win32k.sys 2011-12-14 10:33 . 2011-10-26 05:21 43520 ——a-w- c:\windows\system32\csrsrv.dll 2011-12-14 10:33 . 2011-10-15 06:31 723456 ——a-w- c:\windows\system32\EncDec.dll 2011-12-14 10:33 . 2011-10-15 05:38 534528 ——a-w- c:\windows\SysWow64\EncDec.dll 2011-12-14 10:33 . 2011-11-05 05:32 2048 ——a-w- c:\windows\system32\tzres.dll 2011-12-14 10:33 . 2011-11-05 04:26 2048 ——a-w- c:\windows\SysWow64\tzres.dll 2011-12-01 11:47 . 2011-12-01 11:47 ———— d——-w- c:\users\Default\AppData\Local\Microsoft Help 2011-11-30 12:35 . 2011-11-30 12:35 ———— d——-w- C:\found.000 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-22 20:40 . 2011-12-22 20:40 69000 ——a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DAB23B1-46D1-4B3D-B5E9-883062100A2F}\offreg.dll 2011-12-21 14:30 . 2011-05-29 16:29 404640 ——a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-18 14:58 . 2011-05-29 22:44 472808 ——a-w- c:\windows\SysWow64\deployJava1.dll 2011-11-26 11:43 . 2011-05-29 16:49 280904 ——a-w- c:\windows\SysWow64\PnkBstrB.xtr 2011-11-26 11:43 . 2011-05-29 16:48 280904 ——a-w- c:\windows\SysWow64\PnkBstrB.exe 2011-11-26 11:41 . 2011-05-29 16:48 189248 ——a-w- c:\windows\SysWow64\PnkBstrB.ex0 2011-11-26 11:41 . 2011-05-29 16:47 75136 ——a-w- c:\windows\SysWow64\PnkBstrA.exe 2011-11-15 13:29 . 2011-05-29 16:35 270720 ———w- c:\windows\system32\MpSigStub.exe 2011-10-24 13:29 . 2011-10-24 13:29 94208 ——a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ——a-w- c:\windows\SysWow64\QuickTime.qts 2011-10-15 08:53 . 2011-10-25 13:12 8791360 ——a-w- c:\windows\system32\nvwgf2umx.dll 2011-10-15 08:53 . 2011-10-25 13:12 7581504 ——a-w- c:\windows\system32\nvcuda.dll 2011-10-15 08:53 . 2011-10-25 13:12 68928 ——a-w- c:\windows\system32\OpenCL.dll 2011-10-15 08:53 . 2011-10-25 13:12 61248 ——a-w- c:\windows\SysWow64\OpenCL.dll 2011-10-15 08:53 . 2011-10-25 13:12 5578560 ——a-w- c:\windows\SysWow64\nvcuda.dll 2011-10-15 08:53 . 2011-10-25 13:12 2542912 ——a-w- c:\windows\system32\nvcuvid.dll 2011-10-15 08:53 . 2011-10-25 13:12 24796992 ——a-w- c:\windows\system32\nvcompiler.dll 2011-10-15 08:53 . 2011-10-25 13:12 2401088 ——a-w- c:\windows\SysWow64\nvcuvid.dll 2011-10-15 08:53 . 2011-10-25 13:12 2232128 ——a-w- c:\windows\system32\nvcuvenc.dll 2011-10-15 08:53 . 2011-10-25 13:12 2099520 ——a-w- c:\windows\SysWow64\nvcuvenc.dll 2011-10-15 08:53 . 2011-10-25 13:12 18871616 ——a-w- c:\windows\SysWow64\nvoglv32.dll 2011-10-15 08:53 . 2011-10-25 13:12 17248576 ——a-w- c:\windows\SysWow64\nvcompiler.dll 2011-10-15 08:53 . 2011-10-25 13:12 12971840 ——a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-10-15 08:53 . 2011-09-11 21:04 1533248 ——a-w- c:\windows\system32\nvdispco64.dll 2011-10-15 08:53 . 2011-09-11 21:04 1454400 ——a-w- c:\windows\system32\nvgenco64.dll 2011-10-15 08:53 . 2011-07-14 20:59 24742720 ——a-w- c:\windows\system32\nvoglv64.dll 2011-10-15 08:53 . 2011-07-14 20:59 15693120 ——a-w- c:\windows\system32\nvd3dumx.dll 2011-10-15 08:53 . 2011-05-29 16:17 7041856 ——a-w- c:\windows\SysWow64\nvwgf2um.dll 2011-10-15 08:53 . 2011-05-29 16:17 2808128 ——a-w- c:\windows\system32\nvapi64.dll 2011-10-15 08:53 . 2011-05-29 16:17 2458432 ——a-w- c:\windows\SysWow64\nvapi.dll 2011-10-15 08:53 . 2011-05-29 16:17 13205312 ——a-w- c:\windows\SysWow64\nvd3dum.dll 2011-10-15 08:53 . 2011-04-07 21:19 222528 ——a-w- c:\windows\system32\nvmctray.dll 2011-10-15 08:53 . 2011-04-07 21:19 837952 ——a-w- c:\windows\system32\easyupdatusapiu64.dll 2011-10-15 08:53 . 2011-04-07 21:19 1640768 ——a-w- c:\windows\system32\nvvsvc.exe 2011-10-15 08:53 . 2011-04-07 21:19 137536 ——a-w- c:\windows\system32\nvshext.dll 2011-10-15 08:53 . 2011-04-07 21:19 10406208 ——a-w- c:\windows\system32\nvcpl.dll 2011-10-15 08:53 . 2011-04-07 21:19 5067584 ——a-w- c:\windows\system32\nvsvc64.dll 2011-10-14 22:54 . 2011-10-14 22:54 321856 ——a-w- c:\windows\SysWow64\nvStreaming.exe 2011-09-29 16:29 . 2011-11-09 11:01 1923952 ——a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ccleaner”=“c:\program files\CCleaner\CCleaner64.exe” [2011-07-25 4389696] “Steam”=“f:\steam\steam.exe” [2011-09-04 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] “NUSB3MON”=“c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe” [2010-01-22 106496] “SSDMonitor”=“c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe” [2011-12-12 103896] “Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2011-06-06 937920] . c:\users\Nicolai Nielsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2011-8-9 0] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “ConsentPromptBehaviorAdmin”= 0 (0x0) “ConsentPromptBehaviorUser”= 3 (0x3) “EnableLUA”= 0 (0x0) “EnableUIADesktopToggle”= 0 (0x0) “PromptOnSecureDesktop”= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] “mixer6”=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0OODBS . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Tjeneste (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 136176] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x] R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\NICOLA~1\AppData\Local\Temp\Rar$EX79.064\WinRing0x64.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] S0 Si3124r5;SiI-3124 SoftRaid 5 Controller;c:\windows\system32\DRIVERS\Si3124r5.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-10 1156216] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111221.001\IDSvia64.sys [2011-12-20 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008] S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-06-29 3246920] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-12-21 138360] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Indhold af mappen ‘Planlagte Opgaver’ . 2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 09:04] . 2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 09:04] . 2011-12-22 c:\windows\Tasks\RMSchedule.job - c:\program files (x86)\PC Tools\PC Tools Registry Mechanic\RegMech.exe [2011-12-18 13:06] . . ————- x86-64—————- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Launch LCore”=“c:\program files\Logitech Gaming Software\LCore.exe” [2011-06-14 110360] “OODefragTray”=“c:\program files\OO Software\Defrag\oodtray.exe” [2011-06-29 3992904] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] “LoadAppInit_DLLs”=0x0 . ———- Yderligere scanning———- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&ksporter; til Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: E&xport; to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd; to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 85.233.224.20 85.233.228.2 FF - ProfilePath - c:\users\Nicolai Nielsen\AppData\Roaming\Mozilla\Firefox\Profiles\zxsovoul.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/ . - - - - TOMME GENVEJE FJERNET - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] “ImagePath”=”\“c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\” /s \“N360\” /m \“c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\” /prefetch:1” . ——————————- LÅSTE REGISTRERINGS NØGLER——————————- . [HKEY_USERS\S-1-5-21-3378476827-1488579091-87155459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-3378476827-1488579091-87155459-1000) @Denied: (2) (LocalSystem) “Progid”=“Outlook.File.eml.14” . [HKEY_USERS\S-1-5-21-3378476827-1488579091-87155459-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-3378476827-1488579091-87155459-1000) @Denied: (2) (LocalSystem) “Progid”=“Outlook.File.vcf.14” . [HKEY_USERS\S-1-5-21-3378476827-1488579091-87155459-1000\Software\SecuROM\License information] “datasecu”=hex:90,43,ec,78,6d,75,9e,e8,01,b3,d3,5a,2e,14,60,87,13,76,27,75,5e, 6a,b1,08,0f,2d,2a,b6,da,ef,c4,c9,ac,81,7b,02,a5,fe,57,af,82,54,31,80,d2,0f,\ “rkeysecu”=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @=“FlashBroker” “LocalizedString”=”@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] “Enabled”=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @=“Shockwave Flash Object” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx” “ThreadingModel”=“Apartment” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @=“0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @=“ShockwaveFlash.ShockwaveFlash.10” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @=”{D27CDB6B-AE6D-11cf-96B8-444553540000}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @=“ShockwaveFlash.ShockwaveFlash” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @=“Macromedia Flash Factory Object” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx” “ThreadingModel”=“Apartment” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @=“FlashFactory.FlashFactory.1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @=”{D27CDB6B-AE6D-11cf-96B8-444553540000}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @=“FlashFactory.FlashFactory” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @=“IFlashBroker4” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @=”{00020424-0000-0000-C000-000000000046}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}” “Version”=“1.0” . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System] “OODEFRAG12.00.00.01PROFESSIONAL”=“A283BF92D49D8483CC2FE905351F2BCE6CA6F8FEB8A6C3CAAF9A371B13F7E024689B4FA286022232EEF658F1A87B6269DB10ABEB098DB8D706588984960A4934DAD019D65E3BE6FC811AAC47173A81A75199D9C17FDD67D994AB6576092F57BF1AE377BA57F95D66A1E32566066588A90838CBCF4E99E533D14F37516C83548AFA7B9A60DE95A4B29E82572E722A0AD66C4219E81FE9D90C68653CF8B5C61C9C039F05DA5886EDEA7E082B86CA5E2DD89F7430638E9B81CEB57108D34D60A1C26EBF914498EB7F5B776CDF57F0772F1EF7ED531B2A9D2CAACEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933FEBC9E127BECC74CA6171C11EC38DE3D44047DE85FDE4A4097016F7DFE8EAA1CBFEA6BD0E4335CC3BFDA32F4485730EE0FA5A33901B5BA133674F180EF7913A607AC68F4FC4AA63AD829C07E9DAE915A62C28F13F6BF0FC114A8324D7D257D6492895A63BAE9613D328927580E988EF58E0FC2918E2E515BAA5722ACEED9AF202360C62F0010B3F473229603B3665068C49441C4BAC8499FD20EB85930F335D75D633462D14E8C3C2BE7CAF54C00C48A1CAF97AE93E90505CCAE7004D0635D3D481BAD7859C798A2C8A77F1AB95E9D660E91D1465383D7B53D6E49CF842C3B3951604464E1394F6C2403F34D0290CE3FF9BE81775A96D78DA95944562467A5E349628A0B5D6CE60F75EBEE614F381287A20FBCA0A83BDD9F7FC9E823ABC1398D632598C3E1C45BB9D9A9389DEF8CE3E92E301C15689C89318BF34135397AD2B639FC8ADC26376D48D4599BBB54D50740A523BF9B617ABBBA04DD5C02916517974718FE18884C22D0C86A6B6913757F9D783CC66F05A69BEAFEDECD701EEBEC99EBF19A280AA2401900A0FAC767DA16C5F825573FE48A92A27627AADDE80A7FDC6D5F0438CDE9D41D2992A3ED2D8D57B0DDD99CAEB89FCFF7CC370D182350BDB27486E7649E68AE8D55AE41E6E728960BC12A425459F5C43443E517E49E62DBA18CE2743E6977E3CC78B1B52EBCD7E735A13CFB3B48B0A754025BE6FB56784FE3A5415F4ABD04CA72EDB164B774602444E109FCE1A786F20B94172789E360536915C65E81510F01CAF095B7E87F166980C6DC01BCBDC4E3BBE9E9FEAD877868D313E82ED0FC2F65542518999CED6518667C574531F5487D825579A07BA5B551F9BB720F1A3D0C1E430FCBFC9F764B55A5116F8B9CDF85852C8FC03C7CC6A094E590824331B36390FE96915634725989A4766C184BAC8386B9328C082B95D47ED5748B13E025066A238BA21E906038637B02EBB502345ECD603DFDC1F762049DBCAF554AE3F95B9CFE9E0B4F5F6120D3F4705EB176F043EE89158BA44721F04342F07938EDBE5AD9” “OODEFRAG14.00.00.01PROFESSIONAL”=“96BF17107A03141FB5AB35577CDF1CD793934A44E92AD2EBBBCEE18AC22A9A07AAEE23912FB67901A640DC5B62196766A193A12F85C4B1D43757EE20BB5CEF9E288AEC56A70004C4FDF3B4B692F82BC1A4B22AD0192AA5A0AA196B1BE25763630455C50B7AB54B3FDFF6C46EA7D38BA18FB1C7215B4CF80C7E7EB10B334C89B9360CA17005E44F987670B995FCB20D935D4180A9CC505C2A9BE9C38D6D1C5AD638581A5D67CB6E4BED7AE8D734511C770C8B008BAF8FE1DE70AEC4D7935D33460BDCEBB9845EF02976A2C5F3B22086029D2894798A17036571927C31ECDBD2E5B2AE788305C47ED3C4EAEA3C2145FC3C15A8B13BA52A194A145456F78415FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933FEBC9E127BECC74CA6171C11EC38DE3D084F625DD3E8DFBC0BAB256A879BAD215435F177EF735C4F10D0E3D4C2B743A37DB0028FDF5035985AA74008743EFE48CDD3826039727642EF15B1B842E799B358D961BBCD9B3BD2C3340CFAB9C6412E45BF529977F078BA08E255CE9855E936A2CB9FA9E90AD2E47B5515B69D089A0BB625FE62057BE6C93D272042DBDDBBBF4C5BDC14236E23FB19666E23886D6E4883802E71E42D8BB859A8E537C7F4D61126B0BEA88A3015F99616AE9C04EFEB8570A685EDBBB6EF830AFD00C1389F49A566C96F8C594C58745564F07342A17F14A43D33F5D1DEE6585F12CA6D3079E228A9F41D55E94FDEB418A6536B15A55C7AACBF649A14FD811BCFA52638D53039796B59F78E3A5DDD388588F8BCF6B6FAF4F9FB4E6012829B63B5CCF6127184A62F90EE3636ED2FCFAFA9860892021E166FDF16A740836B4EFCCBEEA6E4F2CE47115D8292414B0EF30373F3AB0EF4BD2C0F17832D2741CF7A6636C7A186EAF8FB9A7E34C815BD5BC949377491C3B68980283C8F1EF6455A45D579E6584810016A7E00FA1D8E54881B522C82EDB9CD0A9BC6CF59BD04B24496AF7DAFBF6ABB797B1F569CD2F9419D6F9C6CECF66D65DA4629B5D254984D629911915BCF24EB875D17D6B7349DDB351560F7D4E5CE4EAD92C0B744ACEE7E193F49E674061EC2667F313C3D8F2D20001F07B3AF7BC17C4551B500C617BA54603B5C12DBE1F6856518EE257036562B4064ABE447789C077A1A61A1C9E621FDC686018CC369C01FE3A004136C7DB6414DFC22B83AA42E2BB9C8D20E90F338516DDC23B4B5A5021C5BD5DAEC9BBF61479248EFBC784AB547827CCC20309A1046893E61CA0C21B3B054B70E7D40595ECA10E7CC664A3865DFEA9745139639297B64ED1174F66EC430EC0E6E726E2DA7785743288BC7C1E89D194266077F33F630DA7538BCFAA01795585F00DF8FA0AC259182A2E85F3C584BCA661081FE” . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) “Solution”=”{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}” . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] “Key”=“ActionsPane3” “Location”=“c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd” . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ————————————Andre kørende processer———————————— . c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************* . Gennemført tid: 2011-12-22 21:42:14 - maskinen blev genstartet ComboFix-quarantined-files.txt 2011-12-22 20:42 . Pre-Kørsel: 12.522.115.072 bytes free Post-Kørsel: 12.201.033.728 bytes free . - - End Of File - - 53FC832783FB1534D8DF8C9755B0DE33
[ Ignorer ] [ # 13 ] NicolaiNN
22.12.2011 22:43:51 Antal indlæg: 28	De kom der
[ Ignorer ] [ # 14 ] f-arn TeamSpywarefri
23.12.2011 12:24:14 Administrator Team Spywarefri Antal indlæg: 4202	Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript Killall:: Snapshot:: Filelook:: c:\windows\system32\drivers\CM10664.sys Dirlook:: C:\Users\Nicolai Nielsen\AppData\Local\{772FAAF3-38B4-44CA-8DAD-BDFF6E26E188} C:\Users\Nicolai Nielsen\AppData\Local\{2DE709AD-AAE5-4909-93CA-190BBA08FD5B} ClearJavaCache:: Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem. <- Vigtigt Tag så fat i den nye fil med musen, og før den hen over ComboFix-filen, hvorefter du “giver slip” med musen. http://www.fromsej.saknet.dk/billeder/swfcombo.gif Så skulle ComboFix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt Indholdet af denne fil må du gerne lægge herind. ——— Download Tdsskiller.zip på dit skrivebord og pak den ud i en mappe. Kør TDSSKiller.exe -> Klik på “Start Scan” Mht.: Vista og Windows 7 - Højreklik på filen - Kør som Administrator. Hvis en inficeret fil bliver fundet, vil ”Default action” være Cure, klik på Continue Hvis en mistænkelig fil opdages, vil ”Default action” være Skip, klik på Continue Hvis den ikke spørger om ”Reboot” (genstart) så klik på ”Report”, kopier den tekst herind i tråden. Genstart hvis den kræver det. Hvis den genstarter kan du finde logfilen her : C:\TDSSKiller.[Version]_[Dato]_[Tidspunkt]_log.txt. Kopier den tekst herind I denne tråd. [ Rettet: 23.12.2011, 12:26 af f-arn TeamSpywarefri ] Signatur Undlad venligst at vedhæfte logs, medmindre du bliver bedt om det !
[ Ignorer ] [ # 15 ] NicolaiNN
24.12.2011 15:25:45 Antal indlæg: 28	Combofix har nu stået i 3 timer på Completed Stage_4 Er der noget galt?

1 af 2

Næste