Hej          

kan i få øje på nogle problemer, eller kan jeg bare aflevere denne pc tilbage igen, ??

Hvis du følger nedenstående, kan vi bedre danne os et overblik over hvad der kører på computeren, så nej, det ville da være synd og skam at “bare” levere den tilbage nu.

Download OTL af Oldtimer, gem den på dit skrivebord: http://oldtimer.geekstogo.com/OTL.exe
• 
Luk alle åbne vinduer. Klik på OTL ikonet (for Vista/win7, skal du højreklikke på ikonet og Kør som Administrator) for at starte programmet.
Når vinduet vises, under Output i toppen skift til Minimal Output.
Marker felterne ud for LOP check og Purity Check.
• 

ICustom Scan boxen, kopierer du nedestående ind

netsvcs
drivers32
msconfig
safebootminimal
safebootnetwork
activex
set /c
/md5start
iexplore.exe
explorer.exe
winlogon.exe
userinit.exe
svchost.exe
volsnap.sys
wininit.exe
sfc.dll
/md5stop
%SYSTEMDRIVE%\*.*
%SYSTEMDRIVE%\*.
%CREATERESTOREPOINT
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Klik så på Quick Scan.

Det vil give to (2) logfiler på skrivebordet, en kaldet OTL.txt, den anden vil blive navngivet Extras.txt.
Husk, hvor du har gemt disse 2 filer.

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.

Hej så er der kørt scanning, med lidt besvær.

OTL logfile created on: 13-06-2012 15:14:08 - Run 1
OTL by OldTimer - Version 3.2.48.0   Folder = C:\Users\Pallellen\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

1013,68 Mb Total Physical Memory | 93,39 Mb Available Physical Memory | 9,21% Memory free
2,45 Gb Paging File | 0,28 Gb Available in Paging File | 11,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 32,64 Gb Free Space | 46,87% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 69,11 Gb Free Space | 99,24% Space Free | Partition Type: NTFS

Computer Name: PALLELLEN-PC | User Name: Pallellen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Pallellen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmer\Heimdal\Client\HeimdalAgent.exe (CSIS Security Group)
PRC - C:\Programmer\Heimdal\Service\HeimdalAgentService.exe (CSIS Security Group)
PRC - C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programmer\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programmer\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programmer\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programmer\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programmer\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
PRC - C:\Programmer\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Users\PALLEL~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programmer\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programmer\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programmer\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Programmer\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()
PRC - C:\Programmer\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Programmer\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
PRC - C:\Programmer\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Programmer\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programmer\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\92694d06b9da1bff8e1722913a1d62bc\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\675632907c226b0c67a2407f2ddd4bf7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.View.dll ()
MOD - C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll ()
MOD - C:\Programmer\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programmer\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programmer\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Acer\Empowering Technology\eNet\eNetPlugin.dll ()
MOD - C:\Acer\Empowering Technology\eNet\eNMWidget.dll ()
MOD - C:\Acer\Empowering Technology\eLock\eLockCTL.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
MOD - C:\Programmer\Launch Manager\PowerUtl.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc)—C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HeimdalSecureDNS)—C:\Programmer\Heimdal\HeimdalSecureDNS\DNSService.exe (Microsoft)
SRV - (HeimdalService)—C:\Programmer\Heimdal\Service\HeimdalAgentService.exe (CSIS Security Group)
SRV - (avast! Antivirus)—C:\Programmer\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (!SASCORE)—C:\Programmer\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (odserv)—C:\Programmer\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WinDefend)—C:\Programmer\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc)—C:\Programmer\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (eRecoveryService)—C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eSettingsService)—C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (CLSched) CyberLink Task Scheduler (CTS)—C:\Programmer\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS)—C:\Programmer\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service)—C:\Programmer\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (eNet Service)—C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (WMIService)—C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eDataSecurity Service)—C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eLockService)—C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (IAANTMON) Intel(R)—C:\Programmer\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (MobilityService)—C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (ose)—C:\Programmer\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd)—system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt)—system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp)—system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz135)—C:\Windows\TEMP\cpuz135\cpuz135_x32.sys File not found
DRV - (blbdrive)—C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (aswSnx)—C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP)—C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr)—C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi)—C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt)—C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk)—C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SASDIFSV)—C:\Programmer\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL)—C:\Programmer\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (athr)—C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (int15)—C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (XAudio)—C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NVENETFD)—C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://da.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://da.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: “URL” = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: “URL” = http://search.myheritage.com?orig=ds&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Pallellen\Desktop\Spy
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmer\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{459943AD-7515-408C-B515-3BC79D063077}: “URL” = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale;=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_da
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: “URL” = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKCU\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: “URL” = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{F8E667D4-E330-4977-8399-FD967E11AAB5}: “URL” = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-04-23 10:13:34 | 000,000,000 |—-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-24 17:26:40 | 000,000,000 |—-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-04-23 10:13:34 | 000,000,000 |—-D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie;={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl;={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Pallellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-s\u00F8gning = C:\Users\Pallellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Pallellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\Pallellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006-09-18 23:41:30 | 000,000,761 |——| M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1     localhost
O1 - Hosts: ::1         localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmer\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programmer\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Programmer\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmer\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programmer\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DATAMNGR] C:\Programmer\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programmer\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Acer Tour Reminder]  File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmer\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmer\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFD7497F-F306-4318-82B2-48CCE16387E3}: DhcpNameServer = 193.162.153.164 194.239.134.83
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmer\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmer\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmer\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\datamngr.dll) - c:\Programmer\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\iebho.dll) - c:\Programmer\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\ACER01.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\ACER01.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programmer\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 |——| M] () - C:\autoexec.bat—[ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open]—“%1” %*
O35 - HKLM\..exefile [open]—“%1” %*
O37 - HKLM\...com [@ = comfile]—“%1” %*
O37 - HKLM\...exe [@ = exefile]—“%1” %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp -  File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)

SafeBootMin: !SASCORE - C:\Programmer\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programmer\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: !SASCORE - C:\Programmer\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programmer\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {275EDC24-1F45-437E-ACB9-7B9E316CC352} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - “%ProgramFiles%\Windows Mail\WinMail.exe” OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webmapper
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - “C:\Windows\System32\rundll32.exe” “C:\Windows\System32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP

%CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-06-13 14:58:14 | 000,596,480 |——| C] (OldTimer Tools)—C:\Users\Pallellen\Desktop\OTL.exe
[2012-06-11 20:26:17 | 000,000,000 |—-D | C]—C:\Users\Pallellen\AppData\Roaming\SUPERAntiSpyware.com
[2012-06-11 20:25:47 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012-06-11 20:19:56 | 000,000,000 |—-D | C]—C:\Users\Pallellen\Desktop\Spy
[2012-06-11 17:01:49 | 000,000,000 |—-D | C]—C:\Program Files\ESET
[2012-06-11 16:06:26 | 000,000,000 | R—D | C]—C:\Users\Pallellen\Dropbox
[2012-06-11 15:58:17 | 000,000,000 |—-D | C]—C:\Users\Pallellen\AppData\Roaming\Dropbox
[2012-06-10 21:16:27 | 000,000,000 |—-D | C]—C:\Windows\System32\DRVSTORE
[2012-06-10 21:13:23 | 000,000,000 |—-D | C]—C:\ProgramData\Soluto
[2012-06-10 19:00:44 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSIS Heimdal
[2012-06-10 19:00:40 | 000,000,000 |—-D | C]—C:\ProgramData\CSIS
[2012-06-10 19:00:38 | 000,000,000 |—-D | C]—C:\Program Files\Heimdal
[2012-05-28 09:21:18 | 000,000,000 |—-D | C]—C:\Users\Pallellen\AppData\Roaming\Mozilla
[2012-05-28 09:21:18 | 000,000,000 |—-D | C]—C:\Users\Pallellen\AppData\Local\Mozilla
[2012-05-28 09:21:01 | 000,000,000 |—-D | C]—C:\ProgramData\Mozilla
[2012-05-28 09:20:51 | 000,000,000 |—-D | C]—C:\Program Files\Mozilla Firefox
[2012-05-27 17:54:29 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes’ Anti-Malware
[2012-05-27 17:54:23 | 000,022,344 |——| C] (Malwarebytes Corporation)—C:\Windows\System32\drivers\mbam.sys
[2012-05-27 17:54:22 | 000,000,000 |—-D | C]—C:\Program Files\Malwarebytes’ Anti-Malware

========== Files - Modified Within 30 Days ==========

[2012-06-13 15:17:14 | 000,000,920 |——| M] ()—C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-13 14:58:27 | 000,596,480 |——| M] (OldTimer Tools)—C:\Users\Pallellen\Desktop\OTL.exe
[2012-06-13 14:48:52 | 000,000,830 |——| M] ()—C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-06-13 14:47:01 | 000,003,568 | -H—| M] ()—C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-06-13 14:46:57 | 000,003,568 | -H—| M] ()—C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-06-13 14:45:17 | 000,067,584 |—S- | M] ()—C:\Windows\bootstat.dat
[2012-06-12 16:16:30 | 000,000,916 |——| M] ()—C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-11 20:25:48 | 000,001,804 |——| M] ()—C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-06-11 16:46:08 | 1061,658,624 | -HS- | M] ()—C:\hiberfil.sys
[2012-06-11 16:16:22 | 000,000,193 |——| M] ()—C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012-06-10 20:58:46 | 000,004,016 |——| M] ()—C:\Users\Pallellen\Documents\cc_20120610_205839.reg
[2012-05-29 16:51:57 | 006,537,008 |——| M] ()—C:\Users\Pallellen\Documents\Afregning
[2012-05-28 09:28:05 | 000,000,850 |——| M] ()—C:\Users\Pallellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2012-05-27 16:19:36 | 000,000,947 |——| M] ()—C:\Users\Pallellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012-05-27 16:18:00 | 000,058,724 |——| M] ()—C:\Users\Pallellen\Documents\cc_20120527_161743.reg

========== Files Created - No Company Name ==========

[2012-06-11 20:25:48 | 000,001,804 |——| C] ()—C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012-06-10 21:18:32 | 000,000,193 |——| C] ()—C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012-06-10 20:58:44 | 000,004,016 |——| C] ()—C:\Users\Pallellen\Documents\cc_20120610_205839.reg
[2012-05-29 16:51:22 | 006,537,008 |——| C] ()—C:\Users\Pallellen\Documents\Afregning
[2012-05-28 09:28:05 | 000,000,850 |——| C] ()—C:\Users\Pallellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk
[2012-05-27 16:17:49 | 000,058,724 |——| C] ()—C:\Users\Pallellen\Documents\cc_20120527_161743.reg
[2012-03-30 16:06:29 | 000,000,680 |——| C] ()—C:\Users\Pallellen\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012-06-11 16:28:15 | 000,000,000 |—-D | M]—C:\Users\Pallellen\AppData\Roaming\Dropbox
[2008-03-02 16:43:57 | 000,000,000 |—-D | M]—C:\Users\Pallellen\AppData\Roaming\Template
[2012-06-11 16:45:06 | 000,032,642 |——| M] ()—C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

<  set /c >
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Pallellen\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PALLELLEN-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Pallellen
LOCALAPPDATA=C:\Users\Pallellen\AppData\Local
LOGONSERVER=\\PALLELLEN-PC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 22 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1601
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\PALLEL~1\AppData\Local\Temp
TMP=C:\Users\PALLEL~1\AppData\Local\Temp
USERDOMAIN=Pallellen-PC
USERNAME=Pallellen
USERPROFILE=C:\Users\Pallellen
windir=C:\Windows

< MD5 for: EXPLORER.EXE >
[2008-10-29 08:20:29 | 002,923,520 |——| M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE—C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008-10-29 08:29:41 | 002,927,104 |——| M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D—C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008-10-30 05:59:17 | 002,927,616 |——| M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E—C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008-02-26 09:35:59 | 002,923,520 |——| M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399—C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008-02-26 09:35:57 | 002,923,520 |——| M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362—C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009-04-11 08:27:36 | 002,926,592 |——| M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253—C:\Windows\explorer.exe
[2009-04-11 08:27:36 | 002,926,592 |——| M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253—C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008-10-28 04:15:02 | 002,923,520 |——| M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB—C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006-11-02 11:45:07 | 002,923,520 |——| M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D—C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008-01-19 09:33:10 | 002,927,104 |——| M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F—C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IEXPLORE.EXE >
[2008-04-25 06:22:36 | 000,625,664 |——| M] (Microsoft Corporation) MD5=07ED775D6DB4BFA96D7CFB09EB228418—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe
[2009-01-15 06:14:36 | 000,634,024 |——| M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[2012-04-04 15:56:38 | 000,199,240 |——| M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D—C:\Program Files\Malwarebytes’ Anti-Malware\Chameleon\iexplore.exe
[2007-08-21 17:16:55 | 000,625,152 |——| M] (Microsoft Corporation) MD5=10BDB55982586A432A3951EB19A26009—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16473_none_2d330f011d0e0526\iexplore.exe
[2008-06-27 05:54:09 | 000,625,664 |——| M] (Microsoft Corporation) MD5=157F8DE991396C536820D7FA5C8DCF7D—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\iexplore.exe
[2008-04-15 16:31:37 | 000,625,664 |——| M] (Microsoft Corporation) MD5=182CAF7403705ACCB51211A761080B8F—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
[2008-10-02 05:50:01 | 000,633,632 |——| M] (Microsoft Corporation) MD5=19403B64906C9EAC627E3C10847B0FDA—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\iexplore.exe
[2009-11-21 08:42:38 | 000,638,232 |——| M] (Microsoft Corporation) MD5=1B6362BB14FCEB9E76BCF9A953B04788—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[2009-03-03 06:18:52 | 000,636,072 |——| M] (Microsoft Corporation) MD5=1DD66A2851DACDEC32EAE8F9A8865ABD—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[2009-04-24 18:25:27 | 000,634,648 |——| M] (Microsoft Corporation) MD5=1F44940EF1D07D0BDAF80E55853DFBD0—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[2010-02-23 17:06:13 | 000,638,232 |——| M] (Microsoft Corporation) MD5=25DB705A7DC85C208B3CF2D20F118AA7—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[2009-04-11 08:27:44 | 000,636,080 |——| M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2009-08-27 07:23:17 | 000,638,232 |——| M] (Microsoft Corporation) MD5=2E48756F12C21F46895036AC089AAD97—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[2010-01-02 16:58:26 | 000,638,216 |——| M] (Microsoft Corporation) MD5=3D8DA00B028DEA9517066F1CECBFC4A2—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[2010-05-04 08:32:18 | 000,638,232 |——| M] (Microsoft Corporation) MD5=48A6109E8DF0365195298CC527B7426A—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[2010-09-08 08:26:34 | 000,638,232 |——| M] (Microsoft Corporation) MD5=4A719476A6393B1DCACFEB4F3AC6599C—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
[2009-07-22 08:04:09 | 000,638,232 |——| M] (Microsoft Corporation) MD5=4B5AEA50CE77FBA4C2D169622DC9B489—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
[2008-10-16 06:27:53 | 000,634,024 |——| M] (Microsoft Corporation) MD5=4CBA2F58668F2D5F3259CBE73E227F25—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
[2008-06-27 03:41:30 | 000,625,664 |——| M] (Microsoft Corporation) MD5=4DBD95312B1C96C5285D38F1D748CD4D—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\iexplore.exe
[2010-11-02 08:03:13 | 000,638,232 |——| M] (Microsoft Corporation) MD5=5AB037B17F8A87D052F5A88E0D29A3C8—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe
[2008-01-19 09:33:12 | 000,625,664 |——| M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2010-05-04 08:00:35 | 000,638,232 |——| M] (Microsoft Corporation) MD5=5C9B1062EA7A44E8F6BFDE994B68C7AA—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[2008-10-02 05:32:01 | 000,633,632 |——| M] (Microsoft Corporation) MD5=6655B851D9EEF7C83395EE52D551B448—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\iexplore.exe
[2010-06-26 08:06:48 | 000,638,232 |——| M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[2010-12-18 09:19:44 | 000,638,232 |——| M] (Microsoft Corporation) MD5=7852371DA9EFBC17B645558E23780EAC—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe
[2009-08-27 15:31:08 | 000,638,216 |——| M] (Microsoft Corporation) MD5=7DD482E4A2E3CBB0A72F718C342F5B75—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[2008-02-25 09:03:04 | 000,625,664 |——| M] (Microsoft Corporation) MD5=7F2693693511F7ECD2762081F2F19864—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20734_none_2de8ef92360a48d1\iexplore.exe
[2006-11-02 11:45:14 | 000,623,616 |——| M] (Microsoft Corporation) MD5=8308F01F27DF839E0010B0F72F855E35—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe
[2010-01-02 08:40:20 | 000,638,216 |——| M] (Microsoft Corporation) MD5=88BD42DAE7CFFEB256CA7145A15E4843—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[2009-03-03 06:32:44 | 000,636,072 |——| M] (Microsoft Corporation) MD5=8BA2B7A05F88BE0D45237A0994AD8366—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[2011-05-07 09:59:49 | 000,748,336 |——| M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639—C:\Program Files\Internet Explorer\iexplore.exe
[2011-05-07 09:59:49 | 000,748,336 |——| M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639—C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
[2008-02-25 09:03:06 | 000,625,664 |——| M] (Microsoft Corporation) MD5=9143C721DD6482374EFB35BC35944324—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\iexplore.exe
[2010-11-02 09:13:47 | 000,638,232 |——| M] (Microsoft Corporation) MD5=92A17B0A89D14815AACC62CD190B6CE3—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe
[2008-04-15 16:31:39 | 000,625,664 |——| M] (Microsoft Corporation) MD5=9437CA21CD48C9B6BFD6F5AC0143D251—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
[2007-08-21 17:16:55 | 000,625,152 |——| M] (Microsoft Corporation) MD5=9B3516C1F30DA17ADD3818573047D63C—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20583_none_2db1dbe03633c0e1\iexplore.exe
[2011-02-22 09:18:28 | 000,638,232 |——| M] (Microsoft Corporation) MD5=9CE5543464432CA73134F170FA2BF823—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23143_none_12ac5bb64907479b\iexplore.exe
[2009-03-03 06:40:22 | 000,636,072 |——| M] (Microsoft Corporation) MD5=9E6C1527D9A2C64BFD780AA23075380F—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[2008-04-25 04:04:08 | 000,625,664 |——| M] (Microsoft Corporation) MD5=9F1427F203CA078005C9943800929640—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe
[2010-02-23 08:39:16 | 000,638,232 |——| M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[2009-03-08 23:09:24 | 000,638,816 |——| M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[2010-12-18 08:28:35 | 000,638,232 |——| M] (Microsoft Corporation) MD5=B988D7F127B94BD5BF8356FE81B985C4—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe
[2011-02-22 08:21:12 | 000,638,232 |——| M] (Microsoft Corporation) MD5=C1D36A2CBE0CEC4DF593DB1288CF586E—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19048_none_1227c05d2fe52684\iexplore.exe
[2009-07-21 23:53:43 | 000,638,216 |——| M] (Microsoft Corporation) MD5=C33BD196A0301F9B23D9A003D30ED8B0—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
[2009-04-24 18:03:18 | 000,634,648 |——| M] (Microsoft Corporation) MD5=D5271AC4A06AD9D1E2EA0151B79B2657—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[2010-09-08 08:02:42 | 000,638,232 |——| M] (Microsoft Corporation) MD5=D5A730DFDEAE005373E62BC2A866E3BB—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
[2009-04-24 18:01:36 | 000,634,648 |——| M] (Microsoft Corporation) MD5=D6157423C117F24D24695866A1D0A93F—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[2008-10-16 06:42:58 | 000,634,024 |——| M] (Microsoft Corporation) MD5=D762642A109433EEDCD332B0A9511137—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
[2009-11-21 17:05:17 | 000,638,232 |——| M] (Microsoft Corporation) MD5=E7F8DF50E483D165BB01F367D3519AA7—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[2009-03-03 06:22:10 | 000,636,072 |——| M] (Microsoft Corporation) MD5=EA4BE33726155F89D89A3FE7142878E0—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[2010-06-26 08:52:42 | 000,638,232 |——| M] (Microsoft Corporation) MD5=F05B3A2C6CB319DD1377AD566CF5ECE5—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[2009-01-15 06:18:47 | 000,634,024 |——| M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
[2009-04-24 18:08:04 | 000,634,632 |——| M] (Microsoft Corporation) MD5=F294D8EEB05C835EC44A12CE0A1DFE7A—C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe

< MD5 for: SFC.DLL >
[2006-11-02 11:46:13 | 000,004,608 |——| M] (Microsoft Corporation) MD5=F4E1AA5D59C849A4AB47E895DC76B9C8—C:\Windows\System32\sfc.dll
[2006-11-02 11:46:13 | 000,004,608 |——| M] (Microsoft Corporation) MD5=F4E1AA5D59C849A4AB47E895DC76B9C8—C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6000.16386_none_a4ff01505f4694a4\sfc.dll
[2006-11-02 11:46:13 | 000,004,608 |——| M] (Microsoft Corporation) MD5=F4E1AA5D59C849A4AB47E895DC76B9C8—C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_a735c34c5c31a578\sfc.dll

< MD5 for: SVCHOST.EXE >
[2012-04-04 15:56:38 | 000,199,240 |——| M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D—C:\Program Files\Malwarebytes’ Anti-Malware\Chameleon\svchost.exe
[2006-11-02 11:45:47 | 000,022,016 |——| M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09—C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008-01-19 09:33:32 | 000,021,504 |——| M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF—C:\Windows\System32\svchost.exe
[2008-01-19 09:33:32 | 000,021,504 |——| M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF—C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008-01-19 09:33:33 | 000,025,088 |——| M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9—C:\Windows\System32\userinit.exe
[2008-01-19 09:33:33 | 000,025,088 |——| M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9—C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006-11-02 11:45:50 | 000,024,576 |——| M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11—C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2006-11-02 11:51:18 | 000,208,488 |——| M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6—C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009-04-11 08:32:55 | 000,226,280 |——| M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093—C:\Windows\System32\drivers\volsnap.sys
[2009-04-11 08:32:55 | 000,226,280 |——| M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093—C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009-04-11 08:32:55 | 000,226,280 |——| M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093—C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008-02-27 11:03:26 | 000,211,000 |——| M] (Microsoft Corporation) MD5=327639D2EC931B057F3826A51ADC73E9—C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2008-02-27 11:03:26 | 000,211,000 |——| M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5—C:\Windows\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2008-02-27 11:03:26 | 000,211,000 |——| M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5—C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008-01-19 09:42:48 | 000,227,896 |——| M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9—C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008-01-19 09:42:48 | 000,227,896 |——| M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9—C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008-01-19 09:33:37 | 000,096,768 |——| M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED—C:\Windows\System32\wininit.exe
[2008-01-19 09:33:37 | 000,096,768 |——| M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED—C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006-11-02 11:45:57 | 000,095,744 |——| M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E—C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012-04-04 15:56:38 | 000,199,240 |——| M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D—C:\Program Files\Malwarebytes’ Anti-Malware\Chameleon\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 |——| M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452—C:\Windows\System32\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 |——| M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452—C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006-11-02 11:45:57 | 000,308,224 |——| M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD—C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008-01-19 09:33:37 | 000,314,880 |——| M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24—C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2008-02-06 16:06:57 | 000,003,380 |——| M] ()—C:\-20080206.log
[2008-02-06 16:02:19 | 000,000,090 |——| M] ()—C:\Arcade.log
[2006-09-18 23:43:36 | 000,000,024 |——| M] ()—C:\autoexec.bat
[2009-04-11 08:36:36 | 000,333,257 | RHS- | M] ()—C:\bootmgr
[2006-12-10 04:40:08 | 000,008,192 | R-S- | M] ()—C:\BOOTSECT.BAK
[2006-09-18 23:43:37 | 000,000,010 |——| M] ()—C:\config.sys
[2012-06-11 16:46:08 | 1061,658,624 | -HS- | M] ()—C:\hiberfil.sys
[2012-06-13 15:01:57 | 1612,378,112 | -HS- | M] ()—C:\pagefile.sys
[2007-09-05 20:58:22 | 000,001,586 | -HS- | M] ()—C:\Patch.rev
[2007-08-21 17:05:51 | 000,000,131 | RHS- | M] ()—C:\preload.rev
[2010-07-30 09:32:06 | 000,000,894 |——| M] ()—C:\updatedatfix.log
[2007-08-02 11:13:30 | 000,000,004 |——| M] ()—C:\wps.dat

<  %SYSTEMDRIVE%\*. >
[2008-02-06 15:50:28 | 000,000,000 | -HSD | M]—C:\$RECYCLE.BIN
[2008-02-06 16:15:21 | 000,000,000 |—-D | M]—C:\Acer
[2007-08-02 11:13:28 | 000,000,000 |—-D | M]—C:\Book
[2009-12-11 13:39:15 | 000,000,000 | -HSD | M]—C:\Boot
[2012-06-11 16:19:45 | 000,000,000 | -H-D | M]—C:\Config.Msi
[2006-11-02 14:59:44 | 000,000,000 | -HSD | M]—C:\Documents and Settings
[2008-02-06 16:15:56 | 000,000,000 |—-D | M]—C:\elements
[2008-02-06 15:50:38 | 000,000,000 |—-D | M]—C:\Intel
[2008-09-08 18:16:14 | 000,000,000 | RH-D | M]—C:\MSOCache
[2007-08-21 17:52:15 | 000,000,000 |—-D | M]—C:\MyWorks
[2009-02-08 17:40:18 | 000,000,000 |—-D | M]—C:\PerfLogs
[2012-06-11 17:01:49 | 000,000,000 | R—D | M]—C:\Program Files
[2012-06-11 20:26:17 | 000,000,000 | -H-D | M]—C:\ProgramData
[2008-02-06 15:43:27 | 000,000,000 | -HSD | M]—C:\Programmer
[2012-06-13 15:22:50 | 000,000,000 | -HSD | M]—C:\System Volume Information
[2007-08-21 17:29:17 | 000,000,000 |—-D | M]—C:\TEM
[2012-06-10 19:00:16 | 000,000,000 | R—D | M]—C:\Users
[2012-06-10 20:57:43 | 000,000,000 |—-D | M]—C:\Windows

<  hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: “C:\Windows\system32\ie4uinit.exe” -hide [2011-05-07 09:59:39 | 000,074,240 |——| M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: “C:\Windows\system32\ie4uinit.exe” -show [2011-05-07 09:59:39 | 000,074,240 |——| M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: “C:\Windows\system32\ie4uinit.exe” -reinstall [2011-05-07 09:59:39 | 000,074,240 |——| M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: “C:\Program Files\Internet Explorer\iexplore.exe” -extoff [2011-05-07 09:59:49 | 000,748,336 |——| M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011-05-07 09:59:49 | 000,748,336 |——| M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: “C:\Windows\system32\ie4uinit.exe” -hide [2011-05-07 09:59:39 | 000,074,240 |——| M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: “C:\Windows\system32\ie4uinit.exe” -show [2011-05-07 09:59:39 | 000,074,240 |——| M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: “C:\Windows\system32\ie4uinit.exe” -reinstall [2011-05-07 09:59:39 | 000,074,240 |——| M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: “C:\Program Files\Internet Explorer\iexplore.exe” -extoff [2011-05-07 09:59:49 | 000,748,336 |——| M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011-05-07 09:59:49 | 000,748,336 |——| M] (Microsoft Corporation)

<  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

<  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-04 13:59:39

< End of report >

og Extra filen.

OTL Extras logfile created on: 13-06-2012 15:14:10 - Run 1
OTL by OldTimer - Version 3.2.48.0   Folder = C:\Users\Pallellen\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

1013,68 Mb Total Physical Memory | 93,39 Mb Available Physical Memory | 9,21% Memory free
2,45 Gb Paging File | 0,28 Gb Available in Paging File | 11,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,65 Gb Total Space | 32,64 Gb Free Space | 46,87% Space Free | Partition Type: NTFS
Drive D: | 69,64 Gb Total Space | 69,11 Gb Free Space | 99,24% Space Free | Partition Type: NTFS

Computer Name: PALLELLEN-PC | User Name: Pallellen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile]—C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile]—C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open]—“%1” %*
cmdfile [open]—“%1” %*
comfile [open]—“%1” %*
cplfile [cplopen]—%SystemRoot%\System32\control.exe “%1”,%* (Microsoft Corporation)
exefile [open]—“%1” %*
helpfile [open]—Reg Error: Key error.
hlpfile [open]—%SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install]—%SystemRoot%\System32\InfDefaultInstall.exe “%1” (Microsoft Corporation)
piffile [open]—“%1” %*
regfile [merge]—Reg Error: Key error.
scrfile [config]—“%1”
scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open]—“%1” /S
txtfile [edit]—Reg Error: Key error.
Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd]—cmd.exe /s /k pushd “%V” (Microsoft Corporation)
Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open]—C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE “%L” (Microsoft Corporation)
Folder [open]—%SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore]—%SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“cval” = 1
“UacDisableNotify” = 1
“InternetSettingsDisableNotify” = 1
“AutoUpdateDisableNotify” = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
“DisableMonitoring” = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
“DisableMonitoring” = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
“DisableMonitoring” = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
“AntiVirusOverride” = 0
“AntiSpywareOverride” = 0
“FirewallOverride” = 0
“VistaSp1” = Reg Error: Unknown registry data type—File not found
“VistaSp2” = Reg Error: Unknown registry data type—File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
“DisableNotifications” = 0
“EnableFirewall” = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“DisableNotifications” = 0
“EnableFirewall” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
“DisableNotifications” = 0
“EnableFirewall” = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
“{75A34141-4971-4134-97FC-E791713FDEE1}” = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
“{0402F92B-AD12-42DC-BED8-73C1AD498AE5}” = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
“{14A8043F-4A28-405E-AA91-64C95EC015A9}” = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
“{1694D03C-A61A-4ABB-8C49-5AC2448AC015}” = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
“{17E42FDF-A371-473E-9509-7ED84A1B1409}” = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
“{19EB86DC-EAB1-4CAC-B170-F35DCAA83E9E}” = dir=in | app=c:\program files\acer\homemedia\homemedia.exe |
“{1AC64DF0-94FE-4630-8068-34367DC53234}” = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
“{29B46AD7-FB75-415F-8F45-1547304A190A}” = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
“{29E36BD0-FA96-4934-9832-011BCE812C75}” = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
“{345FE4E4-061A-450F-BA5B-C4E5C05F8160}” = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
“{4217BAF8-79A2-4587-99C4-46C291F0332E}” = protocol=6 | dir=in | app=c:\users\pallellen\appdata\local\microsoft\windows\temporary internet files\content.ie5\3skbloa1\solutoinstaller-qr30gsb2tf.exe |
“{553D73E7-FCAE-4251-AA4B-62C47F1C9D3F}” = dir=in | app=c:\program files\acer\acer arcade\pcmservice.exe |
“{7568E4BC-2CAE-4D6A-ADE8-56BC99057BF4}” = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
“{762BDD26-6BEB-4292-A691-23B17657152A}” = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
“{8F0CEC9E-F8A4-4638-B39E-B043E9ACE5DC}” = protocol=6 | dir=in | app=c:\users\pallellen\appdata\roaming\dropbox\bin\dropbox.exe |
“{9315F0AD-BDA7-4303-87B4-C31E812CB24E}” = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
“{93F89F6B-C639-4984-BE09-2DB9F7ABB645}” = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
“{964FC1E9-F004-4404-B72A-338BC04B7CDF}” = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
“{9CB9AA0E-5D69-410A-9E06-2BFD006DECF7}” = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
“{AB15E52F-E002-4CD9-9965-3B157B07D296}” = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
“{AB50F852-3DF3-4D6A-8D6D-A3EDF06D490F}” = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
“{ACE1F439-3970-4243-BC72-090507924F68}” = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
“{AEC4A8DE-B0EE-4292-BE18-D404DC83A1F2}” = protocol=17 | dir=in | app=c:\users\pallellen\appdata\roaming\dropbox\bin\dropbox.exe |
“{AF16D71D-B5B7-4075-A4A2-A0AFB1C5BA4A}” = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
“{B0D34C48-CE64-48BB-880A-A1CAF95218C1}” = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
“{BC75F4EB-CBB9-4393-B753-F8F38D36DEC3}” = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
“{CD032C0B-3FB4-45B5-BCFA-DB1342AB63FE}” = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
“{CD615AB9-66B8-466A-90D1-CAD01F2B4507}” = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
“{DDD90187-9A56-48DC-BBBB-012EF58E3116}” = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
“{DE91D953-5D3B-4EE7-BCDB-0D4B1DDAA1D1}” = protocol=17 | dir=in | app=c:\users\pallellen\appdata\local\microsoft\windows\temporary internet files\content.ie5\3skbloa1\solutoinstaller-qr30gsb2tf.exe |
“{E279EAA8-808E-4BA8-849E-88CAABD2F067}” = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
“{F7841A8F-2DF2-4780-AC17-AA26738B70E2}” = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{0A0CADCF-78DA-33C4-A350-CD51849B9702}” = Microsoft .NET Framework 4 Extended
“{10E1E87C-656C-4D08-86D6-5443D28583BE}” = TrayApp
“{11316260-6666-467B-AC34-183FCB5D4335}” = Acer Mobility Center Plug-In
“{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}” = Acer eLock Management
“{13F00518-807A-4B3A-83B0-A7CD90F3A398}” = MarketResearch
“{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}” = NTI CD & DVD-Maker
“{1598034D-7147-432C-8CA8-888E0632D124}” = NTI Backup NOW! 4.7
“{1753255A-0AEB-4220-8C75-607B73F0C133}” = Copy
“{18455581-E099-4BA8-BC6B-F34B2F06600C}” = Google Toolbar for Internet Explorer
“{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
“{2318C2B1-4965-11d4-9B18-009027A5CD4F}” = Google Toolbar for Internet Explorer
“{2614F54E-A828-49FA-93BA-45A3F756BFAA}” = 32 Bit HP CIO Components Installer
“{2637C347-9DAD-11D6-9EA2-00055D0CA761}” = Acer Arcade
“{26A24AE4-039D-4CA4-87B4-2F83216031FF}” = Java(TM) 6 Update 31
“{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}” = WebReg
“{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}” = Scan
“{36FDBE6E-6684-462B-AE98-9A39A1B200CC}” = HP Product Assistant
“{3C3901C5-3455-3E0A-A214-0B093A5070A6}” = Microsoft .NET Framework 4 Client Profile
“{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}” = HPSSupply
“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
“{543E938C-BDC4-4933-A612-01293996845F}” = UnloadSupport
“{58E5844B-7CE2-413D-83D1-99294BF6C74F}” = Acer ePower Management
“{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}” = Activation Assistant for the 2007 Microsoft Office suites
“{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}” = eSupportQFolder
“{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}” = CustomerResearchQFolder
“{6F9DF109-4D98-46e1-BCE8-8EB6AA1DBF35}” = Microsoft Works
“{706BB40A-4102-4c89-8107-DC68C4EBD19B}” = HP Deskjet All-In-One Software 9.0
“{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable
“{770657D0-A123-3C07-8E44-1C83EC895118}” = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
“{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}” = Acer ScreenSaver
“{824D3839-DAA1-4315-A822-7AE3E620E528}” = VideoToolkit01
“{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}” = Zuma Deluxe
“{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}” = Bricks of Egypt
“{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}” = Treasures of the Deep
“{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}” = Mystery Case Files - Prime Suspects
“{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}” = Galapago
“{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630}” = Big Kahuna Reef 2
“{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}” = Dynasty
“{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}” = Luxor 2
“{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}” = Jewel Quest Solitaire
“{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}” = Mystery Case Files Ravenhearst
“{8389382B-53BA-4A87-8854-91E3D80A5AC7}” = HP Photosmart Essential2.01
“{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}” = HPDiagnosticAlert
“{86D4B82A-ABED-442A-BE86-96357B70F4FE}” = Ask Toolbar
“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
“{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}” = SmartWebPrinting
“{90120000-0016-0406-0000-0000000FF1CE}” = Microsoft Office Excel MUI (Danish) 2007
“{90120000-0016-0406-0000-0000000FF1CE}_HOMESTUDENTR_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3)
“{90120000-0018-0406-0000-0000000FF1CE}” = Microsoft Office PowerPoint MUI (Danish) 2007
“{90120000-0018-0406-0000-0000000FF1CE}_HOMESTUDENTR_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3)
“{90120000-001B-0406-0000-0000000FF1CE}” = Microsoft Office Word MUI (Danish) 2007
“{90120000-001B-0406-0000-0000000FF1CE}_HOMESTUDENTR_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3)
“{90120000-001F-0406-0000-0000000FF1CE}” = Microsoft Office Proof (Danish) 2007
“{90120000-001F-0406-0000-0000000FF1CE}_HOMESTUDENTR_{8F771259-9037-4097-AA88-8613F3BE5627}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
“{90120000-001F-0407-0000-0000000FF1CE}” = Microsoft Office Proof (German) 2007
“{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
“{90120000-001F-0409-0000-0000000FF1CE}” = Microsoft Office Proof (English) 2007
“{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}” = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
“{90120000-002C-0406-0000-0000000FF1CE}” = Microsoft Office Proofing (Danish) 2007
“{90120000-006E-0406-0000-0000000FF1CE}” = Microsoft Office Shared MUI (Danish) 2007
“{90120000-006E-0406-0000-0000000FF1CE}_HOMESTUDENTR_{11584158-91C7-4B1B-BFD1-F47D680F13CF}” = Microsoft Office 2007 Service Pack 3 (SP3)
“{90120000-00A1-0406-0000-0000000FF1CE}” = Microsoft Office OneNote MUI (Danish) 2007
“{90120000-00A1-0406-0000-0000000FF1CE}_HOMESTUDENTR_{8D25149C-FFF5-42E1-BF6D-1CED49BDB182}” = Microsoft Office 2007 Service Pack 3 (SP3)
“{90140000-2005-0000-0000-0000000FF1CE}” = Microsoft Office File Validation Add-In
“{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}” = Intel(R) Matrix Storage Manager
“{91120000-002F-0000-0000-0000000FF1CE}” = Microsoft Office Home and Student 2007
“{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}” = Microsoft Office 2007 Service Pack 3 (SP3)
“{93F54611-2701-454e-94AB-623F458D9E6B}” = DeviceDiscovery
“{94389919-B0AA-4882-9BE8-9F0B004ECA35}” = Acer Tour
“{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
“{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}” = Google Update Helper
“{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}” = DJ_AIO_Software
“{AB5D51AE-EBC3-438D-872C-705C7C2084B0}” = DeviceManagementQFolder
“{AB6097D9-D722-4987-BD9E-A076E2848EE2}” = Acer Empowering Technology
“{AC76BA86-7AD7-1033-7B44-A83000000003}” = Adobe Reader 8.3.1
“{AEA07F97-9088-497c-8821-0F36BD5DC251}” = HPProductAssistant
“{AEEAE013-92F1-4515-B278-139F1A692A36}” = Acer eDataSecurity Management
“{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}” = AIO_Scan
“{B2544A03-10D0-4E5E-BA69-0362FFC20D18}” = OGA Notifier 2.0.0048.0
“{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}” = DJ_AIO_ProductContext
“{B69349AE-2D41-3708-8BA4-4DC22645CA04}” = Microsoft .NET Framework 3.5 Language Pack SP1 - dan
“{B6B69D92-6CD8-4086-8D1D-7945BDA4AE5A}” = F4100_Help
“{B7A0CE06-068E-11D6-97FD-0050BACBF861}” = PowerProducer 3.72
“{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}” = SolutionCenter
“{BF839132-BD43-4056-ACBF-4377F4A88E2A}” = Acer ePresentation Management
“{C06554A1-2C1E-4D20-B613-EE62C79927CC}” = Acer eNet Management
“{C9D88AF8-7B0A-4200-BFBC-7827A7535096}” = F4100_doccd
“{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}” = SUPERAntiSpyware
“{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}” = Microsoft .NET Framework 3.5 SP1
“{CE386A4E-D0DA-4208-8235-BCE43275C694}” = LightScribe 1.4.142.1
“{CE65A9A0-9686-45C6-9098-3C9543A412F0}” = Acer eSettings Management
“{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}” = Destination Component
“{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}” = HP Update
“{E2662C24-B31E-4349-A084-32EB76E8B760}” = BufferChm
“{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}” = Toolbox
“{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}” = Realtek High Definition Audio Driver
“{F56D6F46-1D62-4734-BF12-6457A1ED17BD}” = DJ_AIO_Software_min
“{F72E2DDC-3DB8-4190-A21D-63883D955FE7}” = PSSWCORE
“{F8FED11D-3584-4a72-8B26-E0951B655797}” = F4100
“{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}” = Status
“Activation Assistant for the 2007 Microsoft Office suites” = Activation Assistant for the 2007 Microsoft Office suites
“Adobe Flash Player ActiveX” = Adobe Flash Player 11 ActiveX
“avast” = avast! Free Antivirus
“CCleaner” = CCleaner
“CNXT_MODEM_HDAUDIO_VEN_14F1&DEV;_2BFAOR2C06_118” = HDAUDIO Soft Data Fax Modem with SmartCP
“ESET Online Scanner” = ESET Online Scanner v3
“GridVista” = Acer GridVista
“HDMI” = Intel(R) Graphics Media Accelerator Driver
“Heimdal” = Heimdal
“HOMESTUDENTR” = Microsoft Office Home and Student 2007
“HP Imaging Device Functions” = HP Imaging Device Functions 9.0
“HP Photosmart Essential” = HP Photosmart Essential 2.01
“HP Smart Web Printing” = HP Smart Web Printing 4.60
“HP Solution Center & Imaging Support Tools” = HP Solution Center 9.0
“HPExtendedCapabilities” = HP Customer Participation Program 9.0
“InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}” = NTI CD & DVD-Maker
“InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}” = NTI Backup NOW! 4.7
“LManager” = Launch Manager
“Malwarebytes’ Anti-Malware_is1” = Malwarebytes Anti-Malware version 1.61.0.1400
“Microsoft .NET Framework 3.5 Language Pack SP1 - dan” = Sprogpakke til Microsoft .NET Framework 3.5 SP1 - dansk
“Microsoft .NET Framework 3.5 SP1” = Microsoft .NET Framework 3.5 SP1
“Microsoft .NET Framework 4 Client Profile” = Microsoft .NET Framework 4 Client Profile
“Microsoft .NET Framework 4 Extended” = Microsoft .NET Framework 4 Extended
“Searchqu 406 MediaBar” = Windows iLivid Toolbar
“SynTPDeinstKey” = Synaptics Pointing Device Driver

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 17-07-2011 11:06:04 | Computer Name = Pallellen-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 10-06-2012 08:44:00 | Computer Name = Pallellen-PC | Source = Application Error | ID = 1000
Description = Program med fejl eDSLoader.exe, version 2.5.260.2, tidsstempel 0x462f125f,
modul med fejl ADMIN_CLASS_LIB.dll, version 6.0.6002.18541, tidsstempel 0x4ec3e3d5,
undtagelseskode 0xc0000135, forskydning med fejl 0x00009f5d,  proces-id 0xf4c, programmets
starttidspunkt 0x01cd4706b290364a.

Error - 10-06-2012 09:27:32 | Computer Name = Pallellen-PC | Source = Application Error | ID = 1000
Description = Program med fejl eDSLoader.exe, version 2.5.260.2, tidsstempel 0x462f125f,
modul med fejl ADMIN_CLASS_LIB.dll, version 6.0.6002.18541, tidsstempel 0x4ec3e3d5,
undtagelseskode 0xc0000135, forskydning med fejl 0x00009f5d,  proces-id 0xec4, programmets
starttidspunkt 0x01cd470ca5e1fec0.

Error - 10-06-2012 10:08:55 | Computer Name = Pallellen-PC | Source = Application Error | ID = 1000
Description = Program med fejl eDSLoader.exe, version 2.5.260.2, tidsstempel 0x462f125f,
modul med fejl ADMIN_CLASS_LIB.dll, version 6.0.6002.18541, tidsstempel 0x4ec3e3d5,
undtagelseskode 0xc0000135, forskydning med fejl 0x00009f5d,  proces-id 0x924, programmets
starttidspunkt 0x01cd47125374ae6a.

Error - 10-06-2012 12:36:34 | Computer Name = Pallellen-PC | Source = Application Error | ID = 1000
Description = Program med fejl eDStbmngr.exe, version 2.5.55.0, tidsstempel 0x462f1249,
modul med fejl ADMIN_CLASS_LIB.dll, version 6.0.6002.18541, tidsstempel 0x4ec3e3d5,
undtagelseskode 0xc0000135, forskydning med fejl 0x00009f5d,  proces-id 0xf30, programmets
starttidspunkt 0x01cd47271d819a70.

Error - 10-06-2012 12:53:06 | Computer Name = Pallellen-PC | Source = Application Error | ID = 1000
Description = Program med fejl eDSLoader.exe, version 2.5.260.2, tidsstempel 0x462f125f,
modul med fejl ADMIN_CLASS_LIB.dll, version 6.0.6002.18541, tidsstempel 0x4ec3e3d5,
undtagelseskode 0xc0000135, forskydning med fejl 0x00009f5d,  proces-id 0xe94, programmets
starttidspunkt 0x01cd4728a50551a1.

Error - 10-06-2012 13:08:12 | Computer Name = Pallellen-PC | Source = EventSystem | ID = 4609
Description =

Error - 10-06-2012 13:14:53 | Computer Name = Pallellen-PC | Source = Application Error | ID = 1000
Description = Program med fejl eDSLoader.exe, version 2.5.260.2, tidsstempel 0x462f125f,
modul med fejl ADMIN_CLASS_LIB.dll, version 6.0.6002.18541, tidsstempel 0x4ec3e3d5,
undtagelseskode 0xc0000135, forskydning med fejl 0x00009f5d,  proces-id 0xf78, programmets
starttidspunkt 0x01cd472c42e8a95a.

Error - 10-06-2012 15:16:46 | Computer Name = Pallellen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10-06-2012 15:17:22 | Computer Name = Pallellen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10-06-2012 15:19:29 | Computer Name = Pallellen-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 11-06-2012 10:48:46 | Computer Name = Pallellen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11-06-2012 10:48:46 | Computer Name = Pallellen-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11-06-2012 10:48:46 | Computer Name = Pallellen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11-06-2012 17:48:15 | Computer Name = Pallellen-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11-06-2012 17:48:17 | Computer Name = Pallellen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12-06-2012 12:57:05 | Computer Name = Pallellen-PC | Source = Server | ID = 2505
Description = Serveren blev ikke bundet til transportprotokollen \Device\NetbiosSmb,
fordi en anden computer i netværket har det samme navn. Serveren blev ikke startet.

Error - 12-06-2012 16:51:17 | Computer Name = Pallellen-PC | Source = Server | ID = 2505
Description = Serveren blev ikke bundet til transportprotokollen \Device\NetBT_Tcpip_{EFD7497F-F306-4318-82B2-48CCE16387E3},
fordi en anden computer i netværket har det samme navn. Serveren blev ikke startet.

Error - 13-06-2012 08:52:22 | Computer Name = Pallellen-PC | Source = DCOM | ID = 10005
Description =

Error - 13-06-2012 08:52:23 | Computer Name = Pallellen-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 13-06-2012 08:52:23 | Computer Name = Pallellen-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

•  Start OTL
•  Kopier nedenstånde med fed skrift ind i Custom Scan feltet

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://da.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://da.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: “URL” = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: “URL” = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmer\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{459943AD-7515-408C-B515-3BC79D063077}: “URL” = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale;=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_da
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: “URL” = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKCU\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: “URL” = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{F8E667D4-E330-4977-8399-FD967E11AAB5}: “URL” = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programmer\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Programmer\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programmer\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Programmer\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKCU..\Run: [Acer Tour Reminder] File not found
O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\datamngr.dll) - c:\Programmer\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\iebho.dll) - c:\Programmer\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
:files
C:\Programmer\Ask.com
c:\progra~1\wi371a~1\datamngr
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[CLEARALLRESTOREPOINTS]

•  Klik på  Run Fix - Knappen
•  Hvis OTL spørger om at genstarte, så sig ja.
•  Klik på OK.
•  En log vil åbne, kopier den herind i dit næste svar, sammen med en combolog.
• 
•  Ellers kan den findes her:
•    C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss

Hent Combofix, og gem den på dit skrivebord:
Her

NB -> Deaktiver dit antivirus/antispyware program. Da det/de kan ”forstyrre” og konflikte med combofix, eller fjerne vigtige combofix filer, hvilket kan få computeren til fryse. 

Kør så combofix.exe, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan også findes her - > C: combofix txt

Så er der 2 logs.

All processes killed
Error: Unable to interpret <E - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://da.intl.acer.yahoo.com> in the current context!
Error: Unable to interpret < IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://da.intl.acer.yahoo.com> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&sourceid=ie7> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: “URL” = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: “URL” = http://search.myheritage.com?orig=ds&q={searchTerms}> in the current context!
Error: Unable to interpret < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com> in the current context!
Error: Unable to interpret < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search> in the current context!
Error: Unable to interpret < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7> in the current context!
Error: Unable to interpret < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1> in the current context!
Error: Unable to interpret < IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmer\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret < IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{459943AD-7515-408C-B515-3BC79D063077}: “URL” = http://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale;=&apn_ptnrs=U3&apn_dtid=OSJ000> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_da> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: “URL” = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: “URL” = http://search.myheritage.com?orig=ds&q={searchTerms}> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{F8E667D4-E330-4977-8399-FD967E11AAB5}: “URL” = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7> in the current context!
Error: Unable to interpret < O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)> in the current context!
Error: Unable to interpret < O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programmer\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()> in the current context!
Error: Unable to interpret < O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Programmer\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)> in the current context!
Error: Unable to interpret < O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programmer\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmer\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.> in the current context!
Error: Unable to interpret < O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret < O4 - HKLM..\Run: [DATAMNGR] C:\Programmer\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)> in the current context!
Error: Unable to interpret < O4 - HKLM..\Run: [eRecoveryService] File not found> in the current context!
Error: Unable to interpret < O4 - HKCU..\Run: [Acer Tour Reminder] File not found> in the current context!
Error: Unable to interpret < O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\datamngr.dll) - c:\Programmer\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)> in the current context!
Error: Unable to interpret < O20 - AppInit_DLLs: (c:\progra~1\wi371a~1\datamngr\iebho.dll) - c:\Programmer\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)> in the current context!
========== FILES ==========
File\Folder C:\Programmer\Ask.com not found.
c:\progra~1\wi371a~1\Datamngr folder moved successfully.
<  ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev t›mt.
C:\Users\Pallellen\Desktop\cmd.bat deleted successfully.
C:\Users\Pallellen\Desktop\cmd.txt deleted successfully.
File\Folder :Commands not found.
File\Folder [purity] not found.
File\Folder [emptytemp] not found.
File\Folder [emptyflash] not found.
File\Folder [resethosts] not found.
File\Folder [CLEARALLRESTOREPOINTS] not found.

OTL by OldTimer - Version 3.2.48.0 log created on 06132012_183601

Files\Folders moved on Reboot…

Registry entries deleted on Reboot…

ComboFix 12-06-13.02 - Pallellen 13-06-2012 18:56:23.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.45.1030.18.1014.282 [GMT 2:00]
Kører fra: c:\users\Pallellen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66546AE3\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-05-13 til 2012-06-13 )))))))))))))))))))))))))))))))))))
.
.
2012-06-13 16:36 . 2012-06-13 16:36   ————  d——-w-  C:\_OTL
2012-06-11 18:26 . 2012-06-11 18:26   ————  d——-w-  c:\users\Pallellen\AppData\Roaming\SUPERAntiSpyware.com
2012-06-11 15:01 . 2012-06-11 15:01   ————  d——-w-  c:\program files\ESET
2012-06-11 14:06 . 2012-06-11 14:07   ————  d——-r-  c:\users\Pallellen\Dropbox
2012-06-11 13:58 . 2012-06-11 14:28   ————  d——-w-  c:\users\Pallellen\AppData\Roaming\Dropbox
2012-06-10 19:16 . 2012-06-11 14:19   ————  dc——w-  c:\windows\system32\DRVSTORE
2012-06-10 19:13 . 2012-06-11 14:18   ————  d——-w-  c:\programdata\Soluto
2012-06-10 17:00 . 2012-06-10 17:00   ————  d——-w-  c:\programdata\CSIS
2012-06-10 17:00 . 2012-06-10 17:00   ————  d——-w-  c:\program files\Heimdal
2012-06-10 17:00 . 2012-06-10 17:00   ————  d——-w-  c:\users\buildbot
2012-05-28 07:21 . 2012-05-28 07:21   ————  d——-w-  c:\users\Pallellen\AppData\Local\Mozilla
2012-05-27 15:54 . 2012-04-04 13:56   22344   ——a-w-  c:\windows\system32\drivers\mbam.sys
2012-05-27 15:54 . 2012-05-27 15:55   ————  d——-w-  c:\program files\Malwarebytes’ Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 19:55 . 2012-03-30 14:09   426184   ——a-w-  c:\windows\system32\FlashPlayerApp.exe
2012-06-10 19:55 . 2011-07-27 13:10   70344   ——a-w-  c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 08:16 . 2012-05-10 13:48   3602816   ——a-w-  c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-10 13:48   3550080   ——a-w-  c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36 . 2012-05-10 13:48   2044928   ——a-w-  c:\windows\system32\win32k.sys
2012-03-30 12:39 . 2012-05-10 13:51   905600   ——a-w-  c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28 . 2012-05-10 13:50   53120   ——a-w-  c:\windows\system32\drivers\partmgr.sys
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{00000000-6E41-4FD3-8538-502F5495E5FC}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 19:20   1515688   ——a-w-  c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{D4027C7F-154A-4066-A1AD-4243D8127440}”= “c:\program files\Ask.com\GenericAskToolbar.dll” [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@=”{472083B0-C522-11CF-8763-00608CC02F24}”
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15   123536   ——a-w-  c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-04-11 1233920]
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-10-23 39408]
“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2012-05-21 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe” [2007-03-21 174872]
“RtHDVCpl”=“RtHDVCpl.exe” [2007-07-06 4669440]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2007-05-09 865840]
“PCMService”=“c:\program files\Acer\Acer Arcade\PCMService.exe” [2007-06-21 155648]
“LManager”=“c:\progra~1\LAUNCH~1\LManager.exe” [2007-07-12 846344]
“WarReg_PopUp”=“c:\acer\WR_PopUp\WarReg_PopUp.exe” [2006-11-05 57344]
“Acer Tour Reminder”=“c:\acer\AcerTour\Reminder.exe” [2007-05-22 151552]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2007-03-11 49152]
“Skytel”=“Skytel.exe” [2007-06-16 1826816]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2011-08-31 40368]
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2011-03-29 937920]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2008-02-11 141848]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2008-02-11 166424]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2008-02-11 133656]
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe” [2012-03-07 4241512]
“ApnUpdater”=“c:\program files\Ask.com\Updater\Updater.exe” [2011-08-23 887976]
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2012-01-18 254696]
“eDataSecurity Loader”=“c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe” [2007-04-25 457216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-21 535336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL” [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ——a-w-  c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=”“
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257224]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ     PLA DPS BFE mpssvc
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
Indhold af mappen ‘Planlagte Opgaver’
.
2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:55]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:53]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:53]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://da.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 193.162.153.164 194.239.134.83
.
- - - - TOMME GENVEJE FJERNET - - - -
.
Toolbar-10 - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-DATAMNGR - c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-13 19:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
——————————- DLLs startet under kørende Processer——————————-
.
- - - - - - - > ‘Explorer.exe’(4224)
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Gennemført tid: 2012-06-13 19:49:41
ComboFix-quarantined-files.txt 2012-06-13 17:49
.
Pre-Kørsel: 34.524.774.400 byte ledig
Post-Kørsel: 34.475.900.928 byte ledig
.
- - End Of File - - CAC5E9194220A39F75F2662D62934215

Er vi færdige ?? meen det har intet hjulpet, maskinen er ca 12 min om at starte så den er blevet væsentligt langsommere.

Beklager det sene svar, men nej, vi er ikke helt færdige.

Men allerførst vil jeg nævne at computeren bør have 2 Gb ram mere, førend den vil køre tilfredsstillende.

1013,68 Mb Total Physical Memory | 93,39 Mb Available Physical Memory | 9,21% Memory free

For 1 Gb ram er for lidt til Vista, som du kan se er der kun 9.21% ledig, at gøre godt med og OTL kræver ikke meget for at køre.

Kopiér indholdet mellem de bølgede linier ind i et notepad/notesblok-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.

~~~~~~~~~~~~~~~~~~~~~~~~~~

Snapshot::
Folder::
c:\program files\Ask.com
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IAAnotif”=-
“RtHDVCpl”=-
“PCMService”=-
“WarReg_PopUp”=-
“Acer Tour Reminder”=-
“HP Software Update”=-
“Adobe Reader Speed”=-
“Adobe ARM”=-
“IgfxTray”=-
“HotKeysCmds”=-
“Persistence”=-
  “ApnUpdater”=-
“SunJavaUpdateSched”=-
“eDataSecurity Loader”=-
ClearJavaCache::
SecCenter::

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den CFScript filen med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen, som vist her ->
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Send så en ny combofix log herind. Den kan findes her - C:\combofix.Txt

Hej
Jeg håber ikke du misforstod mig ;o) jeg kan godt se at pc,en ikke er særlig kraftig, men jeg synes dog at den burde kører bedre end den gør nu ;o)

Min far spurgte hvad jeg skal have for ulejligheden, og her tænker jeg jo selvfølgelig først og fremmest på jer, og vil selvfølgelig give lidt til jeres kaffekasse, hvilket jeg regner med i stadig har :o)

Nå men her er den nye LOG.

ComboFix 12-06-13.02 - Pallellen 15-06-2012 17:57:50.2.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.45.1030.18.1014.259 [GMT 2:00]
Kører fra: c:\users\Pallellen\Desktop\Spy\ComboFix.exe
Kommandoer benyttet :: c:\users\Pallellen\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-05-15 til 2012-06-15 )))))))))))))))))))))))))))))))))))
.
.
2012-06-15 16:07 . 2012-06-15 16:07   ————  d——-w-  c:\users\Default\AppData\Local\temp
2012-06-15 16:07 . 2012-06-15 16:07   ————  d——-w-  c:\users\Pallellen\AppData\Local\temp
2012-06-14 12:48 . 2012-05-17 22:35   1427968   ——a-w-  c:\windows\system32\inetcpl.cpl
2012-06-14 12:42 . 2012-05-15 19:51   2045440   ——a-w-  c:\windows\system32\win32k.sys
2012-06-14 12:42 . 2012-04-23 16:00   984064   ——a-w-  c:\windows\system32\crypt32.dll
2012-06-14 12:42 . 2012-04-23 16:00   133120   ——a-w-  c:\windows\system32\cryptsvc.dll
2012-06-14 12:42 . 2012-04-23 16:00   98304   ——a-w-  c:\windows\system32\cryptnet.dll
2012-06-14 12:41 . 2012-05-01 14:03   180736   ——a-w-  c:\windows\system32\drivers\rdpwd.sys
2012-06-13 17:24 . 2012-06-13 18:30   ————  d——-w-  c:\users\Pallellen\AppData\Local\CrashDumps
2012-06-13 16:36 . 2012-06-13 16:36   ————  d——-w-  C:\_OTL
2012-06-11 18:26 . 2012-06-11 18:26   ————  d——-w-  c:\users\Pallellen\AppData\Roaming\SUPERAntiSpyware.com
2012-06-11 15:01 . 2012-06-11 15:01   ————  d——-w-  c:\program files\ESET
2012-06-11 14:06 . 2012-06-11 14:07   ————  d——-r-  c:\users\Pallellen\Dropbox
2012-06-11 13:58 . 2012-06-11 14:28   ————  d——-w-  c:\users\Pallellen\AppData\Roaming\Dropbox
2012-06-10 19:16 . 2012-06-11 14:19   ————  dc——w-  c:\windows\system32\DRVSTORE
2012-06-10 19:13 . 2012-06-11 14:18   ————  d——-w-  c:\programdata\Soluto
2012-06-10 17:00 . 2012-06-10 17:00   ————  d——-w-  c:\programdata\CSIS
2012-06-10 17:00 . 2012-06-10 17:00   ————  d——-w-  c:\program files\Heimdal
2012-06-10 17:00 . 2012-06-10 17:00   ————  d——-w-  c:\users\buildbot
2012-05-28 07:21 . 2012-05-28 07:21   ————  d——-w-  c:\users\Pallellen\AppData\Local\Mozilla
2012-05-27 15:54 . 2012-04-04 13:56   22344   ——a-w-  c:\windows\system32\drivers\mbam.sys
2012-05-27 15:54 . 2012-05-27 15:55   ————  d——-w-  c:\program files\Malwarebytes’ Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 19:55 . 2012-03-30 14:09   426184   ——a-w-  c:\windows\system32\FlashPlayerApp.exe
2012-06-10 19:55 . 2011-07-27 13:10   70344   ——a-w-  c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 08:16 . 2012-05-10 13:48   3602816   ——a-w-  c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-10 13:48   3550080   ——a-w-  c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-10 13:51   905600   ——a-w-  c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28 . 2012-05-10 13:50   53120   ——a-w-  c:\windows\system32\drivers\partmgr.sys
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@=”{472083B0-C522-11CF-8763-00608CC02F24}”
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15   123536   ——a-w-  c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-04-11 1233920]
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-10-23 39408]
“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2012-05-21 3905920]
“Acer Tour Reminder”=”” [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe” [2007-03-21 174872]
“RtHDVCpl”=“RtHDVCpl.exe” [2007-07-06 4669440]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2007-05-09 865840]
“PCMService”=“c:\program files\Acer\Acer Arcade\PCMService.exe” [2007-06-21 155648]
“LManager”=“c:\progra~1\LAUNCH~1\LManager.exe” [2007-07-12 846344]
“WarReg_PopUp”=“c:\acer\WR_PopUp\WarReg_PopUp.exe” [2006-11-05 57344]
“Acer Tour Reminder”=“c:\acer\AcerTour\Reminder.exe” [2007-05-22 151552]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2007-03-11 49152]
“Skytel”=“Skytel.exe” [2007-06-16 1826816]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2011-08-31 40368]
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2011-03-29 937920]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2008-02-11 141848]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2008-02-11 166424]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2008-02-11 133656]
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe” [2012-03-07 4241512]
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-21 535336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL” [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ——a-w-  c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=”“
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-04-25 15:33   457216   ——a-w-  c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257224]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ     PLA DPS BFE mpssvc
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
Indhold af mappen ‘Planlagte Opgaver’
.
2012-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 19:55]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:53]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:53]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://da.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 193.162.153.164 194.239.134.83
.
- - - - TOMME GENVEJE FJERNET - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-15 18:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Gennemført tid: 2012-06-15 18:15:35
ComboFix-quarantined-files.txt 2012-06-15 16:15
ComboFix2.txt 2012-06-13 17:49
.
Pre-Kørsel: 34.733.309.952 byte ledig
Post-Kørsel: 34.511.052.800 byte ledig
.
- - End Of File - - E57C585D05A4F4886E9B6865613F5530

Jeg håber ikke du misforstod mig ;o) jeg kan godt se at pc,en ikke er særlig kraftig, men jeg synes dog at den burde kører bedre end den gør nu ;o)

Min far spurgte hvad jeg skal have for ulejligheden, og her tænker jeg jo selvfølgelig først og fremmest på jer, og vil selvfølgelig give lidt til jeres kaffekasse, hvilket jeg regner med i stadig har :o)

Nej, jeg misforstod ikke          

Ja, vi har stadig kaffekassen, hvor alle store som små beløb bliver modtaget med tak.

Send lige en hijackthis log herind, så kan vi deaktivere alt overflødigt fra opstarten.

Hent nyeste version af HijackThis ned til skrivebordet:
Her
2. Dobbeltklik på installationsfilen, og følg installationsvejledningen.
3. Dobbeltklik på det nye HijackThis ikon på skrivebordet.
4. På menuen der kommer op, klikker du på: Do a systemscan and save a logfile.
5. Efter et kort øjeblik åbner en logfil i notesblok, gem den.
5. Sådan kopieres loggen ind i et spørgsmål:
Mens loggen er åben, markeres al teksten med tastekombinationen CTRL + A.
For at kopiere den markerede tekst bruges tastekombinationen CTRL + C, som ”fastgør” det i udklipsholderen i Windows. Gå så ind i dit spørgsmål og klik på kommentér knappen. Her indsættes det kopierede i det hvide felt med tastekombinationen CTRL + V.

Send så hijackthis loggen herind.

Jeg har et problem med hijack den vil ikke lave en log !! Files trend micro hijackthis.log blev ikke fundet, den kan jo ikke kopieres på andre måder eller ?

Så gør vi det med combofix i stedet for.

Kopiér indholdet mellem de bølgede linier ind i et notepad/notesblok-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.

~~~~~~~~~~~~~~~~~~~~~~~~~~

Snapshot::
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=-
“swg”=-
“SUPERAntiSpyware”=-
“Acer Tour Reminder”=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IAAnotif”=-
“RtHDVCpl”=-
“SynTPEnh”=-
“PCMService”=-
“LManager”=-
“Acer Tour Reminder=-
“HP Software Update”=-
“Adobe Reader Speed Launcher”=-
“Adobe ARM”=-
“IgfxTray”=-
“Persistence”=-
“SunJavaUpdateSched”=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
ClearJavaCache::
SecCenter::

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den CFScript filen med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen, som vist her ->
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Send så en ny combofix log herind og fortæl om der er fremskridt.

Den kan findes her - C:\combofix

Jeg havde lidt problemer med at få en ny Log fra Combofix, men jeg håber den her er gangbar

ComboFix 12-06-15.06 - Pallellen 16-06-2012 18:45:03.3.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.45.1030.18.1014.210 [GMT 2:00]
Kører fra: c:\users\Pallellen\Desktop\Spy\ComboFix.exe
Kommandoer benyttet :: c:\users\Pallellen\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\AutoRun.inf
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-05-16 til 2012-06-16 )))))))))))))))))))))))))))))))))))
.
.
2012-06-16 17:01 . 2012-06-16 17:11   ————  d——-w-  c:\users\Pallellen\AppData\Local\temp
2012-06-16 17:01 . 2012-06-16 17:01   ————  d——-w-  c:\users\Default\AppData\Local\temp
2012-06-16 13:36 . 2012-06-16 13:36   388096   ——a-r-  c:\users\Pallellen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-16 13:36 . 2012-06-16 13:36   ————  d——-w-  c:\program files\Trend Micro
2012-06-15 16:57 . 2012-06-15 16:57   ————  d——-w-  c:\users\Pallellen\AppData\Local\Macromedia
2012-06-15 16:56 . 2012-06-15 16:56   ————  d——-w-  c:\programdata\McAfee
2012-06-15 16:47 . 2012-06-15 16:47   ————  d——-w-  c:\program files\Mozilla Maintenance Service
2012-06-14 12:48 . 2012-05-17 22:35   1427968   ——a-w-  c:\windows\system32\inetcpl.cpl
2012-06-14 12:42 . 2012-05-15 19:51   2045440   ——a-w-  c:\windows\system32\win32k.sys
2012-06-14 12:42 . 2012-04-23 16:00   984064   ——a-w-  c:\windows\system32\crypt32.dll
2012-06-14 12:42 . 2012-04-23 16:00   133120   ——a-w-  c:\windows\system32\cryptsvc.dll
2012-06-14 12:42 . 2012-04-23 16:00   98304   ——a-w-  c:\windows\system32\cryptnet.dll
2012-06-14 12:41 . 2012-05-01 14:03   180736   ——a-w-  c:\windows\system32\drivers\rdpwd.sys
2012-06-13 17:24 . 2012-06-16 13:47   ————  d——-w-  c:\users\Pallellen\AppData\Local\CrashDumps
2012-06-13 16:36 . 2012-06-13 16:36   ————  d——-w-  C:\_OTL
2012-06-11 18:26 . 2012-06-11 18:26   ————  d——-w-  c:\users\Pallellen\AppData\Roaming\SUPERAntiSpyware.com
2012-06-11 15:01 . 2012-06-11 15:01   ————  d——-w-  c:\program files\ESET
2012-06-11 14:06 . 2012-06-11 14:07   ————  d——-r-  c:\users\Pallellen\Dropbox
2012-06-11 13:58 . 2012-06-11 14:28   ————  d——-w-  c:\users\Pallellen\AppData\Roaming\Dropbox
2012-06-10 19:16 . 2012-06-11 14:19   ————  dc——w-  c:\windows\system32\DRVSTORE
2012-06-10 19:13 . 2012-06-11 14:18   ————  d——-w-  c:\programdata\Soluto
2012-06-10 17:00 . 2012-06-10 17:00   ————  d——-w-  c:\programdata\CSIS
2012-06-10 17:00 . 2012-06-10 17:00   ————  d——-w-  c:\program files\Heimdal
2012-06-10 17:00 . 2012-06-10 17:00   ————  d——-w-  c:\users\buildbot
2012-05-28 07:21 . 2012-05-28 07:21   ————  d——-w-  c:\users\Pallellen\AppData\Local\Mozilla
2012-05-27 15:54 . 2012-04-04 13:56   22344   ——a-w-  c:\windows\system32\drivers\mbam.sys
2012-05-27 15:54 . 2012-05-27 15:55   ————  d——-w-  c:\program files\Malwarebytes’ Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 16:55 . 2012-03-30 14:09   426184   ——a-w-  c:\windows\system32\FlashPlayerApp.exe
2012-06-15 16:55 . 2011-07-27 13:10   70344   ——a-w-  c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-03 08:16 . 2012-05-10 13:48   3602816   ——a-w-  c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-10 13:48   3550080   ——a-w-  c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-10 13:51   905600   ——a-w-  c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28 . 2012-05-10 13:50   53120   ——a-w-  c:\windows\system32\drivers\partmgr.sys
2012-06-01 15:38 . 2012-06-15 16:46   85472   ——a-w-  c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@=”{472083B0-C522-11CF-8763-00608CC02F24}”
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15   123536   ——a-w-  c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-04-11 1233920]
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-10-23 39408]
“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2012-05-21 3905920]
“Acer Tour Reminder”=”” [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe” [2007-03-21 174872]
“RtHDVCpl”=“RtHDVCpl.exe” [2007-07-06 4669440]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2007-05-09 865840]
“PCMService”=“c:\program files\Acer\Acer Arcade\PCMService.exe” [2007-06-21 155648]
“LManager”=“c:\progra~1\LAUNCH~1\LManager.exe” [2007-07-12 846344]
“WarReg_PopUp”=“c:\acer\WR_PopUp\WarReg_PopUp.exe” [2006-11-05 57344]
“Acer Tour Reminder”=“c:\acer\AcerTour\Reminder.exe” [2007-05-22 151552]
“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2007-03-11 49152]
“Skytel”=“Skytel.exe” [2007-06-16 1826816]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2011-08-31 40368]
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2011-03-29 937920]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2008-02-11 141848]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2008-02-11 166424]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2008-02-11 133656]
“avast”=“c:\program files\AVAST Software\Avast\avastUI.exe” [2012-03-07 4241512]
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-21 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL” [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ——a-w-  c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=”“
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2007-04-25 15:33   457216   ——a-w-  c:\acer\Empowering Technology\eDataSecurity\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 257224]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ     PLA DPS BFE mpssvc
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
.
Indhold af mappen ‘Planlagte Opgaver’
.
2012-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 16:55]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:53]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:53]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.dk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://da.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 193.162.153.164 194.239.134.83
FF - ProfilePath - c:\users\Pallellen\AppData\Roaming\Mozilla\Firefox\Profiles\qt9mh29h.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-16 19:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
——————————- DLLs startet under kørende Processer——————————-
.
- - - - - - - > ‘Explorer.exe’(4996)
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
————————————Andre kørende processer————————————
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Heimdal\HeimdalSecureDNS\DnsService.exe
c:\program files\Heimdal\Service\HeimdalAgentService.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Heimdal\Client\HeimdalAgent.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\PALLEL~1\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Gennemført tid: 2012-06-16 19:24:41 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-06-16 17:22
ComboFix2.txt 2012-06-13 17:49
.
Pre-Kørsel: 37.422.268.416 byte ledig
Post-Kørsel: 37.402.296.320 byte ledig
.
- - End Of File - - 1F7F104BEB1B7B26C27865C7A64BFDE3

Der er så kommet et yderligere problem i Avast mail skjoldet vil ikke aktiveres/køres, tænker lidt på at fjerne Avast og genindstallere Avast men hvad kan problemet her skyldes, ellers virker det som at computeren kører hæderligt

Det ser faktisk fornuftigt ud altsammen, Hvis du ikke har gjort det, så genintaller Avast, og årsagen ! tjah og tjoh. Det er en måde at fortælle at jeg ved ikke

Hej og mange tak for hjælpen Emeritus, Avast kører igen og det gør maskinen osse .
Jeg sætter lidt ind på Kaffe kontoen som lovet.

Mvh
Erik Andreasen

Her må lukkes