Hej Daniel og velkommen                

Lad os kigge nærmere på tingene…....

Download OTL af Oldtimer, gem den på dit skrivebord: http://oldtimer.geekstogo.com/OTL.exe

Luk alle åbne vinduer. Klik på OTL ikonet (for Vista/win7, skal du højreklikke på ikonet og Kør som Administrator) for at starte programmet.
Når vinduet vises, under Output i toppen skift til Minimal Output.
Marker felterne ud for LOP check og Purity Check.
• 

I Custom Scan boxen, kopierer du nedestående ind

netsvcs
drivers32
msconfig
@
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
/md5stop
%SYSTEMDRIVE%\*.*
%SYSTEMDRIVE%\*.
%CREATERESTOREPOINT

Klik så på Quick Scan.
• 

Det vil give to (2) logfiler på skrivebordet, en kaldet OTL.txt, den anden vil blive navngivet Extras.txt.
Husk, hvor du har gemt disse 2 filer.

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.

Dette er OTL.Txt

OTL logfile created on: 16-08-2012 14:39:14 - Run 1
OTL by OldTimer - Version 3.2.57.0   Folder = C:\Users\Bo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

3,90 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 67,07% Memory free
7,81 Gb Paging File | 6,42 Gb Available in Paging File | 82,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 55,98 Gb Free Space | 46,98% Space Free | Partition Type: NTFS

Computer Name: BO-PC | User Name: Bo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Bo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Bo\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programmer\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe (BullGuard Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\Bo\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Users\Bo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Users\Bo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)


========== Modules (No Company Name) ==========

MOD - C:\Users\Bo\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Users\Bo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Programmer\BullGuard Ltd\BullGuard\Files32\SQLite.dll ()


========== Win32 Services (SafeList) ==========

SRV - (BsFire)—C:\Programmer\BullGuard Ltd\BullGuard\BsFire.dll (BullGuard Ltd.)
SRV - (BsMailProxy)—C:\Programmer\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll (BullGuard Ltd.)
SRV - (BsMain)—C:\Programmer\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.)
SRV - (AdobeFlashPlayerUpdateSvc)—C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice)—C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate)—C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service)—C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (BsUpdate)—C:\Programmer\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.)
SRV - (BsBhvScan)—C:\Programmer\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe (BullGuard Ltd.)
SRV - (BsFileScan)—C:\Programmer\BullGuard Ltd\BullGuard\BsFileScan.dll (BullGuard Ltd.)
SRV - (BsScanner)—C:\Programmer\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)
SRV - (BsBackup)—C:\Programmer\BullGuard Ltd\BullGuard\BsBackup.dll (BullGuard Ltd.)
SRV - (cphs)—C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (BBUpdate)—C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc)—C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (Atheros Bt&Wlan; Coex Agent)—C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc)—C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32)—C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32)—C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (BdSpy)—C:\Windows\SysNative\drivers\BdSpy.sys (BullGuard Ltd.)
DRV:64bit: - (Trufos)—C:\Windows\SysNative\drivers\Trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (NovaShieldFilterDriver)—C:\Windows\SysNative\drivers\NSKernel.sys (NovaShield, Inc.)
DRV:64bit: - (NovaShieldTDIDriver)—C:\Windows\SysNative\drivers\NSNetmon.sys (NovaShield, Inc.)
DRV:64bit: - (afwcore)—C:\Windows\SysNative\drivers\afwcore.sys (Agnitum Ltd.)
DRV:64bit: - (afw)—C:\Windows\SysNative\drivers\afw.sys (Agnitum Ltd.)
DRV:64bit: - (Netaapl)—C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (igfx)—C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec)—C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64)—C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (athr)—C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (FLxHCIc)—C:\Windows\SysNative\drivers\FLxHCIc.sys (Fresco Logic)
DRV:64bit: - (FLxHCIh)—C:\Windows\SysNative\drivers\FLxHCIh.sys (Fresco Logic)
DRV:64bit: - (AiCharger)—C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (BtFilter)—C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_RCP)—C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT)—C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_HCRP)—C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (AthBTPort)—C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS)—C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (btath_avdt)—C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP)—C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (RSUSBVSTOR)—C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata)—C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata)—C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (AX88772B)—C:\Windows\SysNative\drivers\ax88772b.sys (ASIX Electronics Corp.)
DRV:64bit: - (TsUsbFlt)—C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD)—C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD)—C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64)—C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs)—C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2)—C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor)—C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv)—C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv)—C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a)—C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir)—C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr)—C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (AiCharger)—C:\Windows\SysWOW64\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV - (WIMMount)—C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.dk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da-DK
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 72 7B 21 CF DD CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://search.babylon.com/?q={searchTerms}&AF=108921&babsrc=SP_ss&mntrId=f20fab7e000000000000742f68cd5778
IE - HKCU\..\SearchScopes\{13C6E6AC-C9A5-488A-BD8A-67D3C47834D3}: “URL” = http://searchya.com/?chnl=dcom-100&s=1&cr=1914153524&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDtAtByE&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Bo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bo\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bo\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\ [2012-08-15 20:43:26 | 000,000,000 |—-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin [2012-08-15 20:43:22 | 000,000,000 |—-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter [2012-08-15 20:43:06 | 000,000,000 |—-D | M]

[2012-03-24 17:22:17 | 000,000,000 |—-D | M] (No name found)—C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie;={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl;={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bo\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bo\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bo\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bo\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Bo\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Bo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-s\u00F8gning = C:\Users\Bo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Bo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 |——| M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe (BullGuard Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Bo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\Bo\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Bo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\Bo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xport; to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport; to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programmer\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: PokerStars.dk - {15105F6B-80FF-40d3-B239-AEC9E0E93ACD} - C:\Program Files (x86)\PokerStars.DK\PokerStarsUpdate.exe File not found
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programmer\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra ‘Tools’ menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Windows\SysNative\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\SysWow64\BGLsp.dll (BullGuard Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.10.10.5 212.10.10.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12F13175-8744-43E7-A088-7AC33E35E07D}: DhcpNameServer = 212.10.10.5 212.10.10.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26B3943F-CCE8-4FB0-BF44-0D9FA8776CBE}: DhcpNameServer = 194.239.134.83 193.162.153.164
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C61DCDD-D0A2-48F9-971B-A675E15A8925}: DhcpNameServer = 212.10.10.5 212.10.10.4
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\SysNative\BgGamingMonitor.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\SysWow64\BgGamingMonitor.dll (BullGuard Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2eab4318-cfed-11e1-94d9-742f68cdf2f7}\Shell - “” = AutoRun
O33 - MountPoints2\{2eab4318-cfed-11e1-94d9-742f68cdf2f7}\Shell\AutoRun\command - “” = E:\AutoRun.exe
O33 - MountPoints2\{2eab4325-cfed-11e1-94d9-742f68cdf2f7}\Shell - “” = AutoRun
O33 - MountPoints2\{2eab4325-cfed-11e1-94d9-742f68cdf2f7}\Shell\AutoRun\command - “” = E:\AutoRun.exe
O33 - MountPoints2\{7462f5e0-853c-11e1-a897-742f68cd5778}\Shell - “” = AutoRun
O33 - MountPoints2\{7462f5e0-853c-11e1-a897-742f68cd5778}\Shell\AutoRun\command - “” = D:\AutoRun.exe
O33 - MountPoints2\{7462f5f6-853c-11e1-a897-742f68cd5778}\Shell - “” = AutoRun
O33 - MountPoints2\{7462f5f6-853c-11e1-a897-742f68cd5778}\Shell\AutoRun\command - “” = D:\AutoRun.exe
O33 - MountPoints2\{7462f629-853c-11e1-a897-742f68cdf2f7}\Shell - “” = AutoRun
O33 - MountPoints2\{7462f629-853c-11e1-a897-742f68cdf2f7}\Shell\AutoRun\command - “” = D:\AutoRun.exe
O33 - MountPoints2\{7acfa4f4-d038-11e1-9691-742f68cd5778}\Shell - “” = AutoRun
O33 - MountPoints2\{7acfa4f4-d038-11e1-9691-742f68cd5778}\Shell\AutoRun\command - “” = E:\AutoRun.exe
O33 - MountPoints2\{7acfa532-d038-11e1-9691-742f68cdf2f7}\Shell - “” = AutoRun
O33 - MountPoints2\{7acfa532-d038-11e1-9691-742f68cdf2f7}\Shell\AutoRun\command - “” = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open]—“%1” %*
O35:64bit: - HKLM\..exefile [open]—“%1” %*
O35 - HKLM\..comfile [open]—“%1” %*
O35 - HKLM\..exefile [open]—“%1” %*
O37:64bit: - HKLM\...com [@ = comfile]—“%1” %*
O37:64bit: - HKLM\...exe [@ = exefile]—“%1” %*
O37 - HKLM\...com [@ = comfile]—“%1” %*
O37 - HKLM\...exe [@ = exefile]—“%1” %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)


%CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-08-16 14:28:29 | 000,596,992 |——| C] (OldTimer Tools)—C:\Users\Bo\Desktop\OTL.exe
[2012-08-15 22:38:51 | 000,000,000 |—-D | C]—C:\Users\Bo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012-08-15 22:32:45 | 000,000,000 |—-D | C]—C:\Users\Bo\AppData\Local\Google
[2012-08-15 21:56:21 | 000,000,000 |—-D | C]—C:\Users\Bo\AppData\Roaming\Skype
[2012-08-15 21:56:13 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012-08-15 21:56:13 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Common Files\Skype
[2012-08-15 21:56:12 | 000,000,000 | R—D | C]—C:\Program Files (x86)\Skype
[2012-08-15 21:56:07 | 000,000,000 |—-D | C]—C:\ProgramData\Skype
[2012-08-15 20:45:36 | 000,063,840 |——| C] (BullGuard Ltd.)—C:\Windows\SysNative\BGLsp.dll
[2012-08-15 20:45:36 | 000,054,624 |——| C] (BullGuard Ltd.)—C:\Windows\SysWow64\BGLsp.dll
[2012-08-15 20:43:31 | 000,000,000 |—-D | C]—C:\Users\Bo\AppData\Roaming\BullGuard
[2012-08-15 20:43:28 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
[2012-08-15 20:42:49 | 000,000,000 |—-D | C]—C:\ProgramData\BullGuard
[2012-08-15 20:42:48 | 000,000,000 |—-D | C]—C:\Program Files\Common Files\BullGuard Ltd
[2012-08-15 20:42:46 | 000,000,000 |—-D | C]—C:\Program Files\BullGuard Ltd
[2012-08-04 17:20:32 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Common Files\Apple
[2012-07-29 23:16:18 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Microsoft
[2012-07-17 19:59:10 | 000,000,000 |—-D | C]—C:\ProgramData\Mobile Partner
[2012-07-17 19:49:56 | 000,000,000 |—-D | C]—C:\ProgramData\DatacardService

========== Files - Modified Within 30 Days ==========

[2012-08-16 14:30:20 | 000,025,872 | -H—| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-08-16 14:30:20 | 000,025,872 | -H—| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-08-16 14:28:31 | 000,596,992 |——| M] (OldTimer Tools)—C:\Users\Bo\Desktop\OTL.exe
[2012-08-16 14:27:35 | 001,264,910 |——| M] ()—C:\Windows\SysNative\PerfStringBackup.INI
[2012-08-16 14:27:35 | 000,616,182 |——| M] ()—C:\Windows\SysNative\perfh009.dat
[2012-08-16 14:27:35 | 000,470,498 |——| M] ()—C:\Windows\SysNative\perfh006.dat
[2012-08-16 14:27:35 | 000,106,562 |——| M] ()—C:\Windows\SysNative\perfc009.dat
[2012-08-16 14:27:35 | 000,080,100 |——| M] ()—C:\Windows\SysNative\perfc006.dat
[2012-08-16 14:23:15 | 000,067,584 |—S- | M] ()—C:\Windows\bootstat.dat
[2012-08-16 14:23:12 | 3144,675,328 | -HS- | M] ()—C:\hiberfil.sys
[2012-08-15 22:42:28 | 000,000,878 |——| M] ()—C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-538675310-1879635526-2279202838-1000Core1cd7b267c229dbb.job
[2012-08-15 22:38:56 | 000,002,358 |——| M] ()—C:\Users\Bo\Desktop\Google Chrome.lnk
[2012-08-15 22:12:00 | 000,000,830 |——| M] ()—C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-08-15 21:56:13 | 000,002,513 |——| M] ()—C:\Users\Public\Desktop\Skype.lnk
[2012-08-15 20:45:19 | 000,063,840 |——| M] (BullGuard Ltd.)—C:\Windows\SysNative\BGLsp.dll
[2012-08-15 20:45:19 | 000,054,624 |——| M] (BullGuard Ltd.)—C:\Windows\SysWow64\BGLsp.dll
[2012-08-15 20:10:25 | 000,294,560 |——| M] ()—C:\Windows\SysNative\FNTCACHE.DAT
[2012-08-15 19:41:48 | 000,000,636 | RHS- | M] ()—C:\Users\Bo\ntuser.pol
[2012-08-15 14:19:12 | 000,001,912 |——| M] ()—C:\Windows\epplauncher.mif
[2012-08-04 17:24:37 | 000,000,000 | -H—| M] ()—C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2012-07-29 23:33:54 | 001,291,534 |——| M] ()—C:\Windows\SysWow64\PerfStringBackup.INI
[2012-07-17 19:59:48 | 000,000,000 | -H—| M] ()—C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2012-07-17 19:58:58 | 000,000,000 | -H—| M] ()—C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf

========== Files Created - No Company Name ==========

[2012-08-15 22:42:28 | 000,000,878 |——| C] ()—C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-538675310-1879635526-2279202838-1000Core1cd7b267c229dbb.job
[2012-08-15 22:38:56 | 000,002,358 |——| C] ()—C:\Users\Bo\Desktop\Google Chrome.lnk
[2012-08-15 21:56:13 | 000,002,513 |——| C] ()—C:\Users\Public\Desktop\Skype.lnk
[2012-08-15 19:41:36 | 000,000,636 | RHS- | C] ()—C:\Users\Bo\ntuser.pol
[2012-08-04 17:24:37 | 000,000,000 | -H—| C] ()—C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2012-07-29 23:34:07 | 000,001,912 |——| C] ()—C:\Windows\epplauncher.mif
[2012-07-29 23:33:54 | 001,291,534 |——| C] ()—C:\Windows\SysWow64\PerfStringBackup.INI
[2012-07-17 19:59:48 | 000,000,000 | -H—| C] ()—C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2012-07-17 19:58:58 | 000,000,000 | -H—| C] ()—C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012-07-15 18:51:04 | 000,000,001 |——| C] ()—C:\Users\Bo\temp.dat
[2012-05-08 10:31:28 | 000,000,198 |——| C] ()—C:\Users\Bo\AppData\Roaming\burnaware.ini
[2012-03-19 23:25:58 | 000,058,880 |——| C] ()—C:\Windows\SysWow64\igdde32.dll
[2012-03-19 22:21:14 | 013,212,672 |——| C] ()—C:\Windows\SysWow64\ig4icd32.dll
[2012-02-14 18:47:06 | 000,963,912 |——| C] ()—C:\Windows\SysWow64\igkrng600.bin
[2012-02-14 18:47:06 | 000,261,208 |——| C] ()—C:\Windows\SysWow64\igfcg600m.bin
[2011-08-31 20:51:16 | 000,145,804 |——| C] ()—C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2012-01-29 14:46:24 | 000,000,000 |—-D | M]—C:\Users\Bo\AppData\Roaming\Babylon
[2012-08-15 20:56:16 | 000,000,000 |—-D | M]—C:\Users\Bo\AppData\Roaming\BullGuard
[2012-02-06 18:42:57 | 000,000,000 |—-D | M]—C:\Users\Bo\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012-03-24 17:25:13 | 000,000,000 |—-D | M]—C:\Users\Bo\AppData\Roaming\DAEMON Tools Lite
[2012-08-16 14:28:21 | 000,000,000 |—-D | M]—C:\Users\Bo\AppData\Roaming\Spotify
[2012-08-15 13:47:20 | 000,000,000 |—-D | M]—C:\Users\Bo\AppData\Roaming\uTorrent
[2012-02-14 13:32:01 | 000,000,894 |——| M] ()—C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-538675310-1879635526-2279202838-1000Core.job
[2012-07-11 23:18:34 | 000,000,928 |——| M] ()—C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-538675310-1879635526-2279202838-1000Core1cd5faabad86f49.job
[2012-05-07 20:51:34 | 000,032,554 |——| M] ()—C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< @  >

< %SYSTEMDRIVE%\*. >
[2012-08-15 19:42:17 | 000,000,000 | -HSD | M]—C:\$Recycle.Bin
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M]—C:\Documents and Settings
[2012-01-28 15:48:52 | 000,000,000 |—-D | M]—C:\Intel
[2009-07-14 05:20:08 | 000,000,000 |—-D | M]—C:\PerfLogs
[2012-08-15 20:42:46 | 000,000,000 | R—D | M]—C:\Program Files
[2012-08-15 21:56:12 | 000,000,000 |—-D | M]—C:\Program Files (x86)
[2012-08-15 21:56:07 | 000,000,000 | -H-D | M]—C:\ProgramData
[2012-01-28 15:41:03 | 000,000,000 | -HSD | M]—C:\Programmer
[2012-01-28 15:41:03 | 000,000,000 | -HSD | M]—C:\Recovery
[2012-08-16 14:41:39 | 000,000,000 | -HSD | M]—C:\System Volume Information
[2012-08-15 19:42:14 | 000,000,000 | R—D | M]—C:\Users
[2012-08-15 20:15:20 | 000,000,000 |—-D | M]—C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< /md5stop >
Invalid Switch: md5stop

< %SYSTEMDRIVE%\*.* >
[2012-08-16 14:23:12 | 3144,675,328 | -HS- | M] ()—C:\hiberfil.sys
[2012-08-16 14:23:13 | 4192,903,168 | -HS- | M] ()—C:\pagefile.sys
[2012-03-24 17:22:27 | 000,001,550 |——| M] ()—C:\user.js

< %SYSTEMDRIVE%\*. >
[2012-08-15 19:42:17 | 000,000,000 | -HSD | M]—C:\$Recycle.Bin
[2009-07-14 07:08:56 | 000,000,000 | -HSD | M]—C:\Documents and Settings
[2012-01-28 15:48:52 | 000,000,000 |—-D | M]—C:\Intel
[2009-07-14 05:20:08 | 000,000,000 |—-D | M]—C:\PerfLogs
[2012-08-15 20:42:46 | 000,000,000 | R—D | M]—C:\Program Files
[2012-08-15 21:56:12 | 000,000,000 |—-D | M]—C:\Program Files (x86)
[2012-08-15 21:56:07 | 000,000,000 | -H-D | M]—C:\ProgramData
[2012-01-28 15:41:03 | 000,000,000 | -HSD | M]—C:\Programmer
[2012-01-28 15:41:03 | 000,000,000 | -HSD | M]—C:\Recovery
[2012-08-16 14:41:39 | 000,000,000 | -HSD | M]—C:\System Volume Information
[2012-08-15 19:42:14 | 000,000,000 | R—D | M]—C:\Users
[2012-08-15 20:15:20 | 000,000,000 |—-D | M]—C:\Windows

< End of report >

Dette er Extras.Txt

OTL Extras logfile created on: 16-08-2012 14:39:14 - Run 1
OTL by OldTimer - Version 3.2.57.0   Folder = C:\Users\Bo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

3,90 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 67,07% Memory free
7,81 Gb Paging File | 6,42 Gb Available in Paging File | 82,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 55,98 Gb Free Space | 46,98% Space Free | Partition Type: NTFS

Computer Name: BO-PC | User Name: Bo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut]—C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile]—C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open]—“%1” %*
cmdfile [open]—“%1” %*
comfile [open]—“%1” %*
exefile [open]—“%1” %*
helpfile [open]—Reg Error: Key error.
htmlfile [edit]—Reg Error: Key error.
htmlfile [print]—rundll32.exe %windir%\system32\mshtml.dll,PrintHTML “%1”
inffile [install]—%SystemRoot%\System32\InfDefaultInstall.exe “%1” (Microsoft Corporation)
InternetShortcut [open]—“C:\Windows\System32\rundll32.exe” “C:\Windows\System32\ieframe.dll”,OpenURL %l (Microsoft Corporation)
InternetShortcut [print]—“C:\Windows\System32\rundll32.exe” “C:\Windows\System32\mshtml.dll”,PrintHTML “%1” (Microsoft Corporation)
piffile [open]—“%1” %*
regfile [merge]—Reg Error: Key error.
scrfile [config]—“%1”
scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open]—“%1” /S
txtfile [edit]—Reg Error: Key error.
Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC]—“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”—started-from-file—playlist-enqueue “%1” ()
Directory [cmd]—cmd.exe /s /k pushd “%V” (Microsoft Corporation)
Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC]—“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”—started-from-file—no-playlist-enqueue “%1” ()
Folder [open]—%SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore]—Reg Error: Value error.
Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open]—“%1” %*
cmdfile [open]—“%1” %*
comfile [open]—“%1” %*
cplfile [cplopen]—%SystemRoot%\System32\control.exe “%1”,%* (Microsoft Corporation)
exefile [open]—“%1” %*
helpfile [open]—Reg Error: Key error.
htmlfile [edit]—Reg Error: Key error.
htmlfile [print]—rundll32.exe %windir%\system32\mshtml.dll,PrintHTML “%1”
inffile [install]—%SystemRoot%\System32\InfDefaultInstall.exe “%1” (Microsoft Corporation)
piffile [open]—“%1” %*
regfile [merge]—Reg Error: Key error.
scrfile [config]—“%1”
scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open]—“%1” /S
txtfile [edit]—Reg Error: Key error.
Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC]—“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”—started-from-file—playlist-enqueue “%1” ()
Directory [cmd]—cmd.exe /s /k pushd “%V” (Microsoft Corporation)
Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC]—“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”—started-from-file—no-playlist-enqueue “%1” ()
Folder [open]—%SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore]—Reg Error: Value error.
Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“cval” = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
“VistaSp1” = 28 4D B2 76 41 04 CA 01 [binary data]
“AntiVirusOverride” = 0
“AntiSpywareOverride” = 0
“FirewallOverride” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall” = 1
“DisableNotifications” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall” = 1
“DisableNotifications” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
“EnableFirewall” = 1
“DisableNotifications” = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
“{046B5C3D-F0FF-4595-A188-4A291C92D4BF}” = lport=137 | protocol=17 | dir=in | app=system |
“{18D7ED26-843F-4A62-B3D4-064DE22B0EF3}” = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
“{2790461D-8C0C-4195-9E7D-8CDD305DD645}” = lport=2869 | protocol=6 | dir=in | app=system |
“{283EEE17-4A73-428B-9A28-E733AB6F9641}” = rport=137 | protocol=17 | dir=out | app=system |
“{46ED3B33-B6B8-4F73-AECD-40C1AF3DC483}” = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
“{57903F54-EFB4-4B67-99E7-B32AA2FAB4F1}” = rport=10243 | protocol=6 | dir=out | app=system |
“{73418D84-D489-47A4-8DBE-5B07979FA038}” = lport=445 | protocol=6 | dir=in | app=system |
“{78325E93-C396-4742-8DBB-68E109950DDD}” = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
“{7E198727-EFE9-4B32-A446-B47EC4A69B97}” = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
“{889D857E-F8D6-4F07-AC24-291D2B56864A}” = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
“{961DE737-3AF8-4BC9-874E-1F3F3ADB3839}” = rport=138 | protocol=17 | dir=out | app=system |
“{A78F638D-E511-4B2B-9F63-198CE6318B22}” = rport=139 | protocol=6 | dir=out | app=system |
“{C2D22B0D-C08B-4C97-BA9F-3216AA50D100}” = lport=139 | protocol=6 | dir=in | app=system |
“{C88818D6-32C0-45EF-A030-5AE34BC5A156}” = lport=138 | protocol=17 | dir=in | app=system |
“{CEAF9294-CA69-4AB4-A6C6-40186491DF2A}” = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
“{D02E29B5-8507-4643-98C7-B885866E7E61}” = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
“{DDD53A0C-CDF7-43CD-9543-5247587092EB}” = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
“{E1A30AF9-FA0A-4532-A394-519AF11E5F67}” = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
“{F13FC737-897A-4C36-8C79-E77FE061D739}” = rport=445 | protocol=6 | dir=out | app=system |
“{F3717DB7-1F31-4A3E-ABFA-C54BE06793A1}” = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
“{F53869E4-0F5D-4C5E-B6AD-DC00D035BD56}” = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
“{043F2091-A9A8-4A3F-9666-9C2A1230A465}” = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
“{111AC39E-C920-45A5-AF43-6C7F2EFB1E78}” = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
“{15C57468-031C-4E84-A0A7-7F6709298490}” = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
“{233AB9F1-4D45-4C75-9359-4D9FFC336140}” = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
“{3BAE15D4-9B1D-43F9-A11E-6C0F502AEADE}” = dir=in | app=c:\users\bo\appdata\local\facebook\video\skype\facebookvideocalling.exe |
“{3D70E543-A1BA-48BC-A639-E4AE6912E461}” = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
“{40A5C825-D4C1-4DA0-9AC1-39E85069FE20}” = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
“{4F0BC2D2-9B20-4C7F-9C86-4C3BBC3DD011}” = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
“{60178D0A-824A-456E-860A-12CD48792484}” = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
“{62FA08B6-3019-474E-96E9-BE14FEC86A7B}” = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
“{6C746336-CBEA-4110-877F-DEFF0F3A4FBB}” = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
“{9453CFA8-562C-4714-838D-135319CA20C6}” = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
“{B712528B-34B5-486A-81CF-5E37DA370477}” = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
“{BDAE11A8-FD0B-4D50-B3BF-14071710BA0A}” = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
“{D122DC3C-BCE4-483D-8ECF-4433C4324E89}” = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
“{DC407128-0060-48E9-8630-5CE8C2B97057}” = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
“{E99DEF2D-C692-4F5A-BEDC-8A46C663532C}” = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
“{EB4E3769-426D-467D-B8AF-55D92B218D3D}” = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
“{F579D08B-0243-4789-A48B-D72576BDB817}” = protocol=6 | dir=out | app=system |
“{F5D57834-66CD-45C4-80B4-18130CC687DD}” = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
“{FED3B4DE-FA0D-488D-85E0-482AA1573A25}” = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
“TCP Query User{739E7C1E-2A97-4103-A821-5867DBFD2744}C:\users\bo\appdata\roaming\spotify\spotify.exe” = protocol=6 | dir=in | app=c:\users\bo\appdata\roaming\spotify\spotify.exe |
“TCP Query User{874637B3-BBBE-4B7C-B243-9D5BEC780B9E}C:\program files (x86)\utorrent\utorrent.exe” = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
“TCP Query User{995390F1-9CE3-4BF7-A4D3-9C30D0266DF3}C:\program files (x86)\utorrent\utorrent.exe” = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
“TCP Query User{C503B6AB-C97F-413C-B26C-B65A8E60D15D}C:\users\bo\appdata\roaming\spotify\spotify.exe” = protocol=6 | dir=in | app=c:\users\bo\appdata\roaming\spotify\spotify.exe |
“UDP Query User{028DE6EF-502D-45A3-8662-03F0B187976D}C:\users\bo\appdata\roaming\spotify\spotify.exe” = protocol=17 | dir=in | app=c:\users\bo\appdata\roaming\spotify\spotify.exe |
“UDP Query User{93074256-78E3-4BC2-A97D-DC010FA6CE99}C:\users\bo\appdata\roaming\spotify\spotify.exe” = protocol=17 | dir=in | app=c:\users\bo\appdata\roaming\spotify\spotify.exe |
“UDP Query User{A9087F9B-3EA6-49E8-BE05-0F5BE3AF2548}C:\program files (x86)\utorrent\utorrent.exe” = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
“UDP Query User{DC80CCEF-F956-4661-B98D-6A631C172FCD}C:\program files (x86)\utorrent\utorrent.exe” = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{230D1595-57DA-4933-8C4E-375797EBB7E1}” = Bluetooth Win7 Suite (64)
“{6B006967-779B-49DB-BFCF-3DB3BDD2C7F7}” = Fresco Logic USB3.0 Host Controller
“{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}” = Microsoft .NET Framework 4 Client Profile
“{F83E9BF0-B8D8-3D68-9E07-7505290C2202}” = Microsoft .NET Framework 4 Client Profile DAN Language Pack
“BullGuard” = BullGuard
“Microsoft .NET Framework 4 Client Profile” = Microsoft .NET Framework 4 Client Profile
“Microsoft .NET Framework 4 Client Profile DAN Language Pack” = Microsoft .NET Framework 4 Client Profile DAN sprogpakke
“WinRAR archiver” = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{16793295-2366-40F7-A045-A3E42A81365E}” = Bing Bar
“{26A24AE4-039D-4CA4-87B4-2F83216031FF}” = Java(TM) 6 Update 31
“{47FA2C44-D148-4DBC-AF60-B91934AA4842}” = Adobe AIR
“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
“{57220148-3B2B-412A-A2E0-82B9DF423696}” = Windows Live Mesh ActiveX-objekt til fjernforbindelser
“{612C34C7-5E90-47D8-9B5C-0F717DD82726}” = swMSM
“{62BBB2F0-E220-4821-A564-730807D2C34D}” = Realtek USB 2.0 Reader Driver
“{7CAC6A44-C3DE-4153-ACA6-7524602C789E}” = Facebook Video Calling 1.2.0.159
“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
“{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}” = ASUS USB Charger Plus
“{AC76BA86-7AD7-1030-7B44-AA1000000001}” = Adobe Reader X (10.1.4) - Dansk
“{B6CF2967-C81E-40C0-9815-C05774FEF120}” = Skype Click to Call
“{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}” = Skype™ 5.10
“{FB697452-8CA4-46B4-98B1-165C922A2EF3}” = Update Manager for SweetPacks 1.0
“Adobe AIR” = Adobe AIR
“Adobe Flash Player ActiveX” = Adobe Flash Player 11 ActiveX
“Adobe Flash Player Plugin” = Adobe Flash Player 11 Plugin
“Adobe Shockwave Player” = Adobe Shockwave Player 11.6
“BurnAware Free_is1” = BurnAware Free 4.9
“ExpressBurn” = Express Burn Disc Burning Software
“VLC media player” = VLC media player 1.1.11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“Google Chrome” = Google Chrome
“Spotify” = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15-08-2012 14:17:55 | Computer Name = Bo-Pc | Source = WinMgmt | ID = 10
Description =

Error - 15-08-2012 14:32:33 | Computer Name = Bo-Pc | Source = WinMgmt | ID = 10
Description =

Error - 15-08-2012 14:53:07 | Computer Name = Bo-Pc | Source = WinMgmt | ID = 10
Description =

Error - 16-08-2012 01:01:59 | Computer Name = Bo-Pc | Source = WinMgmt | ID = 10
Description =

Error - 16-08-2012 01:28:28 | Computer Name = Bo-Pc | Source = WinMgmt | ID = 10
Description =

Error - 16-08-2012 03:38:13 | Computer Name = Bo-Pc | Source = Google Update | ID = 20
Description =

Error - 16-08-2012 03:39:58 | Computer Name = Bo-Pc | Source = WinMgmt | ID = 10
Description =

Error - 16-08-2012 05:16:12 | Computer Name = Bo-Pc | Source = Google Update | ID = 20
Description =

Error - 16-08-2012 05:17:45 | Computer Name = Bo-Pc | Source = WinMgmt | ID = 10
Description =

Error - 16-08-2012 08:25:09 | Computer Name = Bo-Pc | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 25-07-2012 11:01:25 | Computer Name = Bo-Pc | Source = Service Control Manager | ID = 7003
Description = Tjenesten IKE- og AuthIP IPsec-nøglemoduler afhænger af følgende tjeneste:
BFE. Tjenesten er muligvis ikke installeret.

Error - 25-07-2012 11:01:25 | Computer Name = Bo-Pc | Source = Service Control Manager | ID = 7003
Description = Tjenesten IPsec Policy Agent afhænger af følgende tjeneste: BFE. Tjenesten
er muligvis ikke installeret.

Error - 25-07-2012 11:01:34 | Computer Name = Bo-Pc | Source = Service Control Manager | ID = 7024
Description = Tjenesten Lyttefunktion til hjemmegruppe blev afbrudt med den tjenestespecifikke
fejl %%-2147023143.

Error - 25-07-2012 11:27:09 | Computer Name = Bo-Pc | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  `

Error - 25-07-2012 11:27:09 | Computer Name = Bo-Pc | Source = Service Control Manager | ID = 7003
Description = Tjenesten IKE- og AuthIP IPsec-nøglemoduler afhænger af følgende tjeneste:
BFE. Tjenesten er muligvis ikke installeret.

Error - 25-07-2012 11:27:09 | Computer Name = Bo-Pc | Source = Service Control Manager | ID = 7003
Description = Tjenesten IPsec Policy Agent afhænger af følgende tjeneste: BFE. Tjenesten
er muligvis ikke installeret.

Error - 25-07-2012 14:01:53 | Computer Name = Bo-Pc | Source = Service Control Manager | ID = 7024
Description = Tjenesten Lyttefunktion til hjemmegruppe blev afbrudt med den tjenestespecifikke
fejl %%-2147023143.

Error - 26-07-2012 15:15:54 | Computer Name = Bo-Pc | Source = Service Control Manager | ID = 7023
Description = Tjenesten Computerbrowser blev afbrudt med følgende fejl:  `

Error - 26-07-2012 15:15:54 | Computer Name = Bo-Pc | Source = Service Control Manager | ID = 7003
Description = Tjenesten IKE- og AuthIP IPsec-nøglemoduler afhænger af følgende tjeneste:
BFE. Tjenesten er muligvis ikke installeret.

Error - 26-07-2012 15:15:54 | Computer Name = Bo-Pc | Source = Service Control Manager | ID = 7003
Description = Tjenesten IPsec Policy Agent afhænger af følgende tjeneste: BFE. Tjenesten
er muligvis ikke installeret.


< End of report >

•  Start OTL
•  Kopier nedenstånde med fed skrift ind i Custom Scan feltet

:Services
:OTL  
O4 - Startup: C:\Users\Bo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk =  File not found
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]

•  Klik på  Run Fix - Knappen
•  Hvis OTL spørger om at genstarte, så sig ja.
•  Klik på OK.
•  En log vil åbne, kopier den herind i dit næste svar.
• 
•  Ellers kan den findes her:
•    C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss

Hent Combofix, og gem den på dit skrivebord:
Her

NB -> Deaktiver dit antivirus/antispyware program. Da det/de kan ”forstyrre” og konflikte med combofix, eller fjerne vigtige combofix filer, hvilket kan få computeren til fryse.

Kør så combofix.exe, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan også findes her - > C: combofix txt

efter jeg kørte combofix og prøver at åbne loggerne så skriver den: Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning.

nu har jeg genstarten den og kan godt åbne loggerne nu og her er loggerne:-)

loggen fra OTL:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Users\Bo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev t›mt.
C:\Users\Bo\Desktop\cmd.bat deleted successfully.
C:\Users\Bo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Bo
->Temp folder emptied: 292675940 bytes
->Temporary Internet Files folder emptied: 4667073 bytes
->Java cache emptied: 3552539 bytes
->Google Chrome cache emptied: 12511392 bytes
->Flash cache emptied: 83283 bytes

User: Daniel-Laptop
->Temp folder emptied: 52053 bytes
->Temporary Internet Files folder emptied: 70464 bytes
->Flash cache emptied: 56466 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1509908 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50383 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 301,00 mb


[EMPTYFLASH]

User: All Users

User: Bo
->Flash cache emptied: 0 bytes

User: Daniel-Laptop
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Bo
->Java cache emptied: 0 bytes

User: Daniel-Laptop

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08172012_134949

Files\Folders moved on Reboot…
C:\Users\Bo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files…
File C:\Users\Bo\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot…

Loggen fra cobofix:

ComboFix 12-08-17.01 - Bo 17-08-2012 14:04:49.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.45.1030.18.3999.2595 [GMT 2:00]
Kører fra: c:\users\Bo\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-07-17 til 2012-08-17 )))))))))))))))))))))))))))))))))))
.
.
2012-08-17 12:07 . 2012-08-17 12:07   ————  d——-w-  c:\users\Default\AppData\Local\temp
2012-08-17 11:49 . 2012-08-17 11:49   ————  d——-w-  C:\_OTL
2012-08-17 08:28 . 2012-08-17 08:28   63840   ——a-w-  c:\windows\system32\BGLsp.dll
2012-08-17 08:28 . 2012-08-17 08:28   54624   ——a-w-  c:\windows\SysWow64\BGLsp.dll
2012-08-17 08:26 . 2012-08-17 08:26   ————  d——-w-  c:\program files\Common Files\BullGuard Ltd
2012-08-17 08:26 . 2012-08-17 08:26   ————  d——-w-  c:\program files\BullGuard Ltd
2012-08-16 18:19 . 2012-08-16 18:20   ————  d——-w-  c:\users\Bo\AppData\Roaming\.minecraft
2012-08-15 20:32 . 2012-08-15 20:38   ————  d——-w-  c:\users\Bo\AppData\Local\Google
2012-08-15 19:56 . 2012-08-17 12:02   ————  d——-w-  c:\users\Bo\AppData\Roaming\Skype
2012-08-15 19:56 . 2012-08-15 19:56   ————  d——-w-  c:\program files (x86)\Common Files\Skype
2012-08-15 19:56 . 2012-08-15 19:56   ————  d——-r-  c:\program files (x86)\Skype
2012-08-15 19:56 . 2012-08-15 19:56   ————  d——-w-  c:\programdata\Skype
2012-08-15 18:43 . 2012-08-15 18:56   ————  d——-w-  c:\users\Bo\AppData\Roaming\BullGuard
2012-08-15 18:42 . 2012-08-17 12:07   ————  d——-w-  c:\programdata\BullGuard
2012-08-15 18:11 . 2012-05-04 11:00   366592   ——a-w-  c:\windows\system32\qdvd.dll
2012-08-15 18:11 . 2012-05-04 09:59   514560   ——a-w-  c:\windows\SysWow64\qdvd.dll
2012-08-15 18:07 . 2012-05-05 08:36   503808   ——a-w-  c:\windows\system32\srcore.dll
2012-08-15 18:07 . 2012-05-05 07:46   43008   ——a-w-  c:\windows\SysWow64\srclient.dll
2012-08-15 18:07 . 2012-02-11 06:43   751104   ——a-w-  c:\windows\system32\win32spl.dll
2012-08-15 18:07 . 2012-02-11 06:36   559104   ——a-w-  c:\windows\system32\spoolsv.exe
2012-08-15 18:07 . 2012-02-11 06:36   67072   ——a-w-  c:\windows\splwow64.exe
2012-08-15 18:07 . 2012-02-11 05:43   492032   ——a-w-  c:\windows\SysWow64\win32spl.dll
2012-08-15 18:06 . 2012-07-04 22:16   73216   ——a-w-  c:\windows\system32\netapi32.dll
2012-08-15 18:06 . 2012-07-04 22:13   59392   ——a-w-  c:\windows\system32\browcli.dll
2012-08-15 18:06 . 2012-07-04 22:13   136704   ——a-w-  c:\windows\system32\browser.dll
2012-08-15 18:06 . 2012-07-04 21:14   41984   ——a-w-  c:\windows\SysWow64\browcli.dll
2012-08-15 18:06 . 2012-05-14 05:26   956928   ——a-w-  c:\windows\system32\localspl.dll
2012-08-15 18:06 . 2012-07-18 18:15   3148800   ——a-w-  c:\windows\system32\win32k.sys
2012-08-15 17:42 . 2012-08-15 17:42   ————  d——-w-  c:\users\Daniel-Laptop
2012-08-04 15:20 . 2012-08-15 12:49   ————  d——-w-  c:\program files (x86)\Common Files\Apple
2012-07-29 21:16 . 2012-08-15 19:56   ————  d——-w-  c:\program files (x86)\Microsoft
2012-07-29 21:16 . 2012-07-29 21:16   7450888   ——a-w-  c:\program files (x86)\Common Files\Windows Live\.cache\5c14edf41cd6dcf04\bingbarsetup.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 18:07 . 2012-01-28 15:31   62134624   ——a-w-  c:\windows\system32\MRT.exe
2012-08-15 14:12 . 2012-04-17 13:18   426184   ——a-w-  c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 14:12 . 2012-01-28 13:55   70344   ——a-w-  c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-17 17:57 . 2012-07-17 17:58   1490656   ——a-w-  c:\windows\system32\WdfCoInstaller01007.dll
2012-07-17 17:57 . 2012-07-17 17:58   1490656   ——a-w-  c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-06-15 07:45 . 2012-06-15 07:45   66272   ——a-w-  c:\windows\system32\drivers\BdSpy.sys
2012-06-15 07:45 . 2012-06-15 07:45   290376   ——a-w-  c:\windows\system32\drivers\Trufos.sys
2012-06-15 07:45 . 2012-06-15 07:45   256072   ——a-w-  c:\windows\system32\drivers\NSKernel.sys
2012-06-15 07:45 . 2012-06-15 07:45   25160   ——a-w-  c:\windows\system32\drivers\NSNetmon.sys
2012-06-15 07:44 . 2012-06-15 07:44   445568   ——a-w-  c:\windows\system32\drivers\afwcore.sys
2012-06-15 07:44 . 2012-06-15 07:44   38528   ——a-w-  c:\windows\system32\drivers\afw.sys
2012-06-09 05:43 . 2012-07-11 15:35   14172672   ——a-w-  c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 15:35   2004480   ——a-w-  c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 15:35   1881600   ——a-w-  c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 15:35   1133568   ——a-w-  c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 15:35   1390080   ——a-w-  c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 15:35   1236992   ——a-w-  c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 15:35   805376   ——a-w-  c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-23 15:18   38424   ——a-w-  c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 15:19   2428952   ——a-w-  c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 15:19   57880   ——a-w-  c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 15:19   44056   ——a-w-  c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 15:18   701976   ——a-w-  c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 15:19   2622464   ——a-w-  c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 15:18   99840   ——a-w-  c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 15:18   186752   ——a-w-  c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-23 15:18   36864   ——a-w-  c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 15:35   458704   ——a-w-  c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 15:35   95600   ——a-w-  c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 15:35   151920   ——a-w-  c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 15:35   340992   ——a-w-  c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 15:35   307200   ——a-w-  c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 15:35   22016   ——a-w-  c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 15:35   225280   ——a-w-  c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 15:35   219136   ——a-w-  c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 15:35   96768   ——a-w-  c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Spotify”=“c:\users\Bo\AppData\Roaming\Spotify\Spotify.exe” [2012-07-21 7601880]
“Facebook Update”=“c:\users\Bo\AppData\Local\Facebook\Update\FacebookUpdate.exe” [2012-07-11 138096]
“Spotify Web Helper”=“c:\users\Bo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe” [2012-07-21 1193176]
“Skype”=“c:\program files (x86)\Skype\Phone\Skype.exe” [2012-07-13 17418928]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2012-07-27 919008]
“FLxHCIm64”=“c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe” [2011-12-12 48128]
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe” [2012-01-18 254696]
“Sweetpacks Communicator”=“c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe” [2012-02-26 295728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@=“Service”
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@=“Service”
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 AX88772B;ASIX AX88772B USB2.0 to Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ax88772b.sys [2010-12-31 98816]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-28 1255736]
S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2012-06-15 38528]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2012-06-15 66272]
S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys [2012-06-15 256072]
S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys [2012-06-15 25160]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Atheros Bt&Wlan; Coex Agent;Atheros Bt&Wlan; Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-08-02 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-08-02 103584]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2012-06-05 368480]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2012-06-05 199520]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2012-06-18 379744]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [2012-06-15 445568]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-12-05 17152]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-08-02 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-08-02 330912]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-08-02 110240]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-08-02 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-08-02 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-08-02 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-08-02 280992]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-08-02 511136]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-12-13 224512]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-12-13 71424]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-03-15 311400]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Indhold af mappen ‘Planlagte Opgaver’
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 14:12]
.
2012-02-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-538675310-1879635526-2279202838-1000Core.job
- c:\users\Bo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-14 21:18]
.
2012-07-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-538675310-1879635526-2279202838-1000Core1cd5faabad86f49.job
- c:\users\Bo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-14 21:18]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-538675310-1879635526-2279202838-1000Core1cd7b267c229dbb.job
- c:\users\Bo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15 20:32]
.
.
————- X64 Entries—————-
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“AtherosBtStack”=“c:\program files (x86)\Bluetooth Suite\BtvStack.exe” [2011-08-02 961184]
“AthBtTray”=“c:\program files (x86)\Bluetooth Suite\AthBtTray.exe” [2011-08-02 798880]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2012-03-19 170264]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2012-03-19 398616]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2012-03-19 439064]
“BullGuard”=“c:\program files\BullGuard Ltd\BullGuard\bullguard.exe” [2012-08-17 1863008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“LoadAppInit_DLLs”=0x1
.
———- Yderligere scanning———-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.dk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport; to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{15105F6B-80FF-40d3-B239-AEC9E0E93ACD} - c:\program files (x86)\PokerStars.DK\PokerStarsUpdate.exe
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 212.10.10.5 212.10.10.4
.
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
.
[HKEY_USERS\S-1-5-21-538675310-1879635526-2279202838-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
“Progid”=“WindowsLiveMail.Email.1”
.
[HKEY_USERS\S-1-5-21-538675310-1879635526-2279202838-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
“Progid”=“WindowsLiveMail.VCard.1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=”@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
“Enabled”=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx”
“ThreadingModel”=“Apartment”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@=“0”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@=“ShockwaveFlash.ShockwaveFlash.11”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@=”{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@=“1.0”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=“ShockwaveFlash.ShockwaveFlash”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx”
“ThreadingModel”=“Apartment”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@=“FlashFactory.FlashFactory.1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@=”{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@=“1.0”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=“FlashFactory.FlashFactory”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@=”{00020424-0000-0000-C000-000000000046}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2012-08-17 14:10:51 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2012-08-17 12:10
.
Pre-Kørsel: 60.979.744.768 byte ledig
Post-Kørsel: 60.660.953.088 byte ledig
.
- - End Of File - - D508587951DE9529421523A85A50DA9A

Kopiér indholdet mellem de bølgede linier ind i et notepad/notesblok-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.

~~~~~~~~~~~~~~~~~~~~~~~~~~

Snapshot::
SecCenter::
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
ClearJavaCache::

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den CFScript filen med musen, og før den hen over Combofix-filen, hvorefter du “giver slip” med musen, som vist her ->
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Send så en ny combofix log herind og fortæl hvordan tingene kører nu ?
Den kan findes her - C:\combofix.

Førend du sender den herind, så:

Kopier nedenstående ind i Notesblok:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IPSec\Enum]
“0”=“Root\\LEGACY_IPSEC\\0000”
“Count”=dword:00000001
“NextInstance”=dword:00000001

Gem filen på skrivebordet som IPS.reg

Klik så på filen, sig ja til at flette, genstart.

den kører som den skal.

Her er combofix loggen:

ComboFix 12-08-17.03 - Bo 17-08-2012 22:20:23.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.45.1030.18.3999.2664 [GMT 2:00]
Kører fra: c:\users\Bo\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Bo\Desktop\CFScript.txt
AV: BullGuard Antivirus *Enabled/Updated* {C3CCAC61-52F7-A056-1860-6406566E2578}
FW: BullGuard Firewall *Disabled* {FBF72D44-1898-A10E-333F-CD33A8BD6203}
SP: BullGuard Antispyware *Enabled/Updated* {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5}
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-07-17 til 2012-08-17 )))))))))))))))))))))))))))))))))))
.
.
2012-08-17 20:24 . 2012-08-17 20:24   ————  d——-w-  c:\users\Default\AppData\Local\temp
2012-08-17 20:21 . 2012-08-17 20:21   69000   ——a-w-  c:\programdata\Microsoft\Windows Defender\Definition Updates\{89496D1C-F689-431E-A3A5-30ED84C583E4}\offreg.dll
2012-08-17 12:35 . 2012-07-16 00:40   9133488   ——a-w-  c:\programdata\Microsoft\Windows Defender\Definition Updates\{89496D1C-F689-431E-A3A5-30ED84C583E4}\mpengine.dll
2012-08-17 11:49 . 2012-08-17 11:49   ————  d——-w-  C:\_OTL
2012-08-17 08:28 . 2012-08-17 08:28   63840   ——a-w-  c:\windows\system32\BGLsp.dll
2012-08-17 08:28 . 2012-08-17 08:28   54624   ——a-w-  c:\windows\SysWow64\BGLsp.dll
2012-08-17 08:26 . 2012-08-17 08:26   ————  d——-w-  c:\program files\Common Files\BullGuard Ltd
2012-08-17 08:26 . 2012-08-17 08:26   ————  d——-w-  c:\program files\BullGuard Ltd
2012-08-16 18:19 . 2012-08-16 18:20   ————  d——-w-  c:\users\Bo\AppData\Roaming\.minecraft
2012-08-15 20:32 . 2012-08-15 20:38   ————  d——-w-  c:\users\Bo\AppData\Local\Google
2012-08-15 19:56 . 2012-08-17 20:12   ————  d——-w-  c:\users\Bo\AppData\Roaming\Skype
2012-08-15 19:56 . 2012-08-15 19:56   ————  d——-w-  c:\program files (x86)\Common Files\Skype
2012-08-15 19:56 . 2012-08-15 19:56   ————  d——-r-  c:\program files (x86)\Skype
2012-08-15 19:56 . 2012-08-15 19:56   ————  d——-w-  c:\programdata\Skype
2012-08-15 18:43 . 2012-08-15 18:56   ————  d——-w-  c:\users\Bo\AppData\Roaming\BullGuard
2012-08-15 18:42 . 2012-08-17 20:21   ————  d——-w-  c:\programdata\BullGuard
2012-08-15 18:11 . 2012-05-04 11:00   366592   ——a-w-  c:\windows\system32\qdvd.dll
2012-08-15 18:11 . 2012-05-04 09:59   514560   ——a-w-  c:\windows\SysWow64\qdvd.dll
2012-08-15 18:07 . 2012-05-05 08:36   503808   ——a-w-  c:\windows\system32\srcore.dll
2012-08-15 18:07 . 2012-05-05 07:46   43008   ——a-w-  c:\windows\SysWow64\srclient.dll
2012-08-15 18:07 . 2012-02-11 06:43   751104   ——a-w-  c:\windows\system32\win32spl.dll
2012-08-15 18:07 . 2012-02-11 06:36   559104   ——a-w-  c:\windows\system32\spoolsv.exe
2012-08-15 18:07 . 2012-02-11 06:36   67072   ——a-w-  c:\windows\splwow64.exe
2012-08-15 18:07 . 2012-02-11 05:43   492032   ——a-w-  c:\windows\SysWow64\win32spl.dll
2012-08-15 18:06 . 2012-07-04 22:16   73216   ——a-w-  c:\windows\system32\netapi32.dll
2012-08-15 18:06 . 2012-07-04 22:13   59392   ——a-w-  c:\windows\system32\browcli.dll
2012-08-15 18:06 . 2012-07-04 22:13   136704   ——a-w-  c:\windows\system32\browser.dll
2012-08-15 18:06 . 2012-07-04 21:14   41984   ——a-w-  c:\windows\SysWow64\browcli.dll
2012-08-15 18:06 . 2012-05-14 05:26   956928   ——a-w-  c:\windows\system32\localspl.dll
2012-08-15 18:06 . 2012-07-18 18:15   3148800   ——a-w-  c:\windows\system32\win32k.sys
2012-08-15 17:42 . 2012-08-15 17:42   ————  d——-w-  c:\users\Daniel-Laptop
2012-08-04 15:20 . 2012-08-15 12:49   ————  d——-w-  c:\program files (x86)\Common Files\Apple
2012-07-29 21:16 . 2012-08-15 19:56   ————  d——-w-  c:\program files (x86)\Microsoft
2012-07-29 21:16 . 2012-07-29 21:16   7450888   ——a-w-  c:\program files (x86)\Common Files\Windows Live\.cache\5c14edf41cd6dcf04\bingbarsetup.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 18:07 . 2012-01-28 15:31   62134624   ——a-w-  c:\windows\system32\MRT.exe
2012-08-15 14:12 . 2012-04-17 13:18   426184   ——a-w-  c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 14:12 . 2012-01-28 13:55   70344   ——a-w-  c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-17 17:57 . 2012-07-17 17:58   1490656   ——a-w-  c:\windows\system32\WdfCoInstaller01007.dll
2012-07-17 17:57 . 2012-07-17 17:58   1490656   ——a-w-  c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-06-15 07:45 . 2012-06-15 07:45   66272   ——a-w-  c:\windows\system32\drivers\BdSpy.sys
2012-06-15 07:45 . 2012-06-15 07:45   290376   ——a-w-  c:\windows\system32\drivers\Trufos.sys
2012-06-15 07:45 . 2012-06-15 07:45   256072   ——a-w-  c:\windows\system32\drivers\NSKernel.sys
2012-06-15 07:45 . 2012-06-15 07:45   25160   ——a-w-  c:\windows\system32\drivers\NSNetmon.sys
2012-06-15 07:44 . 2012-06-15 07:44   445568   ——a-w-  c:\windows\system32\drivers\afwcore.sys
2012-06-15 07:44 . 2012-06-15 07:44   38528   ——a-w-  c:\windows\system32\drivers\afw.sys
2012-06-09 05:43 . 2012-07-11 15:35   14172672   ——a-w-  c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 15:35   2004480   ——a-w-  c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 15:35   1881600   ——a-w-  c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 15:35   1133568   ——a-w-  c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 15:35   1390080   ——a-w-  c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 15:35   1236992   ——a-w-  c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 15:35   805376   ——a-w-  c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-23 15:18   38424   ——a-w-  c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 15:19   2428952   ——a-w-  c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 15:19   57880   ——a-w-  c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 15:19   44056   ——a-w-  c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 15:18   701976   ——a-w-  c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 15:19   2622464   ——a-w-  c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 15:18   99840   ——a-w-  c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-23 15:18   186752   ——a-w-  c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-23 15:18   36864   ——a-w-  c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 15:35   458704   ——a-w-  c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 15:35   95600   ——a-w-  c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 15:35   151920   ——a-w-  c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 15:35   340992   ——a-w-  c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 15:35   307200   ——a-w-  c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 15:35   22016   ——a-w-  c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 15:35   225280   ——a-w-  c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 15:35   219136   ——a-w-  c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 15:35   96768   ——a-w-  c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2010-11-21 03:27   279656   ———w-  c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Spotify”=“c:\users\Bo\AppData\Roaming\Spotify\Spotify.exe” [2012-07-21 7601880]
“Facebook Update”=“c:\users\Bo\AppData\Local\Facebook\Update\FacebookUpdate.exe” [2012-07-11 138096]
“Spotify Web Helper”=“c:\users\Bo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe” [2012-07-21 1193176]
“Skype”=“c:\program files (x86)\Skype\Phone\Skype.exe” [2012-07-13 17418928]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2012-07-27 919008]
“FLxHCIm64”=“c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe” [2011-12-12 48128]
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe” [2012-01-18 254696]
“Sweetpacks Communicator”=“c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe” [2012-02-26 295728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@=“Service”
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@=“Service”
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 AX88772B;ASIX AX88772B USB2.0 to Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ax88772b.sys [2010-12-31 98816]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-28 1255736]
S1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys [2012-06-15 38528]
S1 BdSpy;BdSpy;c:\windows\system32\DRIVERS\BdSpy.sys [2012-06-15 66272]
S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys [2012-06-15 256072]
S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys [2012-06-15 25160]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Atheros Bt&Wlan; Coex Agent;Atheros Bt&Wlan; Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-08-02 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-08-02 103584]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2012-06-05 368480]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe [2009-07-14 27136]
S2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2012-06-05 199520]
S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2012-06-18 379744]
S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys [2012-06-15 445568]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2011-12-05 17152]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-08-02 36000]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-08-02 330912]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-08-02 110240]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-08-02 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-08-02 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-08-02 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-08-02 280992]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-08-02 511136]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2011-12-13 224512]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2011-12-13 71424]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-03-15 311400]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Indhold af mappen ‘Planlagte Opgaver’
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 14:12]
.
2012-02-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-538675310-1879635526-2279202838-1000Core.job
- c:\users\Bo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-14 21:18]
.
2012-07-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-538675310-1879635526-2279202838-1000Core1cd5faabad86f49.job
- c:\users\Bo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-14 21:18]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-538675310-1879635526-2279202838-1000Core1cd7b267c229dbb.job
- c:\users\Bo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15 20:32]
.
.
————- X64 Entries—————-
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“AtherosBtStack”=“c:\program files (x86)\Bluetooth Suite\BtvStack.exe” [2011-08-02 961184]
“AthBtTray”=“c:\program files (x86)\Bluetooth Suite\AthBtTray.exe” [2011-08-02 798880]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2012-03-19 170264]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2012-03-19 398616]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2012-03-19 439064]
“BullGuard”=“c:\program files\BullGuard Ltd\BullGuard\bullguard.exe” [2012-08-17 1863008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“LoadAppInit_DLLs”=0x1
.
———- Yderligere scanning———-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.dk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport; to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{15105F6B-80FF-40d3-B239-AEC9E0E93ACD} - c:\program files (x86)\PokerStars.DK\PokerStarsUpdate.exe
LSP: c:\windows\system32\BGLsp.dll
TCP: DhcpNameServer = 212.10.10.5 212.10.10.4
.
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
.
[HKEY_USERS\S-1-5-21-538675310-1879635526-2279202838-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
“Progid”=“WindowsLiveMail.Email.1”
.
[HKEY_USERS\S-1-5-21-538675310-1879635526-2279202838-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
“Progid”=“WindowsLiveMail.VCard.1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=”@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
“Enabled”=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx”
“ThreadingModel”=“Apartment”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@=“0”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@=“ShockwaveFlash.ShockwaveFlash.11”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@=”{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@=“1.0”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=“ShockwaveFlash.ShockwaveFlash”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx”
“ThreadingModel”=“Apartment”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@=“FlashFactory.FlashFactory.1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@=”{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@=“1.0”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=“FlashFactory.FlashFactory”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@=”{00020424-0000-0000-C000-000000000046}”
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2012-08-17 22:26:40
ComboFix-quarantined-files.txt 2012-08-17 20:26
ComboFix2.txt 2012-08-17 12:10
.
Pre-Kørsel: 59.625.156.608 byte ledig
Post-Kørsel: 59.331.710.976 byte ledig
.
- - End Of File - - CDAE19235E353052C9701C32BFF33715

den kører som den skal.

Fint, det lyder som om du kan komme på nettet med Bullguard Firewall aktiveret ?

ja det kan jeg Tak for hjælpen jeg sender lidt til kagekassen.

og må jeg slette alle loggerne, OTL og ComboFix ?

Velbekomme, og tak for beløbet              

Ja, du får lige den “officielle” vejledning.

Start OTL
Klik på CleanUp! knappen.

Du vil blive spurgt, om du vil begynde at rensningen? Vælg Ja.

Dette trin fjerner de filer, mapper og genveje skabt af de værktøjer,  du har downloadet og kørt.

Når du er færdig, vil du blive bedt om at genstarte computeren.

Genstart venligst din computer.