Hej

Blekko er ikke en virus, men Software du kom til at installere

Du bør også læse dette

———

Download OTL af OldTimer og gem den på dit skrivebord.

Start OTL

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

Øverst sætter du flueben i “Scan All Users”

Luk alle åbne vinduer og klik på “Quick Scan”  og lad programmet køre.

Det vil give to logfiler på skrivebordet, OTL.txt og Extras.txt.

Så kopier følgende ind i dit næste indlæg:

Indholdet af OTL.txt

(Extras.txt skal ikke bruges lige nu)

Da den er forholdsvis lang, kan du blive nødt til at sende den i flere indlæg.

OTL logfile created on: 7/8/2012 5:20:21 PM - Run 1
OTL by OldTimer - Version 3.2.53.1   Folder = C:\Users\Kaj Andersen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

5.99 Gb Total Physical Memory | 3.10 Gb Available Physical Memory | 51.76% Memory free
11.98 Gb Paging File | 8.69 Gb Available in Paging File | 72.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458.45 Gb Total Space | 367.68 Gb Free Space | 80.20% Space Free | Partition Type: NTFS
Drive D: | 458.96 Gb Total Space | 379.67 Gb Free Space | 82.72% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1713.40 Gb Free Space | 91.97% Space Free | Partition Type: NTFS

Computer Name: KAJANDERSENS-PC | User Name: Kaj Andersen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/08 17:18:00 | 000,595,968 |——| M] (OldTimer Tools)—C:\Users\Kaj Andersen\Desktop\OTL.exe
PRC - [2012/07/03 18:21:30 | 004,273,976 |——| M] (AVAST Software)—C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 18:21:29 | 000,044,808 |——| M] (AVAST Software)—C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/23 10:00:39 | 002,346,592 |——| M] (Emsi Software GmbH)—C:\Program Files (x86)\Online Armor\oaui.exe
PRC - [2012/06/23 10:00:17 | 004,382,968 |——| M] (Emsi Software GmbH)—C:\Program Files (x86)\Online Armor\oasrv.exe
PRC - [2012/06/23 09:59:22 | 001,168,296 |——| M] (Emsi Software GmbH)—C:\Program Files (x86)\Online Armor\OAhlp.exe
PRC - [2012/06/23 09:59:08 | 000,210,920 |——| M] (Emsi Software GmbH)—C:\Program Files (x86)\Online Armor\OAcat.exe
PRC - [2012/06/16 12:47:25 | 000,913,888 |——| M] (Mozilla Corporation)—C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/03 19:31:22 | 000,096,768 |——| M] (Freemake)—C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 |——| M] (Adobe Systems Incorporated)—C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/15 10:53:00 | 002,253,120 |——| M] (NVIDIA Corporation)—C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/11/11 14:31:54 | 000,334,448 |——| M] (VMware, Inc.)—C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/11/11 14:31:50 | 000,404,080 |——| M] (VMware, Inc.)—C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/11/11 14:31:36 | 000,064,112 |——| M] (VMware, Inc.)—C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010/11/11 14:30:44 | 000,113,264 |——| M] (VMware, Inc.)—C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010/11/11 13:31:44 | 000,539,248 |——| M] (VMware, Inc.)—C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/06/13 11:41:10 | 019,524,440 |——| M] (Firetrust Ltd)—C:\Program Files (x86)\FireTrust\MailWasher Free\MailWasher.exe
PRC - [2009/08/28 11:38:58 | 001,150,496 |——| M] (Acer Incorporated)—C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/13 00:04:44 | 000,062,208 |——| M] (NewTech Infosystems, Inc.)—C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/08/07 15:29:54 | 000,186,904 |——| M] (Intel Corporation)—C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 15:29:36 | 000,354,840 |——| M] (Intel Corporation)—C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/07/04 03:47:12 | 000,240,160 |——| M] (Acer)—C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2008/10/20 15:01:28 | 000,222,512 |——| M] (Brother Industries, Ltd.)—C:\Program Files (x86)\Brownie\Brnipmon.exe
PRC - [2008/08/13 05:49:30 | 000,405,504 |——| M] (Creative Technology Ltd)—C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
PRC - [2008/05/21 13:42:56 | 000,064,000 |——| M] (Creative Technology Ltd)—C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 |——| M] (Protexis Inc.)—C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/04/02 08:15:40 | 000,061,440 |——| M] (Creative Technology Ltd)—C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
PRC - [1999/04/29 14:23:28 | 000,405,560 |——| M] (Microsoft Corporation)—C:\Program Files (x86)\Programlinje\Office\1030\msoffice.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/16 12:47:25 | 002,042,848 |——| M] ()—C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 |——| M] ()—C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 |——| M] ()—C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/11 14:31:14 | 000,068,720 |——| M] ()—C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2010/11/11 14:31:00 | 000,970,352 |——| M] ()—C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2010/05/28 13:57:36 | 000,801,976 |——| M] ()—C:\Program Files (x86)\FireTrust\MailWasher Free\ContactsLib.dll
MOD - [2010/04/19 08:48:28 | 000,277,904 |——| M] ()—C:\Program Files (x86)\FireTrust\MailWasher Free\sqlite3.dll
MOD - [2009/08/25 17:51:10 | 000,155,320 |——| M] ()—C:\Program Files (x86)\FireTrust\MailWasher Free\mailprefs.dll
MOD - [2009/06/25 15:40:04 | 000,977,080 |——| M] ()—C:\Program Files (x86)\FireTrust\MailWasher Free\MCore.dll
MOD - [2008/09/12 17:39:34 | 000,611,936 |——| M] ()—C:\Program Files (x86)\FireTrust\MailWasher Free\MailAnalysis.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 18:21:29 | 000,044,808 |——| M] (AVAST Software) [Auto | Running]—C:\Program Files\AVAST Software\Avast\AvastSvc.exe—(avast! Antivirus)
SRV:64bit: - [2010/05/06 11:30:22 | 000,357,456 |——| M] (Logitech, Inc.) [On_Demand | Stopped]—C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe—(LBTServ)
SRV:64bit: - [2009/12/21 10:44:06 | 000,535,552 |——| M] (CSR, plc) [Auto | Running]—C:\Windows\SysNative\HFGService.dll—(HFGService)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 |——| M] (Microsoft Corporation) [On_Demand | Stopped]—C:\Program Files\Windows Defender\mpsvc.dll—(WinDefend)
SRV:64bit: - [2009/07/04 03:47:12 | 000,240,160 |——| M] (Acer) [Auto | Running]—C:\Program Files\Acer\Acer Updater\UpdaterService.exe—(Updater Service)
SRV - [2012/06/24 05:13:01 | 000,250,056 |——| M] (Adobe Systems Incorporated) [On_Demand | Stopped]—C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe—(AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/23 10:00:17 | 004,382,968 |——| M] (Emsi Software GmbH) [Auto | Running]—C:\Program Files (x86)\Online Armor\oasrv.exe—(SvcOnlineArmor)
SRV - [2012/06/23 09:59:08 | 000,210,920 |——| M] (Emsi Software GmbH) [Auto | Running]—C:\Program Files (x86)\Online Armor\OAcat.exe—(OAcat)
SRV - [2012/06/16 12:47:25 | 000,113,120 |——| M] (Mozilla Foundation) [On_Demand | Stopped]—C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe—(MozillaMaintenance)
SRV - [2012/05/03 19:31:22 | 000,096,768 |——| M] (Freemake) [Auto | Running]—C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe—(Freemake Improver)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R—- | M] (Skype Technologies) [Auto | Stopped]—C:\Program Files (x86)\Skype\Updater\Updater.exe—(SkypeUpdate)
SRV - [2012/01/03 15:10:42 | 000,063,928 |——| M] (Adobe Systems Incorporated) [Auto | Running]—C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe—(AdobeARMservice)
SRV - [2011/10/15 10:53:00 | 002,253,120 |——| M] (NVIDIA Corporation) [Auto | Running]—C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe—(nvUpdatusService)
SRV - [2010/11/11 14:31:54 | 000,334,448 |——| M] (VMware, Inc.) [Auto | Running]—C:\Windows\SysWow64\vmnetdhcp.exe—(VMnetDHCP)
SRV - [2010/11/11 14:31:50 | 000,404,080 |——| M] (VMware, Inc.) [Auto | Running]—C:\Windows\SysWow64\vmnat.exe—(VMware NAT Service)
SRV - [2010/11/11 14:30:44 | 000,113,264 |——| M] (VMware, Inc.) [Auto | Running]—C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe—(VMAuthdService)
SRV - [2010/11/11 13:31:44 | 000,539,248 |——| M] (VMware, Inc.) [Auto | Running]—C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe—(VMUSBArbService)
SRV - [2010/08/19 14:57:14 | 000,191,024 |——| M] (VMware, Inc.) [On_Demand | Stopped]—C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe—(ufad-ws60)
SRV - [2010/03/29 08:53:22 | 000,068,000 |——| M] (NOS Microsystems Ltd.) [On_Demand | Stopped]—C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll—(getPlusHelper) @C:\Program Files (x86)
SRV - [2010/03/18 14:16:28 | 000,130,384 |——| M] (Microsoft Corporation) [Auto | Stopped]—C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe—(clr_optimization_v4.0.30319_32)
SRV - [2010/02/12 19:39:24 | 000,103,424 |——| M] (Anuko International Ltd.) [Auto | Running]—C:\Program Files (x86)\Anuko\World Clock\timesync.exe—(AnukoTime)
SRV - [2009/08/28 11:38:58 | 001,150,496 |——| M] (Acer Incorporated) [Auto | Running]—C:\Program Files (x86)\Acer\Registration\GregHSRW.exe—(Greg_Service)
SRV - [2009/08/13 00:04:44 | 000,062,208 |——| M] (NewTech Infosystems, Inc.) [Auto | Running]—C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe—(NTI IScheduleSvc)
SRV - [2009/08/07 15:29:36 | 000,354,840 |——| M] (Intel Corporation) [Auto | Running]—C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe—(IAANTMON) Intel(R)
SRV - [2009/07/28 21:25:34 | 000,935,208 |——| M] (Nero AG) [Disabled | Stopped]—C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe—(Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 23:23:09 | 000,066,384 |——| M] (Microsoft Corporation) [Disabled | Stopped]—C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe—(clr_optimization_v2.0.50727_32)
SRV - [2008/05/21 13:42:56 | 000,064,000 |——| M] (Creative Technology Ltd) [Auto | Running]—C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe—(CTUPnPSv)
SRV - [2007/12/17 06:00:00 | 000,163,840 |——| M] (SEIKO EPSON CORPORATION) [Auto | Running]—C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE—(EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/07/24 12:15:14 | 000,185,632 |——| M] (Protexis Inc.) [Auto | Running]—C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe—(PSI_SVC_2)
SRV - [2007/05/31 17:11:54 | 000,443,784 |——| M] (Microsoft Corporation) [Auto | Running]—C:\Windows\WindowsMobile\wcescomm.dll—(WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 |——| M] (Microsoft Corporation) [Auto | Running]—C:\Windows\WindowsMobile\rapimgr.dll—(RapiMgr)
SRV - [2007/04/02 08:15:40 | 000,061,440 |——| M] (Creative Technology Ltd) [Auto | Running]—C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe—(CTDevice_Srv)
SRV - [2007/01/11 06:02:00 | 000,126,464 |——| M] (SEIKO EPSON CORPORATION) [Auto | Running]—C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE—(EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 18:21:52 | 000,958,400 |——| M] (AVAST Software) [File_System | System | Running]—C:\Windows\SysNative\drivers\aswSnx.sys—(aswSnx)
DRV:64bit: - [2012/07/03 18:21:52 | 000,355,856 |——| M] (AVAST Software) [Kernel | System | Running]—C:\Windows\SysNative\drivers\aswSP.sys—(aswSP)
DRV:64bit: - [2012/07/03 18:21:52 | 000,071,064 |——| M] (AVAST Software) [File_System | Auto | Running]—C:\Windows\SysNative\drivers\aswMonFlt.sys—(aswMonFlt)
DRV:64bit: - [2012/07/03 18:21:52 | 000,059,728 |——| M] (AVAST Software) [Kernel | System | Running]—C:\Windows\SysNative\drivers\aswTdi.sys—(aswTdi)
DRV:64bit: - [2012/07/03 18:21:52 | 000,054,072 |——| M] (AVAST Software) [Kernel | System | Running]—C:\Windows\SysNative\drivers\aswRdr2.sys—(aswRdr)
DRV:64bit: - [2012/07/03 18:21:51 | 000,025,232 |——| M] (AVAST Software) [File_System | Auto | Running]—C:\Windows\SysNative\drivers\aswFsBlk.sys—(aswFsBlk)
DRV:64bit: - [2012/06/23 10:01:10 | 000,035,368 |——| M] (Emsisoft) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\OAnet.sys—(OAnet)
DRV:64bit: - [2012/03/26 23:45:14 | 000,037,888 |——| M] (AnchorFree Inc) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\taphss.sys—(taphss)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 |——| M] (Microsoft Corporation) [Recognizer | Boot | Unknown]—C:\Windows\SysNative\drivers\fs_rec.sys—(Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 |——| M] (Apple, Inc.) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\usbaapl64.sys—(USBAAPL64)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 |——| M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\amdsata.sys—(amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 |——| M] (Advanced Micro Devices) [Kernel | Boot | Running]—C:\Windows\SysNative\drivers\amdxata.sys—(amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 |——| M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\HpSAMD.sys—(HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 |——| M] (Microsoft Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\TsUsbFlt.sys—(TsUsbFlt)
DRV:64bit: - [2010/11/20 12:49:51 | 000,146,432 |——| M] (Microsoft Corporation) [Kernel | Auto | Running]—C:\Windows\SysNative\drivers\rmcast.sys—(RMCAST)
DRV:64bit: - [2010/11/11 14:32:32 | 000,081,008 |——| M] (VMware, Inc.) [Kernel | Auto | Running]—C:\Windows\SysNative\drivers\vmci.sys—(vmci)
DRV:64bit: - [2010/11/11 14:32:20 | 000,068,720 |——| M] (VMware, Inc.) [Kernel | Auto | Running]—C:\Windows\SysNative\drivers\vmx86.sys—(vmx86)
DRV:64bit: - [2010/11/11 14:30:34 | 000,031,856 |——| M] (VMware, Inc.) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\VMkbd.sys—(vmkbd)
DRV:64bit: - [2010/11/11 14:30:18 | 000,030,320 |——| M] (VMware, Inc.) [Kernel | Auto | Running]—C:\Windows\SysNative\drivers\vmnetuserif.sys—(VMnetuserif)
DRV:64bit: - [2010/11/11 13:31:32 | 000,038,512 |——| M] (VMware, Inc.) [Kernel | Auto | Running]—C:\Windows\SysNative\drivers\hcmon.sys—(hcmon)
DRV:64bit: - [2010/11/11 11:04:52 | 000,045,104 |——| M] (VMware, Inc.) [Kernel | Auto | Running]—C:\Windows\SysNative\drivers\vmnetbridge.sys—(VMnetBridge)
DRV:64bit: - [2010/11/11 11:04:52 | 000,037,680 |——| M] (VMware, Inc.) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\vmusb.sys—(vmusb)
DRV:64bit: - [2010/11/11 11:04:52 | 000,020,016 |——| M] (VMware, Inc.) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\vmnetadapter.sys—(VMnetAdapter)
DRV:64bit: - [2010/03/18 11:00:16 | 000,057,936 |——| M] (Logitech, Inc.) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\LMouFilt.Sys—(LMouFilt)
DRV:64bit: - [2010/03/18 11:00:00 | 000,063,568 |——| M] (Logitech, Inc.) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\LHidFilt.Sys—(LHidFilt)
DRV:64bit: - [2010/02/01 10:35:59 | 001,101,600 |——| M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\netr28ux.sys—(netr28ux)
DRV:64bit: - [2009/12/21 11:43:00 | 000,078,848 |——| M] (CSR, plc) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\bthav.sys—(csr_a2dp)
DRV:64bit: - [2009/12/21 10:43:36 | 000,052,224 |——| M] (CSR, plc) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\BthAudioHF.sys—(BthAudioHF)
DRV:64bit: - [2009/08/13 08:38:24 | 000,029,184 |——| M] (CSR, plc) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\BthAvrcp.sys—(BthAvrcp)
DRV:64bit: - [2009/08/07 15:24:14 | 000,408,600 |——| M] (Intel Corporation) [Kernel | Boot | Running]—C:\Windows\SysNative\drivers\iaStor.sys—(iaStor)
DRV:64bit: - [2009/07/18 07:18:48 | 000,109,480 |——| M] (JMicron Technology Corp.) [Kernel | Boot | Running]—C:\Windows\SysNative\drivers\jraid.sys—(JRAID)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 |——| M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\amdsbs.sys—(amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 |——| M] (LSI Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\lsi_sas2.sys—(LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 |——| M] (Promise Technology) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\stexstor.sys—(stexstor)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 |——| M] (Microsoft Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\usb8023x.sys—(usb_rndisx)
DRV:64bit: - [2009/07/13 23:59:33 | 005,020,672 |——| M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\atikmdag.sys—(atikmdag)
DRV:64bit: - [2009/06/12 23:49:36 | 000,041,680 |——| M] (Intel Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\qd262x64.sys—(ioatdma2) Intel(R)
DRV:64bit: - [2009/06/12 23:49:32 | 000,040,144 |——| M] (Intel Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\qd162x64.sys—(ioatdma1)
DRV:64bit: - [2009/06/12 12:19:58 | 000,287,960 |——| M] (Intel Corporation) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\e1y62x64.sys—(e1yexpress) Intel(R)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 |——| M] (Broadcom Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\evbda.sys—(ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 |——| M] (Broadcom Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\bxvbda.sys—(b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 |——| M] (Broadcom Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\b57nd60a.sys—(b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 |——| M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\hcw85cir.sys—(hcw85cir)
DRV:64bit: - [2009/06/02 13:15:30 | 000,060,464 |——| M] (Egis Technology Inc.) [Kernel | System | Running]—C:\Windows\SysNative\drivers\mwlPSDVDisk.sys—(mwlPSDVDisk)
DRV:64bit: - [2009/06/02 13:15:30 | 000,022,576 |——| M] (Egis Technology Inc.) [File_System | System | Running]—C:\Windows\SysNative\drivers\mwlPSDFilter.sys—(mwlPSDFilter)
DRV:64bit: - [2009/06/02 13:15:30 | 000,020,016 |——| M] (Egis Technology Inc.) [Kernel | System | Running]—C:\Windows\SysNative\drivers\mwlPSDNserv.sys—(mwlPSDNServ)
DRV:64bit: - [2009/06/01 14:50:52 | 000,033,160 |——| M] (Microsoft Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\point64k.sys—(Point64)
DRV:64bit: - [2009/06/01 14:50:52 | 000,015,752 |——| M] (Microsoft Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\nuidfltr.sys—(NuidFltr)
DRV:64bit: - [2009/05/28 18:38:22 | 000,025,992 |——| M] (Microsoft Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\dc3d.sys—(dc3d) MS Hardware Device Detection Driver (HID)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 |——| M] (GEAR Software Inc.) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\GEARAspiWDM.sys—(GEARAspiWDM)
DRV:64bit: - [2009/05/08 16:08:00 | 000,020,520 |——| M] (GARMIN Corp.) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\grmnusb.sys—(grmnusb)
DRV:64bit: - [2009/05/06 01:46:08 | 000,018,432 |——| M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\NTIDrvr.sys—(NTIDrvr)
DRV:64bit: - [2009/05/06 01:46:08 | 000,016,896 |——| M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\UBHelper.sys—(UBHelper)
DRV:64bit: - [2008/09/23 11:19:04 | 000,034,840 |——| M] (Creative Technology Ltd.) [Kernel | On_Demand | Running]—C:\Windows\SysNative\drivers\gwfilt64.sys—(gwfilt64)
DRV:64bit: - [2007/04/11 17:30:04 | 000,043,416 |——| M] (Intel Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\IAMTVE.sys—(IAMTVE) Driver for Intel(R)
DRV:64bit: - [2007/04/11 17:29:58 | 000,051,096 |——| M] (Intel Corporation) [Kernel | On_Demand | Stopped]—C:\Windows\SysNative\drivers\IAMTXPE.sys—(IAMTXPE) Driver for Intel(R)
DRV - [2012/06/23 10:01:09 | 000,061,624 |——| M] () [File_System | System | Running]—C:\Windows\SysWOW64\drivers\OADriver.sys—(OADevice)
DRV - [2012/06/23 10:01:09 | 000,040,512 |——| M] (Emsisoft) [Kernel | System | Running]—C:\Windows\SysWOW64\drivers\OAmon.sys—(OAmon)
DRV - [2012/06/23 09:59:32 | 000,061,624 |——| M] () [Kernel | System | Running]—C:\Windows\SysWOW64\drivers\oahlp64.sys—(oahlpXX)
DRV - [2010/08/19 14:56:38 | 000,032,816 |——| M] (VMware, Inc.) [Kernel | Auto | Running]—C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys—(vstor2-ws60)
DRV - [2009/07/14 03:19:10 | 000,019,008 |——| M] (Microsoft Corporation) [File_System | On_Demand | Stopped]—C:\Windows\SysWOW64\drivers\wimmount.sys—(WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&m=aspire_m7721&r=17360110cn05973363315pj8m15l19
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0406&m=aspire_m7721&r=17360110cn05973363315pj8m15l19
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: “URL” = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1066435


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0



IE - HKU\S-1-5-21-3308902097-1983653174-2394158349-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3308902097-1983653174-2394158349-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ig?hl=da
IE - HKU\S-1-5-21-3308902097-1983653174-2394158349-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3308902097-1983653174-2394158349-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3308902097-1983653174-2394158349-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3308902097-1983653174-2394158349-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3308902097-1983653174-2394158349-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: “URL” = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=4FD5843A7BF6C79B4C06A14FF473D637&q={searchTerms}
IE - HKU\S-1-5-21-3308902097-1983653174-2394158349-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: “URL” = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&rlz=1I7ACAW_daDK363DK363
IE - HKU\S-1-5-21-3308902097-1983653174-2394158349-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie;={inputEncoding}&oe;={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3308902097-1983653174-2394158349-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: “URL” = http://isearch.avg.com/search?cid={910E12C2-9004-4BBF-BBEC-294F1C852174}&mid=b1f32a3de76aa11e6cee61456354b880-a91a549afd72eff06951e5b5e3fcae28f541e783&lang=da&ds=AVG&pr=fr&d=2012-06-17 21:08:32&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3308902097-1983653174-2394158349-1000\..\SearchScopes\{E0C1F01C-294F-47E7-9557-DC4887CC78CC}: “URL” = http://search.avg.com/route/?d=4d84456d&v=6.11.25.1&i=23&tp=chrome&q={searchTerms}&lng;={language}&iy;=&ychte=us
IE - HKU\S-1-5-21-3308902097-1983653174-2394158349-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0
IE - HKU\S-1-5-21-3308902097-1983653174-2394158349-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” = *.local


========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: “Productivity 3.1 Customized Web Search”
FF - prefs.js..browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=3&q={searchTerms}”
FF - prefs.js..browser.search.order.1: “Blekko”
FF - prefs.js..browser.startup.homepage: “http://www.google.dk/webhp?hl=da”
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: .:1.98.20110322
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: .:1.0.0.608
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: .:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..keyword.URL: “http://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=2&q=”


FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/VirtualEarth3D,version=4.0: C:\\Program Files (x86)\\Virtual Earth 3D\\ File not found
FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_3_300_262.dll ()
FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/ShockwavePlayer: C:\\Windows\\SysWOW64\\Adobe\\Director\\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=:  File not found
FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=1.0: C:\\Program Files (x86)\\iTunes\\Mozilla Plugins\\npitunes.dll ()
FF - HKLM\\Software\\MozillaPlugins\\@garmin.com/GpsControl: C:\\Program Files (x86)\\Garmin GPS Plugin\\npGarmin.dll (GARMIN Corp.)
FF - HKLM\\Software\\MozillaPlugins\\@Google.com/GoogleEarthPlugin: C:\\Program Files (x86)\\Google\\Google Earth\\plugin\\npgeplugin.dll (Google)
FF - HKLM\\Software\\MozillaPlugins\\@google.com/npPicasa3,version=3.0.0: C:\\Program Files (x86)\\Google\\Picasa3\\npPicasa3.dll (Google, Inc.)
FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.5.1: C:\\Windows\\SysWOW64\\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.5.1: C:\\Program Files (x86)\\Oracle\\JavaFX 2.1 Runtime\\bin\\plugin2\\npjp2.dll (Oracle Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files (x86)\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll ( Microsoft Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeLive,version=1.5: C:\\Program Files (x86)\\Microsoft\\Office Live\\npOLW.dll (Microsoft Corp.)
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3502.0922: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3508.1109: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3538.0513: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3555.0308: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files (x86)\\Google\\Update\\1.3.21.111\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files (x86)\\Google\\Update\\1.3.21.111\\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\wrc@avast.com: C:\\Program Files\\AVAST Software\\Avast\\WebRep\\FF [2012/07/07 20:38:09 | 000,000,000 |—-D | M]
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 13.0.1\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2012/07/05 07:42:34 | 000,000,000 |—-D | M]
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 13.0.1\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2012/06/20 16:03:36 | 000,000,000 |—-D | M]
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 3.6.10\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2012/07/05 07:42:34 | 000,000,000 |—-D | M]
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 3.6.10\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2012/06/20 16:03:36 | 000,000,000 |—-D | M]
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 3.6.8\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2012/07/05 07:42:34 | 000,000,000 |—-D | M]
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 3.6.8\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2012/06/20 16:03:36 | 000,000,000 |—-D | M]
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 7.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2012/07/05 07:42:34 | 000,000,000 |—-D | M]
FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 7.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2012/06/20 16:03:36 | 000,000,000 |—-D | M]
FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 13.0.1\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2012/07/05 07:42:34 | 000,000,000 |—-D | M]
FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 13.0.1\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2012/06/20 16:03:36 | 000,000,000 |—-D | M]

[2010/04/14 06:25:55 | 000,000,000 |—-D | M] (No name found)—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\mozilla\\Extensions
[2012/07/05 07:42:34 | 000,000,000 |—-D | M] (No name found)—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\gajii9qc.default\\extensions
[2012/06/16 12:47:26 | 000,000,000 |—-D | M] (Flagfox)—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\gajii9qc.default\\extensions\\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/08/25 11:28:32 | 000,000,000 |—-D | M] (Garmin Communicator)—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\gajii9qc.default\\extensions\\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/05/30 18:22:00 | 000,000,000 |—-D | M] (Productivity 3.1 Community Toolbar)—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\gajii9qc.default\\extensions\\{9427041a-a8dc-4d06-9a68-93873486e957}
[2010/07/23 17:18:53 | 000,000,000 |—-D | M] (Adobe DLM (powered by getPlus(R)))—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\gajii9qc.default\\extensions\\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/05/20 08:38:47 | 000,000,000 |—-D | M] (Greasemonkey)—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\gajii9qc.default\\extensions\\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/08/09 05:58:24 | 000,000,000 |—-D | M] (Разпознаване на устройство Logitech)—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\gajii9qc.default\\extensions\\DeviceDetection@logitech.com
[2012/05/08 06:03:55 | 000,000,000 |—-D | M] (IE Tab Plus)—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\gajii9qc.default\\extensions\\ietab@ip.cn
[2010/08/22 10:18:40 | 000,000,000 |—-D | M] (LogMeIn, Inc. Remote Access Plugin)—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\gajii9qc.default\\extensions\\LogMeInClient@logmein.com
[2011/03/12 13:32:37 | 000,000,000 |—-D | M] (Personas)—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\gajii9qc.default\\extensions\\personas@christopher.beard
[2010/04/14 08:33:31 | 000,000,000 |—-D | M] (Smart Bookmarks Bar)—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\gajii9qc.default\\extensions\\smartbookmarksbar@remy.juteau
[2012/01/08 18:57:16 | 000,000,935 |——| M] ()—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\gajii9qc.default\\searchplugins\\conduit.xml
[2012/05/13 05:48:44 | 000,001,798 |——| M] ()—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\gajii9qc.default\\searchplugins\\funmoods.xml
[2012/07/05 09:49:51 | 000,000,000 |—-D | M] (No name found)—C:\\Program Files (x86)\\Mozilla Firefox\\extensions
[2012/04/21 11:25:40 | 000,000,000 |—-D | M] (Skype Click to Call)—C:\\Program Files (x86)\\Mozilla Firefox\\extensions\\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/07 20:38:09 | 000,000,000 |—-D | M] (avast! WebRep)—C:\\PROGRAM FILES\\AVAST SOFTWARE\\AVAST\\WEBREP\\FF
[2011/10/30 16:52:20 | 000,434,392 |——| M] () (No name found)—C:\\USERS\\KAJ ANDERSEN\\APPDATA\\ROAMING\\MOZILLA\\FIREFOX\\PROFILES\\GAJII9QC.DEFAULT\\EXTENSIONS\\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/06/16 12:47:25 | 000,085,472 |——| M] (Mozilla Foundation)—C:\\Program Files (x86)\\mozilla firefox\\components\\browsercomps.dll
[2012/06/17 21:08:27 | 000,003,747 |——| M] ()—C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\avg-secure-search.xml
[2011/12/03 14:53:49 | 000,002,310 |——| M] ()—C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\babylon.xml
[2012/06/08 12:57:07 | 000,002,252 |——| M] ()—C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\bing.xml
[2012/07/04 18:48:33 | 000,002,134 |——| M] ()—C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\search.xml
[2012/06/08 12:57:07 | 000,002,040 |——| M] ()—C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\twitter.xml

O1 HOSTS File: ([2012/06/11 11:00:55 | 000,000,027 |——| M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts
O1 - Hosts: 127.0.0.1     localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\\Program Files (x86)\\Hotspot Shield\\HssIE\\HssIE_64.dll File not found
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\\Program Files (x86)\\WS_FTP Pro\\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Oracle\\JavaFX 2.1 Runtime\\bin\\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - No CLSID value found.
O2 - BHO: (no name) - {9427041a-a8dc-4d06-9a68-93873486e957} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Oracle\\JavaFX 2.1 Runtime\\bin\\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\\..\\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\\..\\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\\..\\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\AVAST Software\\Avast\\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\\..\\Toolbar: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - No CLSID value found.
O3 - HKLM\\..\\Toolbar: (no name) - {9427041a-a8dc-4d06-9a68-93873486e957} - No CLSID value found.
O3:64bit: - HKU\\S-1-5-21-3308902097-1983653174-2394158349-1000\\..\\Toolbar\\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\\Run: [@OnlineArmor GUI] C:\\Program Files (x86)\\Online Armor\\oaui.exe (Emsi Software GmbH)
O4:64bit: - HKLM..\\Run: [EvtMgr6] C:\\Program Files\\Logitech\\SetPointP\\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\\Run: [IAAnotif] C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\\Run: [IntelliPoint] C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\\Run: [RtHDVCpl] C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\\Run: [Windows Mobile Device Center] C:\\Windows\\WindowsMobile\\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\\Run: [avast] C:\\Program Files\\AVAST Software\\Avast\\avastUI.exe (AVAST Software)
O4 - HKLM..\\Run: [BrStsWnd] C:\\Program Files (x86)\\Brownie\\BrstsW64.exe (brother)
O4 - HKLM..\\Run: [JMB36X IDE Setup] C:\\Windows\\RaidTool\\xInsIDE.exe ()
O4 - HKLM..\\Run: [VMware hqtray] C:\\Program Files (x86)\\VMware\\VMware Player\\hqtray.exe (VMware, Inc.)
O4 - HKU\\S-1-5-21-3308902097-1983653174-2394158349-1000..\\Run: [AnukoWorldClock] C:\\Program Files (x86)\\Anuko\\World Clock\\world_clock.exe (Anuko International Ltd.)
O4 - HKU\\S-1-5-21-3308902097-1983653174-2394158349-1000..\\Run: [Ordbogsprogrammet 2] C:\\Users\\Kaj Andersen\\AppData\\Local\\Apps\\Ordbogsprogrammet 2\\ordbogsprogrammet2.exe (Ordbogen A/S)
O4 - HKU\\S-1-5-21-3308902097-1983653174-2394158349-1000..\\Run: [SoftAuto.exe] C:\\Program Files (x86)\\Creative\\Software Update 3\\SoftAuto.exe (Creative Technology Ltd)
O4 - HKU\\S-1-5-21-3308902097-1983653174-2394158349-1006..\\Run: [Sidebar] C:\\Program Files (x86)\\Windows Sidebar\\Sidebar.exe (Microsoft Corporation)
O4 - HKU\\S-1-5-21-3308902097-1983653174-2394158349-1006..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe File not found
O4 - HKU\\S-1-5-21-3308902097-1983653174-2394158349-1006..\\RunOnce: [ScrSav] C:\\Program Files (x86)\\Acer\\Screensaver\\run_Acer.exe /default File not found
O4 - Startup: C:\\Users\\Kaj Andersen\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\MailWasherFree.lnk = C:\\Program Files (x86)\\FireTrust\\MailWasher Free\\MailWasher.exe (Firetrust Ltd)
O4 - Startup: C:\\Users\\Kaj Andersen\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Microsoft Office Programlinje.lnk = C:\\Windows\\Installer\\{00000406-78E1-11D2-B60F-006097C998E7}\\misc.exe ()
O6 - HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions present
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDrives = 0
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3
O7 - HKU\\.DEFAULT\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present
O7 - HKU\\S-1-5-18\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present
O7 - HKU\\S-1-5-19\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present
O7 - HKU\\S-1-5-20\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present
O7 - HKU\\S-1-5-21-3308902097-1983653174-2394158349-1000\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present
O7 - HKU\\S-1-5-21-3308902097-1983653174-2394158349-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDrives = 0
O7 - HKU\\S-1-5-21-3308902097-1983653174-2394158349-1006\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver; - res://C:\\Windows\\system32\\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\\PROGRA~2\\MICROS~1\\Office12\\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: E&xport; to Microsoft Excel - res://C:\\PROGRA~2\\MICROS~1\\Office12\\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver; - C:\\Windows\\SysWow64\\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\\PROGRA~2\\MICROS~1\\Office12\\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport; to Microsoft Excel - res://C:\\PROGRA~2\\MICROS~1\\Office12\\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\\Windows\\WindowsMobile\\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\\Windows\\WindowsMobile\\INetRepl.dll (Microsoft Corporation)
O9 - Extra ‘Tools’ menuitem : @C:\\Windows\\WindowsMobile\\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\\Windows\\WindowsMobile\\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra ‘Tools’ menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\\Catalog_Entries64\\000000000009 [] - C:\\Program Files\\Bonjour\\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\\Catalog_Entries64\\000000000014 - C:\\Program Files (x86)\\VMware\\VMware Player\\x64\\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\\Catalog_Entries64\\000000000015 - C:\\Program Files (x86)\\VMware\\VMware Player\\x64\\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\\Catalog_Entries\\000000000009 [] - C:\\Program Files (x86)\\Bonjour\\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\\Catalog_Entries\\000000000014 - C:\\Program Files (x86)\\VMware\\VMware Player\\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\\Catalog_Entries\\000000000015 - C:\\Program Files (x86)\\VMware\\VMware Player\\vsocklib.dll (VMware, Inc.)
O15:64bit: - ..Trusted Domains: danid.dk ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKLM\\..Trusted Domains: danid.dk ([]http in Trusted sites)
O15 - HKLM\\..Trusted Domains: danid.dk ([]https in Trusted sites)
O15 - HKU\\S-1-5-21-3308902097-1983653174-2394158349-1000\\..Trusted Domains: danid.dk ([]http in Pålidelige websteder)
O15 - HKU\\S-1-5-21-3308902097-1983653174-2394158349-1000\\..Trusted Domains: danid.dk ([]https in Pålidelige websteder)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} https://www.lsb.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab (ActiveX sikkerhedssoftware Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.extrafilm.dk/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{0E9C4E4A-0D70-462C-BB5E-556892986948}: DhcpNameServer = 193.162.153.164 192.168.0.1
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{C9C13324-AFCB-4488-A37D-F0A99390A232}: DhcpNameServer = 192.168.1.1
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{C9C13324-AFCB-4488-A37D-F0A99390A232}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\\Handler\\ipp - No CLSID value found
O18:64bit: - Protocol\\Handler\\ipp\\0x00000001 - No CLSID value found
O18:64bit: - Protocol\\Handler\\livecall - No CLSID value found
O18:64bit: - Protocol\\Handler\\msdaipp - No CLSID value found
O18:64bit: - Protocol\\Handler\\msdaipp\\0x00000001 - No CLSID value found
O18:64bit: - Protocol\\Handler\\msdaipp\\oledb - No CLSID value found
O18:64bit: - Protocol\\Handler\\ms-help - No CLSID value found
O18:64bit: - Protocol\\Handler\\ms-itss - No CLSID value found
O18:64bit: - Protocol\\Handler\\msnim - No CLSID value found
O18:64bit: - Protocol\\Handler\\skype4com - No CLSID value found
O18:64bit: - Protocol\\Handler\\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\\Handler\\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\\Handler\\wlpg - No CLSID value found
O18 - Protocol\\Handler\\ipp\\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\\Handler\\msdaipp\\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\\Handler\\msdaipp\\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\\Program Files (x86)\\Common Files\\System\\Ole DB\\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\\Handler\\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\Program Files (x86)\\Common Files\\Skype\\Skype4COM.dll (Skype Technologies)
O18 - Protocol\\Handler\\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\\Program Files (x86)\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\\Filter\\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\\Windows\\SysNative\\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysWow64\\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\\Notify\\LBTWlgn: DllName - (c:\\program files\\common files\\logishrd\\bluetooth\\LBTWlgn.dll) - c:\\program files\\common files\\logishrd\\bluetooth\\LBTWlgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\\..comfile [open]—“%1” %*
O35:64bit: - HKLM\..exefile [open]—“%1” %*
O35 - HKLM\..comfile [open]—“%1” %*
O35 - HKLM\..exefile [open]—“%1” %*
O37:64bit: - HKLM\...com [@ = ComFile]—“%1” %*
O37:64bit: - HKLM\...exe [@ = exefile]—“%1” %*
O37 - HKLM\...com [@ = ComFile]—“%1” %*
O37 - HKLM\...exe [@ = exefile]—“%1” %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/08 17:17:55 | 000,595,968 |——| C] (OldTimer Tools)—C:\Users\Kaj Andersen\Desktop\OTL.exe
[2012/07/04 18:55:39 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Local\BiniSoft.org
[2012/07/04 18:50:01 | 000,000,000 |—-D | C]—C:\Program Files\Windows Firewall Control
[2012/07/04 18:48:35 | 000,000,000 |—-D | C]—C:\ProgramData\blekko toolbars
[2012/07/04 18:48:20 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Local\blekkotb_031
[2012/07/02 11:52:06 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Local\{7967C04C-5363-4B51-838D-295B83E32BB1}
[2012/07/02 11:51:44 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Local\{E760DC9F-2EC9-4623-9C37-3991ACEAF0C3}
[2012/07/01 05:22:16 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\Documents\VirtuelProblemer
[2012/06/30 05:25:44 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes’ Anti-Malware
[2012/06/30 05:25:35 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Malwarebytes’ Anti-Malware
[2012/06/28 08:49:34 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Local\{BD7EF516-6852-4F38-AB30-25A127EF70EE}
[2012/06/28 08:49:23 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Local\{95502B0E-D00A-4325-8C80-47CFAF662509}
[2012/06/28 08:48:54 | 000,000,000 |—-D | C]—C:\Windows\da
[2012/06/28 08:46:23 | 000,000,000 |—-D | C]—C:\Program Files\Windows Live
[2012/06/28 08:44:37 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/06/28 08:44:14 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Microsoft Silverlight
[2012/06/28 08:41:17 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Local\{5427FAEC-5948-4875-98E7-EF922429C598}
[2012/06/28 08:40:56 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Local\{3192DD03-BEFB-4F6F-A542-09E3A0FF5926}
[2012/06/28 08:38:07 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Local\{53C486AC-553E-4A59-88F4-C70D08722E77}
[2012/06/28 08:37:51 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Local\{CA535C36-469A-4D1E-A82A-1FDB3DB25B82}
[2012/06/22 09:57:03 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Roaming\OnlineArmor
[2012/06/22 09:57:03 | 000,000,000 |—-D | C]—C:\ProgramData\OnlineArmor
[2012/06/22 09:55:35 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
[2012/06/22 09:55:34 | 000,040,512 |——| C] (Emsisoft)—C:\Windows\SysWow64\drivers\OAmon.sys
[2012/06/22 09:55:34 | 000,035,368 |——| C] (Emsisoft)—C:\Windows\SysNative\drivers\OAnet.sys
[2012/06/22 09:55:28 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Online Armor
[2012/06/22 08:56:47 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/06/22 08:56:46 | 000,025,232 |——| C] (AVAST Software)—C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/06/22 08:56:45 | 000,355,856 |——| C] (AVAST Software)—C:\Windows\SysNative\drivers\aswSP.sys
[2012/06/22 08:56:40 | 000,054,072 |——| C] (AVAST Software)—C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/06/22 08:56:38 | 000,059,728 |——| C] (AVAST Software)—C:\Windows\SysNative\drivers\aswTdi.sys
[2012/06/22 08:56:37 | 000,958,400 |——| C] (AVAST Software)—C:\Windows\SysNative\drivers\aswSnx.sys
[2012/06/22 08:56:37 | 000,071,064 |——| C] (AVAST Software)—C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/06/22 08:56:20 | 000,227,648 |——| C] (AVAST Software)—C:\Windows\SysWow64\aswBoot.exe
[2012/06/22 08:56:20 | 000,041,224 |——| C] (AVAST Software)—C:\Windows\avastSS.scr
[2012/06/20 16:11:26 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Common Files\Java
[2012/06/20 16:10:36 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Oracle
[2012/06/18 09:00:47 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetObjects
[2012/06/18 06:48:26 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Local\{49281A46-388E-4378-B5B3-F5E9D5DF8B18}
[2012/06/16 12:07:53 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/16 12:06:54 | 000,000,000 |—-D | C]—C:\Program Files\iTunes
[2012/06/16 12:06:54 | 000,000,000 |—-D | C]—C:\Program Files (x86)\iTunes
[2012/06/16 12:06:54 | 000,000,000 |—-D | C]—C:\Program Files\iPod
[2012/06/16 05:35:19 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Local\{FDA04423-ECF3-42F4-8561-56DFED5DAFC3}
[2012/06/12 08:16:40 | 000,000,000 |—-D | C]—C:\ProgramData\GFI Software
[2012/06/12 05:42:55 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Local\{C0DBF093-6C84-438F-818A-AD8616E024B5}
[2012/06/12 05:23:52 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Local\{E11096C4-BB12-4BF3-9932-4E51C765DA42}
[2012/06/11 21:14:07 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Roaming\AVG2012
[2012/06/11 21:11:31 | 000,000,000 | -H-D | C]—C:\$AVG
[2012/06/11 20:10:17 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Roaming\InstallShield
[2012/06/11 12:43:09 | 000,000,000 | -HSD | C]—C:\$RECYCLE.BIN
[2012/06/11 10:50:03 | 000,000,000 |—-D | C]—C:\Windows\ERDNT
[2012/06/09 05:49:35 | 000,000,000 |—-D | C]—C:\Users\Kaj Andersen\AppData\Local\Macromedia
[2009/08/15 04:24:31 | 000,036,136 |——| C] (Oberon Media)—C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2012/07/08 17:18:00 | 000,595,968 |——| M] (OldTimer Tools)—C:\Users\Kaj Andersen\Desktop\OTL.exe
[2012/07/08 17:05:00 | 000,000,944 |——| M] ()—C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/08 16:47:00 | 000,000,830 |——| M] ()—C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/08 13:05:00 | 000,000,940 |——| M] ()—C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/08 09:36:02 | 000,009,920 | -H—| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/08 09:36:02 | 000,009,920 | -H—| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/08 09:28:09 | 000,000,419 |——| M] ()—C:\Windows\Brownie.ini
[2012/07/08 09:26:07 | 000,067,584 |—S- | M] ()—C:\Windows\bootstat.dat
[2012/07/08 09:25:53 | 529,928,191 | -HS- | M] ()—C:\hiberfil.sys
[2012/07/07 20:38:10 | 000,000,000 |——| M] ()—C:\Windows\SysWow64\config.nt
[2012/07/07 08:28:54 | 001,389,832 |——| M] ()—C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/07 08:28:54 | 000,657,754 |——| M] ()—C:\Windows\SysNative\perfh009.dat
[2012/07/07 08:28:54 | 000,512,946 |——| M] ()—C:\Windows\SysNative\perfh006.dat
[2012/07/07 08:28:54 | 000,123,152 |——| M] ()—C:\Windows\SysNative\perfc009.dat
[2012/07/07 08:28:54 | 000,099,708 |——| M] ()—C:\Windows\SysNative\perfc006.dat
[2012/07/06 17:13:51 | 000,002,516 | -HS- | M] ()—C:\ProgramData\KGyGaAvL.sys
[2012/07/05 06:13:01 | 000,001,042 |——| M] ()—C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/03 18:21:52 | 000,958,400 |——| M] (AVAST Software)—C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/03 18:21:52 | 000,355,856 |——| M] (AVAST Software)—C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/03 18:21:52 | 000,071,064 |——| M] (AVAST Software)—C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 18:21:52 | 000,059,728 |——| M] (AVAST Software)—C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/03 18:21:52 | 000,054,072 |——| M] (AVAST Software)—C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/03 18:21:51 | 000,025,232 |——| M] (AVAST Software)—C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 18:21:32 | 000,041,224 |——| M] (AVAST Software)—C:\Windows\avastSS.scr
[2012/07/03 18:21:28 | 000,227,648 |——| M] (AVAST Software)—C:\Windows\SysWow64\aswBoot.exe
[2012/07/03 18:21:18 | 000,285,328 |——| M] (AVAST Software)—C:\Windows\SysNative\aswBoot.exe
[2012/07/01 19:39:17 | 000,054,457 |——| M] ()—C:\Users\Kaj Andersen\Documents\KontoudskrNykredit220612.pdf
[2012/07/01 15:35:44 | 000,001,649 |——| M] ()—C:\Users\Kaj Andersen\Desktop\VMWare Player.lnk
[2012/07/01 09:50:18 | 000,001,983 |——| M] ()—C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/23 10:01:10 | 000,035,368 |——| M] (Emsisoft)—C:\Windows\SysNative\drivers\OAnet.sys
[2012/06/23 10:01:09 | 000,061,624 |——| M] ()—C:\Windows\SysWow64\drivers\OADriver.sys
[2012/06/23 10:01:09 | 000,040,512 |——| M] (Emsisoft)—C:\Windows\SysWow64\drivers\OAmon.sys
[2012/06/23 09:59:32 | 000,061,624 |——| M] ()—C:\Windows\SysWow64\drivers\oahlp64.sys
[2012/06/18 09:00:49 | 000,002,180 |——| M] ()—C:\Users\Public\Desktop\NetObjects Fusion 9.0.lnk
[2012/06/16 18:08:24 | 000,001,478 |——| M] ()—C:\Users\Kaj Andersen\Desktop\Internet Explorer (64-bit).lnk
[2012/06/13 05:21:55 | 000,428,808 |——| M] ()—C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/12 05:35:05 | 000,000,008 | RHS- | M] ()—C:\ProgramData\E268FC80EE.sys
[2012/06/11 20:14:44 | 000,001,912 |——| M] ()—C:\Windows\epplauncher.mif
[2012/06/11 11:00:55 | 000,000,027 |——| M] ()—C:\Windows\SysNative\drivers\etc\hosts
[2012/06/10 09:31:11 | 000,322,425 |——| M] ()—C:\Users\Kaj Andersen\Documents\OTL Extras logfile created on.pdf
[2012/06/09 05:24:12 | 000,001,045 |——| M] ()—C:\Windows\wininit.ini

========== Files Created - No Company Name ==========

[2012/07/05 06:13:01 | 000,001,042 |——| C] ()—C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/01 19:39:17 | 000,054,457 |——| C] ()—C:\Users\Kaj Andersen\Documents\KontoudskrNykredit220612.pdf
[2012/07/01 15:35:44 | 000,001,649 |——| C] ()—C:\Users\Kaj Andersen\Desktop\VMWare Player.lnk
[2012/07/01 09:50:18 | 000,001,983 |——| C] ()—C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/28 08:48:19 | 000,001,395 |——| C] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/06/22 09:55:34 | 000,061,624 |——| C] ()—C:\Windows\SysWow64\drivers\oahlp64.sys
[2012/06/22 09:55:34 | 000,061,624 |——| C] ()—C:\Windows\SysWow64\drivers\OADriver.sys
[2012/06/18 09:00:49 | 000,002,180 |——| C] ()—C:\Users\Public\Desktop\NetObjects Fusion 9.0.lnk
[2012/06/16 18:08:24 | 000,001,478 |——| C] ()—C:\Users\Kaj Andersen\Desktop\Internet Explorer (64-bit).lnk
[2012/06/12 05:35:05 | 000,000,008 | RHS- | C] ()—C:\ProgramData\E268FC80EE.sys
[2012/06/10 09:31:10 | 000,322,425 |——| C] ()—C:\Users\Kaj Andersen\Documents\OTL Extras logfile created on.pdf
[2012/06/09 05:49:28 | 000,000,830 |——| C] ()—C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/11/11 16:51:28 | 000,577,536 |——| C] ()—C:\Windows\SysWow64\ChilkatCsv.dll
[2011/10/15 01:54:52 | 000,321,856 |——| C] ()—C:\Windows\SysWow64\nvStreaming.exe
[2011/09/03 06:31:49 | 000,000,064 |——| C] ()—C:\Windows\SysWow64\rp_stats.dat
[2011/09/03 06:31:49 | 000,000,044 |——| C] ()—C:\Windows\SysWow64\rp_rules.dat
[2011/05/26 14:09:58 | 000,037,689 |——| C] ()—C:\Users\Kaj Andersen\AppData\Roaming\ordbogen.dmp
[2010/12/12 15:52:08 | 000,000,840 |——| C] ()—C:\Windows\_delis32.ini
[2010/11/26 10:56:13 | 000,000,153 |——| C] ()—C:\Windows\BRVIDEO.INI
[2010/11/26 10:56:13 | 000,000,000 |——| C] ()—C:\Windows\brmx2001.ini
[2010/11/26 10:55:46 | 000,000,465 |——| C] ()—C:\Windows\BRWMARK.INI
[2010/11/26 10:55:42 | 000,022,898 |——| C] ()—C:\Windows\HL-3040CN.INI
[2010/11/26 10:55:40 | 000,045,056 |——| C] ()—C:\Windows\SysWow64\BRTCPCON.DLL
[2010/11/26 10:55:39 | 000,000,114 |——| C] ()—C:\Windows\SysWow64\BRLMW03A.INI
[2010/11/26 10:24:29 | 000,000,419 |——| C] ()—C:\Windows\Brownie.ini
[2010/07/22 15:14:05 | 000,000,090 |——| C] ()—C:\Windows\SysWow64\ftm31.dat
[2010/05/01 14:31:41 | 000,000,000 |——| C] ()—C:\Users\Kaj Andersen\AppData\Local\prvlcl.dat
[2010/04/15 06:25:31 | 000,000,017 |——| C] ()—C:\Users\Kaj Andersen\AppData\Local\resmon.resmoncfg
[2010/02/17 12:41:05 | 000,030,208 |——| C] ()—C:\Users\Kaj Andersen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/05 10:12:38 | 000,000,000 |——| C] ()—C:\Users\Kaj Andersen\temp.dat
[2010/02/02 07:17:41 | 000,000,514 |——| C] ()—C:\Users\Kaj Andersen\081030.nykredit
[2010/01/27 15:54:09 | 000,000,169 |——| C] ()—C:\Users\Kaj Andersen\LAViewer.properties
[2010/01/24 12:00:04 | 000,002,516 | -HS- | C] ()—C:\ProgramData\KGyGaAvL.sys
[2010/01/22 16:38:37 | 000,000,056 | -H—| C] ()—C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2010/01/24 19:10:01 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\Anuko
[2010/01/24 08:08:05 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\Anuko World Clock
[2010/12/31 15:19:52 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\AVG10
[2012/06/11 21:14:07 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\AVG2012
[2010/04/27 17:19:30 | 000,

Lidt mystisk. Jeg var lidt forundret over, at det hele kunne være der på een gang, endda med god plads. Når jeg så ser efter, er det, som om der mangler den sidste smule. Den kommer her

========== LOP Check ==========

[2010/01/24 19:10:01 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\Anuko
[2010/01/24 08:08:05 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\Anuko World Clock
[2010/12/31 15:19:52 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\AVG10
[2012/06/11 21:14:07 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\AVG2012
[2010/04/27 17:19:30 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\AVG9
[2011/12/03 14:53:47 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\Babylon
[2010/02/05 09:27:27 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\Cryptomathic
[2010/04/06 22:52:07 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\EPSON
[2010/07/15 16:21:03 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\eSobi
[2011/10/20 11:55:46 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\EurekaLog
[2010/10/04 13:06:07 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\Firetrust
[2010/01/21 18:05:02 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\GameConsole
[2010/05/16 14:43:57 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\GARMIN
[2012/07/06 15:48:20 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\gsak
[2012/03/30 17:05:34 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\IrfanView
[2010/02/22 10:36:34 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\Jasc
[2010/03/05 12:01:49 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\Leadertech
[2012/07/08 09:27:49 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\MailWasherFree
[2011/10/14 09:01:14 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\MailWasherPro
[2011/09/25 06:12:57 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\MP3FreeDownloader
[2012/06/22 09:57:10 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\OnlineArmor
[2010/02/05 12:03:48 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\pdf995
[2010/01/22 12:20:35 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\PowerCinema
[2010/01/21 18:49:48 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\SoftDMA
[2011/12/15 09:57:53 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\SumatraPDF
[2012/01/07 11:49:43 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\Uniblue
[2011/09/08 06:38:47 | 000,000,000 |—-D | M]—C:\Users\Kaj Andersen\AppData\Roaming\Windows Live Writer
[2012/06/08 16:21:02 | 000,032,550 |——| M] ()—C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Start OTL

Vista og Windows 7 - højreklik på filen - Kør som Administrator.

Kopier nedenstånde med fed skrift ind i feltet “Custom Scans/Fixes”

:OTL
IE - HKU\S-1-5-21-3308902097-1983653174-2394158349-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: “URL” = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=4FD5843A7BF6C79B4C06A14FF473D637&q={searchTerms}
[2012/05/30 18:22:00 | 000,000,000 |—-D | M] (Productivity 3.1 Community Toolbar)—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\gajii9qc.default\\extensions\\{9427041a-a8dc-4d06-9a68-93873486e957}
FF - prefs.js..browser.search.defaultthis.engineName: “Productivity 3.1 Customized Web Search”
FF - prefs.js..browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=3&q={searchTerms}”
FF - prefs.js..browser.search.order.1: “Blekko”
FF - prefs.js..keyword.URL: “http://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=2&q=”
O2 - BHO: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - No CLSID value found.
O2 - BHO: (no name) - {9427041a-a8dc-4d06-9a68-93873486e957} - No CLSID value found.
O3 - HKLM\\..\\Toolbar: (no name) - {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - No CLSID value found.
O3 - HKLM\\..\\Toolbar: (no name) - {9427041a-a8dc-4d06-9a68-93873486e957} - No CLSID value found.

:Commands
[CREATERESTOREPOINT]
[emptytemp]
[Reboot]

Luk alle andre åbne vinduer og klik på “Run Fix”

Efter genstart åbnes en logfil, kopier den tekst herind i denne tråd.

Ellers ligger den her: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log

PS Deaktiver dine Sikkerheds programmer, mens “Fixet” kører.

Hvordan kører PCen

Efter at have kørt gennem det angivne, forsøgte jeg at starte Firefox. Den startede i 8-10 udgaver, som var de sidste jeg havde forsøgt at køre, men som jeg havde måttet lukke via ctrl+alt+delete. Igen kunne jeg kun lukke alle disse udgaver (der alle var “døde”) via ctrl+alt+delete.

Resultatet af “fixet” er her:

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3308902097-1983653174-2394158349-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Folder 12/05/30 18:22:00 | 000,000,000 |—-D | M] (Productivity 3.1 Community Toolbar)—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\gajii9qc.default\\extensions\\{9427041a-a8dc-4d06-9a68-93873486e957}\ not found.
Prefs.js: “Productivity 3.1 Customized Web Search” removed from browser.search.defaultthis.engineName
Prefs.js: “http://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=3&q={searchTerms}” removed from browser.search.defaulturl
Prefs.js: “Blekko” removed from browser.search.order.1
Prefs.js: “http://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=2&q=” removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9427041a-a8dc-4d06-9a68-93873486e957}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9427041a-a8dc-4d06-9a68-93873486e957}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9384bd4c-dd14-4be9-80f7-f6277511e4f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9427041a-a8dc-4d06-9a68-93873486e957} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9427041a-a8dc-4d06-9a68-93873486e957}\ not found.
========== FILES ==========
<  ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev t›mt.
C:\Users\Kaj Andersen\Desktop\cmd.bat deleted successfully.
C:\Users\Kaj Andersen\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kaj Andersen
->Temp folder emptied: 11533127 bytes
->Temporary Internet Files folder emptied: 68395843 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 88860883 bytes
->Flash cache emptied: 2584 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LogMeInRemoteUser.KajAndersens-Pc
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 126958744 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50182 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 282,00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07082012_211239

Files\Folders moved on Reboot…
C:\Users\Kaj Andersen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-4112.log moved successfully.

PendingFileRenameOperations files…
File C:\Users\Kaj Andersen\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/07/08 21:16:53 | 000,000,000 |——| M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-4112.log not found!

Registry entries deleted on Reboot…

Jeg ville afinstallere og geninstallere Firefox i håb om at det ville løse problemet. Men jeg får besked på at jeg skal lukke Firefox. Jeg kan ikke se, at den kører, heller ikke hvis jeg igen forsøger med ctrl+alt+del. Hvordan klarer man den situation?

Hvis du geninstallerer Firefox, skal du sikre dig at C:\Users\Kaj Andersen\AppData\Roaming\mozilla\Firefox\ er slettet.

Ellers hjælper det næppe.

Huskede du at deaktivere Avast og Online Armor inden du kørte “Fixet”

Geninstallering af Firefox: Jeg kan ikke finde den fil, som du skriver om. Under “Brugere” har jeg søgt på “Roaming” og fandt 3 mapper, men ingen havde noget med Firefox (eller dets moderselskab) at gøre. Men jeg kan jo i det hele taget ikke afinstallere Firefox, fordi den hævder at den er åben.

Running af Fix’et: Nej, jeg må indrømme, at jeg ikke kunne finde ud af at deaktivere Avast. Online Armor kunne jeg deaktivere punkt for punkt. Nu har jeg downloaded og nærlæst manualen til Avast, så nu kan jeg deaktivere. Det har jeg gjort og derefter kørt Fixet igen. Den skannede slet ikke men forlangte genstart. Det mundede ud i en rapport, som helt sikkert er forkert. Men her er den

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3308902097-1983653174-2394158349-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Folder 12/05/30 18:22:00 | 000,000,000 |—-D | M] (Productivity 3.1 Community Toolbar)—C:\\Users\\Kaj Andersen\\AppData\\Roaming\\mozilla\\Firefox\\Profiles\\gajii9qc.default\\extensions\\{9427041a-a8dc-4d06-9a68-93873486e957}\ not found.
Prefs.js: “Productivity 3.1 Customized Web Search” removed from browser.search.defaultthis.engineName
Prefs.js: “http://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=3&q={searchTerms}” removed from browser.search.defaulturl
Prefs.js: “Blekko” removed from browser.search.order.1
Prefs.js: “http://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=2&q=” removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9427041a-a8dc-4d06-9a68-93873486e957}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9427041a-a8dc-4d06-9a68-93873486e957}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9384bd4c-dd14-4be9-80f7-f6277511e4f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9427041a-a8dc-4d06-9a68-93873486e957} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9427041a-a8dc-4d06-9a68-93873486e957}\ not found.
========== FILES ==========
<  ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev t›mt.
C:\Users\Kaj Andersen\Desktop\cmd.bat deleted successfully.
C:\Users\Kaj Andersen\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kaj Andersen
->Temp folder emptied: 1935 bytes
->Temporary Internet Files folder emptied: 1289745 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LogMeInRemoteUser.KajAndersens-Pc
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5695 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49554 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07092012_122740

Files\Folders moved on Reboot…
C:\Users\Kaj Andersen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2064.log moved successfully.

PendingFileRenameOperations files…
File C:\Users\Kaj Andersen\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2064.log not found!

Registry entries deleted on Reboot…

Har du prøvet at genstarte PCen, og derefter afinstallere Firefox

Det hjalp. Nu fik jeg afinstalleret og geninstalleret Firefox og alting kører som før. Og jeg har lært at være 200% opmærksom på “vedhæftede” programmer. Tusind tak for hjælpen. Jeg smutter lige om ad kaffekassen.

Nej stop. Der er stadig problemer. Når jeg i Firefox har skiftet mellem et par sider låser hele skærmen, og jeg kan hverken komme videre eller lukke for Firefox. Mens jeg skrev dette i IE overtog Firefox pludselig, IE lukkede og Firefox var startet op igen. Der lå den melding som jeg har vedhæftet. Jeg undersøger lidt videre, og vender tilbage, men det er vist for tidligt at lukke alligevel.

Der er kommet noget nyt på skærmen. Allerøverst står Mozilla Firefox (Privat browsing). Jeg mener ikke, at der plejer at stå Privat browsing.
Jeg har igen forsøgt at finde den fil, som du skrev at jeg skulle slette. C:\Users\Kaj Andersen\AppData\Roaming\mozilla\Firefox\. Det stopper allerede ved C:\Users\Kaj Andersen\AppData. Jeg kan ikke finde AppData. Derfor har jeg under Brugere søgt på “Roaming” og finder tre mapper, som alle er noget med “Media Center Program Microsoft”. Jeg prøvede at undersøge indholdet, men først meldte de alle at de var tomme, men i under-undermapper lå der filer, som ikke havde noget med Mozilla aller Firefox at gøre. Er jeg måske afskåret fra at se ALLE mapper?

kajandersen - 10.07.2012 06:34:48

Jeg har igen forsøgt at finde den fil, som du skrev at jeg skulle slette. C:\Users\Kaj Andersen\AppData\Roaming\mozilla\Firefox\.

Det er ikke en fil, men en mappe

Er jeg måske afskåret fra at se ALLE mapper?

http://windows.microsoft.com/da-dk/windows7/Show-hidden-files

Nu tror jeg endelig at det lykkedes. Jeg fandt frem til mappen, kunne ikke afinstallere fordi Firefox var åben, hvilket den ikke var. Men nu kendte jeg efterhånden metodikken og fik lukket Firefox og slettet den omtalte mappe. Med diverse genstarter og geninstalleringer af Firefox ser det ud til, at det endelig er lykkedes. Firefox kører og jeg kan skifte rundt mellem sider og internt i sider, uden at skærmen “fryser fast”.

Jeg tror på det nu, men kan du vente en uges tid med at lukke tråden? Jeg skal nok komme med et indlæg om en uge.

Der var jeg alligevel for hurtig. Nu fryser Firefox allerede fast igen. Og i Stifinder kan jeg se, at mappen Roaming/Firefox er vendt tilbage. Øv. Er der noget at gøre, eller må jeg undvære Firefox?