Hej og velkommen            

Ja, lad os tage et nærmere kig på tingene.

Download OTL af Oldtimer, gem den på dit skrivebord:
http://oldtimer.geekstogo.com/OTL.exe

Luk alle åbne vinduer. Klik på OTL ikonet (for Vista/win7, skal du højreklikke på ikonet og Kør som Administrator) for at starte programmet.
Når vinduet vises, under Output i toppen skift til Minimal Output.
Marker felterne ud for LOP check og Purity Check.

Klik så på Quick Scan.
• 

Det vil give to (2) logfiler på skrivebordet, en kaldet OTL.txt, den anden vil blive navngivet Extras.txt.
Husk, hvor du har gemt disse 2 filer.

Da de er forholdsvis lange, kan du blive nødt til at sende dem i flere indlæg.

Jeg kører Windows 7 64 bit…hvis det betyder noget.

Her er den første:

OTL logfile created on: 22-08-2012 10:49:17 - Run 1
OTL by OldTimer - Version 3.2.58.1   Folder = C:\Users\Ibenspc2012\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

7,95 Gb Total Physical Memory | 4,92 Gb Available Physical Memory | 61,90% Memory free
15,90 Gb Paging File | 12,20 Gb Available in Paging File | 76,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 903,12 Gb Total Space | 837,55 Gb Free Space | 92,74% Space Free | Partition Type: NTFS
Drive D: | 24,23 Gb Total Space | 2,53 Gb Free Space | 10,42% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,20% Space Free | Partition Type: FAT32
Drive G: | 1863,01 Gb Total Space | 1751,16 Gb Free Space | 94,00% Space Free | Partition Type: NTFS

Computer Name: IBENSPC2012-HP | User Name: Ibenspc2012 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ibenspc2012\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Eovendo\Eovendo\Eovendo.exe (Eovendo ApS)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Eovendo\Eovendo\Eovendo.Client.DataService.exe (Eovendo ApS)
PRC - C:\Program Files (x86)\Heimdal\HeimdalSecureDNS\DnsService.exe (Microsoft)
PRC - C:\Program Files (x86)\Heimdal\Client\HeimdalAgent.exe (CSIS Security Group)
PRC - C:\Program Files (x86)\Heimdal\Service\HeimdalAgentService.exe (CSIS Security Group)
PRC - C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Users\Ibenspc2012\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09c2f8f606e09d85cfe6e0ad89fbe729\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\7b7719d46a4da2e91e8c501347e48ab9\System.Numerics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_da_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_da_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv)—c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc)—c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility)—C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMPPALR3)—C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (EvtEng)—C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS)—C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc)—C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (BTHSSecurityMgr)—C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (STacSV)—C:\Program Files\IDT\WDM\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (hpsrv)—C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (HPAuto)—C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)
SRV:64bit: - (HPClientSvc)—C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc)—C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend)—C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters)—C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc)—C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice)—C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (EOVENDO.Client.DataService)—C:\Program Files (x86)\Eovendo\Eovendo\Eovendo.Client.DataService.exe (Eovendo ApS)
SRV - (HeimdalSecureDNS)—C:\Program Files (x86)\Heimdal\HeimdalSecureDNS\DnsService.exe (Microsoft)
SRV - (HeimdalService)—C:\Program Files (x86)\Heimdal\Service\HeimdalAgentService.exe (CSIS Security Group)
SRV - (MBAMService)—C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (sdCoreService)—C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService)—C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service)—C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (HPDrvMntSvc.exe)—C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (SkypeUpdate)—C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa)—C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist)—C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (PassThru Service)—C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (hpCMSrv)—C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (HP Support Assistant Service)—C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (FPLService)—C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe (HP)
SRV - (UNS)—C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS)—C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Bluetooth OBEX Service)—C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service)—C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor)—C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (HPWMISVC)—C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IconMan_R)—C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (IAStorDataMgrSvc)—C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (jhi_service)—C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (GamesAppService)—C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32)—C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32)—C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector)—C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (PCTSD)—C:\Windows\SysNative\drivers\PCTSD64.sys (PC Tools)
DRV:64bit: - (PCTBD)—C:\Windows\SysNative\drivers\PCTBD64.sys (PC Tools)
DRV:64bit: - (dg_ssudbus)—C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(http://www.devguru.co.kr))
DRV:64bit: - (PCTCore)—C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (NisDrv)—C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec)—C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (pctEFA)—C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)
DRV:64bit: - (pctDS)—C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)
DRV:64bit: - (amdsata)—C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata)—C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag)—C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Sftvol)—C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay)—C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir)—C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs)—C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdap)—C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (intelkmd)—C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (AMPPALP)—C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL)—C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iwdbus)—C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible)—C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (NETwNs64)—C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (iBtFltCoex)—C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf)—C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux)—C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc)—C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub)—C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (SynTP)—C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (STHDA)—C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (RSPCIESTOR)—C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Accelerometer)—C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt)—C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (iaStor)—C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167)—C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                             )
DRV:64bit: - (TsUsbFlt)—C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus)—C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD)—C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD)—C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64)—C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud)—C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (clwvd)—C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (htcnprot)—C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (HTCAND64)—C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs)—C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2)—C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor)—C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx)—C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92)—C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac)—C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA)—C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD)—C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX)—C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv)—C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv)—C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a)—C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir)—C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount)—C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/5
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/5
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2A73010C-D304-4296-A568-A05A8B6F3DBA}: “URL” = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link;_code=qs&index=aps&field;-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: “URL” = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: “URL” = http://dk.search.yahoo.com/search?p={searchTerms}&ei;={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: “URL” = http://da.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/5
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/5
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2A73010C-D304-4296-A568-A05A8B6F3DBA}: “URL” = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link;_code=qs&index=aps&field;-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: “URL” = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: “URL” = http://dk.search.yahoo.com/search?p={searchTerms}&ei;={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: “URL” = http://da.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {657B7956-3D9A-4B16-8047-9D8CF8F808A8}
IE - HKCU\..\SearchScopes\{657B7956-3D9A-4B16-8047-9D8CF8F808A8}: “URL” = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie;={inputEncoding?}&oe;={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ibenspc2012\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ibenspc2012\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012-08-22 01:16:23 | 000,000,000 |—-D | M]

[2012-08-21 22:38:21 | 000,000,000 |—-D | M] (No name found)—C:\Program Files (x86)\mozilla firefox\extensions
[2012-02-28 05:33:27 | 000,000,000 |—-D | M] (TrueSuite Website Logon)—C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie;={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl;={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ibenspc2012\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ibenspc2012\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ibenspc2012\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ibenspc2012\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Simple Pass 2012 (Enabled) = C:\Users\Ibenspc2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\npwebsitelogon.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Ibenspc2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ibenspc2012\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Website Logon = C:\Users\Ibenspc2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Ibenspc2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 |——| M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes’ Anti-Malware] C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Ibenspc2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ibenspc2012\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Ibenspc2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra ‘Tools’ menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.162.153.164 194.239.134.83
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E2C146E-E1D7-4869-89D9-72060C33A9E2}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5761BE92-68C6-43B5-A31C-97B6059590DD}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{994435D5-A0E6-48D8-9DEA-E76ECE05881B}: DhcpNameServer = 172.168.11.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8D17A8C-5E9C-4042-A446-1CFC561FBF78}: DhcpNameServer = 193.162.153.164 194.239.134.83
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open]—“%1” %*
O35:64bit: - HKLM\..exefile [open]—“%1” %*
O35 - HKLM\..comfile [open]—“%1” %*
O35 - HKLM\..exefile [open]—“%1” %*
O37:64bit: - HKLM\...com [@ = comfile]—“%1” %*
O37:64bit: - HKLM\...exe [@ = exefile]—“%1” %*
O37 - HKLM\...com [@ = comfile]—“%1” %*
O37 - HKLM\...exe [@ = exefile]—“%1” %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-08-22 01:16:11 | 000,085,224 |——| C] (PC Tools)—C:\Windows\SysNative\drivers\PCTBD64.sys
[2012-08-22 01:16:08 | 000,149,464 |——| C] (PC Tools)—C:\Windows\SGDetectionTool.dll
[2012-08-22 01:16:07 | 002,267,096 |——| C] (Threat Expert Ltd.)—C:\Windows\PCTBDCore.dll
[2012-08-22 01:16:07 | 001,689,560 |——| C] (Threat Expert Ltd.)—C:\Windows\PCTBDRes.dll
[2012-08-22 01:15:42 | 000,341,200 |——| C] (PC Tools)—C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012-08-22 01:15:42 | 000,145,464 |——| C] (PC Tools)—C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012-08-22 01:15:39 | 000,014,808 |——| C] (PC Tools)—C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012-08-22 01:15:39 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012-08-22 01:15:31 | 000,092,928 |——| C] (PC Tools)—C:\Windows\SysNative\drivers\pctplsg64.sys
[2012-08-22 01:15:00 | 000,000,000 |—-D | C]—C:\Program Files (x86)\PC Tools
[2012-08-22 01:11:36 | 001,096,176 |——| C] (PC Tools)—C:\Windows\SysNative\drivers\pctEFA64.sys
[2012-08-22 01:11:36 | 000,453,896 |——| C] (PC Tools)—C:\Windows\SysNative\drivers\pctDS64.sys
[2012-08-22 01:11:33 | 000,426,616 |——| C] (PC Tools)—C:\Windows\SysNative\drivers\PCTCore64.sys
[2012-08-22 01:11:30 | 000,251,560 |——| C] (PC Tools)—C:\Windows\SysNative\drivers\PCTSD64.sys
[2012-08-22 01:11:28 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Common Files\PC Tools
[2012-08-22 01:11:05 | 000,000,000 |—-D | C]—C:\ProgramData\PC Tools
[2012-08-22 01:11:04 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Roaming\TestApp
[2012-08-22 00:31:31 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012-08-22 00:31:19 | 000,000,000 |—-D | C]—C:\ProgramData\Spybot - Search & Destroy
[2012-08-22 00:31:19 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Spybot - Search & Destroy
[2012-08-21 22:44:25 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012-08-21 22:21:37 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Roaming\Malwarebytes
[2012-08-21 22:21:29 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes’ Anti-Malware
[2012-08-21 22:21:28 | 000,024,904 |——| C] (Malwarebytes Corporation)—C:\Windows\SysNative\drivers\mbam.sys
[2012-08-21 22:21:28 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Malwarebytes’ Anti-Malware
[2012-08-21 22:21:28 | 000,000,000 |—-D | C]—C:\ProgramData\Malwarebytes
[2012-08-21 22:03:56 | 000,000,000 |—-D | C]—C:\Program Files\Enigma Software Group
[2012-08-21 22:02:49 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012-08-21 11:38:16 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{7687FBC9-D57E-4B6D-A9B4-57AE5093A08C}
[2012-08-21 08:15:36 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Perion
[2012-08-20 12:39:26 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{45AD546A-D710-40B6-BDEE-85D484500879}
[2012-08-18 02:02:19 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{69891415-04FD-47B1-BDDF-84FB6191D7BB}
[2012-08-18 02:01:57 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{0CB18958-53E1-41AE-BCB9-B302BEA5CF93}
[2012-08-17 21:29:22 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eovendo
[2012-08-17 21:29:22 | 000,000,000 |—-D | C]—C:\Program Files (x86)\Eovendo
[2012-08-17 11:35:30 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{3D81DEF3-5A9C-4E6D-BD10-57AE9335B525}
[2012-08-17 11:35:07 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{E5715491-E400-42E7-9FCB-A2BAA9074B39}
[2012-08-16 09:24:36 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{9965BF28-0147-4B0E-AE8F-A52EA2489119}
[2012-08-16 09:24:14 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{EC9973CD-2012-4DA5-99CE-2A4310BC6A2D}
[2012-08-15 13:33:01 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{BD53A871-0017-496C-9274-622EC43A59B0}
[2012-08-15 13:32:51 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{6BE36370-CC8C-483C-8B77-66F242A81179}
[2012-08-14 13:09:13 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{3D2B5E1D-3BDC-41EB-B728-A3A0D42E5035}
[2012-08-14 13:08:51 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{F9E23271-C130-4C3D-8988-064F22706C27}
[2012-08-14 01:08:23 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{FF34F1FD-830F-4F2B-AB43-FAC9F4796213}
[2012-08-14 01:08:01 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{7B3B640E-8267-465F-8AE7-61D03518C7D6}
[2012-08-13 13:07:33 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{F3B7BF64-317D-4940-8EF4-02287433A9EB}
[2012-08-13 13:07:22 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{D4FED7E0-19AE-480F-BD12-29BE639EE022}
[2012-08-12 23:40:38 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Roaming\Farm Girl at the Nile
[2012-08-12 21:49:39 | 000,000,000 |—-D | C]—C:\ProgramData\Eovendo
[2012-08-12 20:41:25 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{39E216DF-263F-4988-B428-435E3FC83B57}
[2012-08-12 20:41:03 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{96AD26BF-6DE6-4CCE-A5E2-47A33EB7A7B4}
[2012-08-10 10:56:03 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{97001B07-F249-4B57-8AEB-94141EF6782F}
[2012-08-10 10:55:41 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{696694A1-EBD0-4294-8D52-A9AEEE9560D1}
[2012-08-08 22:33:10 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{1CD9BF96-0F1D-40EA-A93F-11C8298F19E3}
[2012-08-08 22:32:47 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{11E62CCB-2C5B-4340-96C9-D53C00BF8D68}
[2012-08-07 23:55:36 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{C4F0E022-CD5A-4205-B258-48F9AFF7F1FA}
[2012-08-07 23:55:14 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{961BD30E-8AE6-4758-8151-B5EA02532FBA}
[2012-08-05 12:29:40 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Roaming\Boolat Games
[2012-08-05 12:16:58 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Promised Land
[2012-08-05 12:16:58 | 000,000,000 |—-D | C]—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Promised Land
[2012-08-05 12:16:58 | 000,000,000 |—-D | C]—C:\Program Files (x86)\The Promised Land
[2012-08-05 10:43:03 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{64E207A0-E9BE-4EF9-9501-E009BB3D039B}
[2012-08-05 10:42:41 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{5E67BE90-08BA-44B7-AD6A-B07F42DF3FB4}
[2012-08-02 02:17:15 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{CCBEAD68-8135-4713-8FF4-7469C14C30D4}
[2012-08-02 02:17:03 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{CA83F5D1-B52F-4508-BA58-27C7D26EE94D}
[2012-07-30 09:19:25 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{D2F64ED7-0DEF-4FED-AFEA-FD9E1D0F03B7}
[2012-07-30 09:19:03 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{1BE3266E-3BC7-4F4F-9894-C4CD43CDC41E}
[2012-07-29 09:58:56 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{DAB6D10B-AB2B-4477-9BCD-36745FE4689D}
[2012-07-29 09:58:44 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{1861C07C-B7A0-4902-BE0F-968D32C79C75}
[2012-07-28 11:54:01 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{68F815AD-8E01-4F11-B4AA-BD0D9A89A7FE}
[2012-07-28 11:53:38 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{3056E24D-4AB9-486E-A9DF-8E2808FEC0AF}
[2012-07-27 23:53:11 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{BEB6F9AD-5A9E-4782-8A0E-1086416B3007}
[2012-07-27 23:52:49 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{85CDBAD7-4334-480B-BCBB-B1441C3C8AC0}
[2012-07-25 00:29:32 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{D39F15BF-1BEF-4579-A97F-C114B4C58B1F}
[2012-07-25 00:29:10 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{347CA334-8BE7-4B79-A09C-C7DC37F42E46}
[2012-07-24 12:28:45 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{862B97AF-950F-456B-A5FB-E27280A3C843}
[2012-07-24 12:28:23 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{38A87C9D-9A8D-4FFF-90E1-7839903D4ACA}
[2012-07-23 18:09:00 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{433758BA-C2B6-4449-A568-033E7316A8ED}
[2012-07-23 18:08:38 | 000,000,000 |—-D | C]—C:\Users\Ibenspc2012\AppData\Local\{50B84987-5BDC-4EAE-8DAD-4FD8F64163E6}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-08-22 10:53:00 | 000,000,966 |——| M] ()—C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1099950465-931844365-3547754557-1000UA.job
[2012-08-22 10:46:19 | 000,000,830 |——| M] ()—C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-08-22 10:46:15 | 000,067,584 |—S- | M] ()—C:\Windows\bootstat.dat
[2012-08-22 08:05:40 | 000,032,064 | -H—| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-08-22 08:05:40 | 000,032,064 | -H—| M] ()—C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-08-22 07:57:21 | 2106,478,591 | -HS- | M] ()—C:\hiberfil.sys
[2012-08-22 01:15:39 | 000,002,245 |——| M] ()—C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
[2012-08-22 01:11:53 | 001,754,679 |——| M] ()—C:\Windows\SysNative\drivers\Cat.DB
[2012-08-21 22:53:00 | 000,000,914 |——| M] ()—C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1099950465-931844365-3547754557-1000Core.job
[2012-08-21 22:44:27 | 000,002,412 |——| M] ()—C:\Users\Ibenspc2012\Desktop\Google Chrome.lnk
[2012-08-21 22:41:06 | 000,001,258 |——| M] ()—C:\Users\Ibenspc2012\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012-08-21 22:27:10 | 000,000,356 |——| M] ()—C:\Windows\tasks\HPCeeScheduleForIbenspc2012.job
[2012-08-21 08:15:32 | 000,000,448 |——| M] ()—C:\user.js
[2012-08-20 08:23:35 | 000,000,354 |——| M] ()—C:\Windows\tasks\HPCeeScheduleForIBENSPC2012-HP$.job
[2012-08-17 21:29:27 | 000,002,009 |——| M] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Eovendo.lnk
[2012-08-17 21:29:27 | 000,001,985 |——| M] ()—C:\Users\Public\Desktop\Eovendo.lnk
[2012-08-17 12:54:15 | 001,381,504 |——| M] ()—C:\Windows\SysNative\PerfStringBackup.INI
[2012-08-17 12:54:15 | 000,654,920 |——| M] ()—C:\Windows\SysNative\perfh009.dat
[2012-08-17 12:54:15 | 000,510,022 |——| M] ()—C:\Windows\SysNative\perfh006.dat
[2012-08-17 12:54:15 | 000,122,494 |——| M] ()—C:\Windows\SysNative\perfc009.dat
[2012-08-17 12:54:15 | 000,098,894 |——| M] ()—C:\Windows\SysNative\perfc006.dat
[2012-08-16 21:25:10 | 000,002,019 |——| M] ()—C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012-08-15 21:36:11 | 000,293,176 |——| M] ()—C:\Windows\SysNative\FNTCACHE.DAT
[2012-08-12 23:51:50 | 000,007,506 |——| M] ()—C:\Windows\wininit.ini
[2012-08-12 23:38:49 | 000,001,272 |——| M] ()—C:\Users\Public\Desktop\More Great Games.lnk
[2012-07-28 16:59:30 | 000,000,960 |——| M] ()—C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012-07-25 00:11:22 | 000,001,021 |——| M] ()—C:\Users\Ibenspc2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012-07-24 20:07:42 | 000,000,000 | -H—| M] ()—C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-08-22 01:16:09 | 000,767,960 |——| C] ()—C:\Windows\BDTSupport.dll
[2012-08-22 01:16:08 | 000,003,488 |——| C] ()—C:\Windows\UDB.zip
[2012-08-22 01:16:08 | 000,000,882 |——| C] ()—C:\Windows\RegSDImport.xml
[2012-08-22 01:16:08 | 000,000,879 |——| C] ()—C:\Windows\RegISSImport.xml
[2012-08-22 01:16:08 | 000,000,131 |——| C] ()—C:\Windows\IDB.zip
[2012-08-22 01:15:39 | 000,002,245 |——| C] ()—C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
[2012-08-22 01:11:37 | 001,754,679 |——| C] ()—C:\Windows\SysNative\drivers\Cat.DB
[2012-08-21 22:44:27 | 000,002,412 |——| C] ()—C:\Users\Ibenspc2012\Desktop\Google Chrome.lnk
[2012-08-21 22:43:31 | 000,000,966 |——| C] ()—C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1099950465-931844365-3547754557-1000UA.job
[2012-08-21 22:43:31 | 000,000,914 |——| C] ()—C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1099950465-931844365-3547754557-1000Core.job
[2012-08-21 08:15:31 | 000,000,448 |——| C] ()—C:\user.js
[2012-08-16 21:25:10 | 000,002,019 |——| C] ()—C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012-08-12 23:38:49 | 000,001,272 |——| C] ()—C:\Users\Public\Desktop\More Great Games.lnk
[2012-08-12 21:49:46 | 000,002,009 |——| C] ()—C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Eovendo.lnk
[2012-08-12 21:49:46 | 000,001,985 |——| C] ()—C:\Users\Public\Desktop\Eovendo.lnk
[2012-07-24 20:07:42 | 000,000,000 | -H—| C] ()—C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012-04-29 19:09:41 | 000,004,096 |——| C] ()—C:\Windows\d3dx.dat
[2012-03-15 17:45:27 | 000,007,506 |——| C] ()—C:\Windows\wininit.ini
[2012-02-27 18:00:43 | 001,360,176 |——| C] ()—C:\Windows\SysWow64\PerfStringBackup.INI
[2011-12-21 18:46:01 | 000,000,000 |——| C] ()—C:\Windows\ativpsrm.bin
[2011-12-21 18:34:46 | 000,003,929 |——| C] ()—C:\Windows\SysWow64\atipblup.dat
[2011-12-21 18:33:28 | 000,963,116 |——| C] ()—C:\Windows\SysWow64\igkrng600.bin
[2011-12-21 18:33:27 | 000,216,000 |——| C] ()—C:\Windows\SysWow64\igfcg600m.bin
[2011-12-21 18:33:26 | 000,145,804 |——| C] ()—C:\Windows\SysWow64\igcompkrng600.bin
[2011-12-21 18:33:26 | 000,056,832 |——| C] ()—C:\Windows\SysWow64\igdde32.dll
[2011-12-21 18:33:25 | 013,903,872 |——| C] ()—C:\Windows\SysWow64\ig4icd32.dll
[2011-12-21 18:33:23 | 000,003,929 |——| C] ()—C:\Windows\SysWow64\atipblag.dat
[2011-12-21 18:28:17 | 000,000,056 | -H—| C] ()—C:\Windows\SysWow64\ezsidmv.dat
[2011-11-16 20:11:20 | 000,000,068 |——| C] ()—C:\Windows\SysWow64\ezdigsgn.dat
[2011-10-01 08:42:20 | 000,053,760 |——| C] ()—C:\Windows\SysWow64\OVDecode.dll
[2011-09-06 22:34:28 | 000,007,736 |——| C] ()—C:\Windows\hpDSTRES.DLL
[2011-06-10 04:17:36 | 000,066,856 |——| C] ()—C:\Windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012-03-20 01:37:41 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\Alawar
[2012-07-28 01:09:09 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\aliasworlds
[2012-05-09 13:50:15 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\Be a King
[2012-07-15 02:58:37 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\BlamGames
[2012-08-05 12:29:40 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\Boolat Games
[2012-07-24 20:21:52 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\calibre
[2012-03-05 23:08:53 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\dk.in2media.yousee.youseeplayer
[2012-08-22 07:59:55 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\Dropbox
[2012-08-12 23:51:29 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\Farm Girl at the Nile
[2012-03-15 17:52:15 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\GFI
[2012-03-06 00:52:15 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\HTC
[2012-03-06 01:00:23 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012-03-15 20:49:04 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\Islands
[2012-05-04 08:18:13 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\LegacyGames
[2012-04-20 20:02:53 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\Meridian93
[2012-04-15 10:33:24 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\OpenOffice.org
[2012-03-21 02:14:34 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\Peace Craft
[2012-03-26 22:37:37 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\PeaceCraft2
[2012-03-31 12:41:20 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\PeaceCraft3
[2012-05-06 19:00:17 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\PlayFirst
[2012-03-18 15:55:44 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\Playrix Entertainment
[2012-04-29 21:02:43 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\ShinyTales
[2012-07-02 13:58:54 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\SoftGrid Client
[2012-02-27 17:30:05 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\Synaptics
[2012-08-22 01:11:04 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\TestApp
[2012-02-28 21:22:44 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\TP
[2012-08-21 21:44:04 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\uTorrent
[2012-03-08 14:08:53 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\Windows Live Writer
[2012-05-06 20:35:35 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\World-Loom
[2012-02-27 18:23:18 | 000,000,000 |—-D | M]—C:\Users\Ibenspc2012\AppData\Roaming\_MDLogs
[2012-08-15 21:36:24 | 000,032,550 |——| M] ()—C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 249 bytes -> C:\ProgramData\Temp:FD786DCA
@Alternate Data Stream - 249 bytes -> C:\ProgramData\Temp:EE7A6A39
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:A6B07419
@Alternate Data Stream - 244 bytes -> C:\ProgramData\Temp:9CF728A6
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:E5BA9ADD
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:38FF076E
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:3571475C
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:A843AC18
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:99AC3203
@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:27F44544
@Alternate Data Stream - 226 bytes -> C:\ProgramData\Temp:663B62CA
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:D2397415
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:ADFAD95A
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:12EA4DC9
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:1B9E79B3
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:11EFE63D
@Alternate Data Stream - 161 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:258D2F8B
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:F3591DDB
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E153075C
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:8C12CFCD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:F98E6C67
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:801ED9DF
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:6E3C585B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:8AC20936
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:29C0641D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:6DDFD746
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:3C9B05C4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:9F50A55A
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:60C897F3
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:0AE2C68F

< End of report >

Og Extras:

OTL Extras logfile created on: 22-08-2012 10:49:17 - Run 1
OTL by OldTimer - Version 3.2.58.1   Folder = C:\Users\Ibenspc2012\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

7,95 Gb Total Physical Memory | 4,92 Gb Available Physical Memory | 61,90% Memory free
15,90 Gb Paging File | 12,20 Gb Available in Paging File | 76,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 903,12 Gb Total Space | 837,55 Gb Free Space | 92,74% Space Free | Partition Type: NTFS
Drive D: | 24,23 Gb Total Space | 2,53 Gb Free Space | 10,42% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,20% Space Free | Partition Type: FAT32
Drive G: | 1863,01 Gb Total Space | 1751,16 Gb Free Space | 94,00% Space Free | Partition Type: NTFS

Computer Name: IBENSPC2012-HP | User Name: Ibenspc2012 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut]—C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile]—C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open]—“%1” %*
cmdfile [open]—“%1” %*
comfile [open]—“%1” %*
exefile [open]—“%1” %*
helpfile [open]—Reg Error: Key error.
htafile [open]—“%1” %*
htmlfile [edit]—Reg Error: Key error.
htmlfile [print]—“C:\Windows\system32\rundll32.exe” “C:\Windows\system32\mshtml.dll”,PrintHTML “%1” (Microsoft Corporation)
inffile [install]—%SystemRoot%\System32\InfDefaultInstall.exe “%1” (Microsoft Corporation)
InternetShortcut [open]—“C:\Windows\System32\rundll32.exe” “C:\Windows\System32\ieframe.dll”,OpenURL %l (Microsoft Corporation)
InternetShortcut [print]—“C:\Windows\System32\rundll32.exe” “C:\Windows\System32\mshtml.dll”,PrintHTML “%1” (Microsoft Corporation)
piffile [open]—“%1” %*
regfile [merge]—Reg Error: Key error.
scrfile [config]—“%1”
scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open]—“%1” /S
txtfile [edit]—Reg Error: Key error.
Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC]—“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”—started-from-file—playlist-enqueue “%1” ()
Directory [cmd]—cmd.exe /s /k pushd “%V” (Microsoft Corporation)
Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC]—“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”—started-from-file—no-playlist-enqueue “%1” ()
Folder [open]—%SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore]—Reg Error: Value error.
Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open]—“%1” %*
cmdfile [open]—“%1” %*
comfile [open]—“%1” %*
cplfile [cplopen]—%SystemRoot%\System32\control.exe “%1”,%* (Microsoft Corporation)
exefile [open]—“%1” %*
helpfile [open]—Reg Error: Key error.
htafile [open]—“%1” %*
htmlfile [edit]—Reg Error: Key error.
inffile [install]—%SystemRoot%\System32\InfDefaultInstall.exe “%1” (Microsoft Corporation)
piffile [open]—“%1” %*
regfile [merge]—Reg Error: Key error.
scrfile [config]—“%1”
scrfile [install]—rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open]—“%1” /S
txtfile [edit]—Reg Error: Key error.
Unknown [openas]—%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC]—“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”—started-from-file—playlist-enqueue “%1” ()
Directory [cmd]—cmd.exe /s /k pushd “%V” (Microsoft Corporation)
Directory [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC]—“C:\Program Files (x86)\VideoLAN\VLC\vlc.exe”—started-from-file—no-playlist-enqueue “%1” ()
Folder [open]—%SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore]—Reg Error: Value error.
Drive [find]—%SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“cval” = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
“VistaSp1” = 28 4D B2 76 41 04 CA 01 [binary data]
“AntiVirusOverride” = 0
“AntiSpywareOverride” = 0
“FirewallOverride” = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall” = 1
“DisableNotifications” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall” = 1
“DisableNotifications” = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
“EnableFirewall” = 1
“DisableNotifications” = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
“{040BF9FC-AA63-4109-99BD-FC68DDA0B0FA}” = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
“{08F26881-9786-41E1-B6D7-18613DD7DFF5}” = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
“{0A6139E6-D352-486F-B69F-D0A52C8900CA}” = rport=10243 | protocol=6 | dir=out | app=system |
“{0D6AFF71-70EE-48C0-87ED-D7FB5DA67A24}” = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
“{3477A1B8-DEAF-495A-8AF0-CD6A58E29054}” = lport=139 | protocol=6 | dir=in | app=system |
“{3C981467-630B-4A35-AB92-125C973B4F45}” = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
“{4CBEC93E-04ED-4CA4-A1AD-6B7B9E3CEFC9}” = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
“{561D693F-5667-49B9-BB48-88D77C90912E}” = lport=2869 | protocol=6 | dir=in | app=system |
“{6807B786-E949-4A4E-BE24-126820F49552}” = lport=10243 | protocol=6 | dir=in | app=system |
“{69B8DD08-6083-4A66-AD12-539F56D11C01}” = lport=445 | protocol=6 | dir=in | app=system |
“{774A8C4E-E3C4-4CE4-85EA-949ECBB2D25F}” = rport=138 | protocol=17 | dir=out | app=system |
“{8A5681E1-AA6F-4ED9-B69F-BAE3A787D86C}” = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
“{93C6033E-4D4A-4667-927B-DE47B50EB552}” = rport=139 | protocol=6 | dir=out | app=system |
“{985BD753-5E15-4E49-ADCF-56DC3E5FAAB1}” = rport=137 | protocol=17 | dir=out | app=system |
“{9A63258D-DB8D-4BF0-9BB6-907D558E0FDF}” = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
“{9F069BC6-A7D8-420E-90ED-55F47E90B61B}” = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
“{C61D0ECE-384E-40BB-AADF-B1619431FF67}” = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
“{C69627DA-39B7-45D4-9ADD-F64562E3DD87}” = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
“{D364A6F7-B9AA-4E3E-803B-F5FB8EA2F9CD}” = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
“{E2552597-F25C-4E00-B2E6-35C6D2130254}” = lport=138 | protocol=17 | dir=in | app=system |
“{E5B29685-06E2-45F7-8EB1-437986EBDF90}” = rport=445 | protocol=6 | dir=out | app=system |
“{EE2F9F29-4DFE-4BB1-A9D6-3411C5DC70FA}” = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
“{F0554101-9F13-4DD4-94E8-704DEBE568D3}” = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
“{F72B60A0-2479-4C76-B32E-0A0B5CA86561}” = lport=137 | protocol=17 | dir=in | app=system |
“{AA1D772A-11D9-47AA-AD37-B6C6677BC23F}” = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
“{0C9C760A-2071-457A-A263-21421B6D4B05}” = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
“{15990A2A-5DAB-4226-A7ED-9EAA12788F1B}” = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
“{1B582E25-6011-414E-8E49-27A88159CCA9}” = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
“{1BC47B46-00D7-41A0-A2FA-5281F8662E3A}” = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
“{278074B5-3053-403B-8118-19D102E9031F}” = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
“{28D5995F-6C1E-447E-8A7A-060E972B0B96}” = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
“{33235E9F-8A87-4698-941F-982E1059EE70}” = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
“{34D2F35E-EEC5-4B11-B9B4-8A024DCBD3A7}” = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
“{47BC326F-1DB9-4E83-A985-406BC06C6618}” = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
“{4C88B0C4-08C6-4714-BF49-E43B2F3F7FA9}” = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
“{4CADCFDB-07A0-4447-98B3-F6C9FA529A4E}” = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
“{5B6BF879-AD18-47A3-AE20-63DE22BCD9A1}” = protocol=6 | dir=out | app=system |
“{5B8B76D0-4824-4327-A45D-BE3AB0893DE4}” = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
“{5CA9C3AA-B091-4F42-A3B9-2D3496C52FF6}” = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
“{5D331881-EFCD-4777-AA59-B4699833BE6E}” = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
“{61A3C8B4-504F-4B46-A413-0433793A5F11}” = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
“{841B2248-91BB-4178-A95B-E052CE34945A}” = protocol=17 | dir=in | app=c:\users\ibenspc2012\appdata\roaming\dropbox\bin\dropbox.exe |
“{95159959-26E0-484A-B203-B970D307C32E}” = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
“{972F9554-C925-4D33-9DB7-DEE3C6652AE0}” = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
“{9B75368E-ABE8-468D-A472-F47A5EF9401F}” = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
“{9BED7619-C659-4104-8315-FCE767F559EE}” = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
“{9D2393AB-31F3-455C-8C41-5EE06C8F9332}” = protocol=6 | dir=in | app=c:\users\ibenspc2012\appdata\roaming\dropbox\bin\dropbox.exe |
“{A9F2F23D-79EF-487A-BF2A-2A00EE2C2FF6}” = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
“{AE8A3F35-933C-41E0-B7A5-C935B8C54D72}” = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
“{C38FCCAD-5ABD-41DA-931A-C94DEB5F1D28}” = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
“{C7FA7543-7E33-4066-BB15-5CE13FA49A34}” = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
“{C8D9AF4C-C40F-4015-9239-92E977E53BCA}” = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
“{C9B5067B-8131-451D-A6E1-8691602E8DE5}” = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
“{D6A156DD-B1B1-4F3A-BC34-916CE15DA507}” = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
“{DB2284A6-C14C-41AF-8BE3-413243318990}” = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
“{EA7B217D-793D-43D0-90D4-F042CE4664FF}” = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
“TCP Query User{01B761C3-1601-4AF8-82AB-8FDC97B0FA83}C:\users\ibenspc2012\appdata\roaming\dropbox\bin\dropbox.exe” = protocol=6 | dir=in | app=c:\users\ibenspc2012\appdata\roaming\dropbox\bin\dropbox.exe |
“TCP Query User{5AA10040-88C2-4158-80E2-9C8478D671A8}C:\program files (x86)\yousee player\yousee player.exe” = protocol=6 | dir=in | app=c:\program files (x86)\yousee player\yousee player.exe |
“TCP Query User{A319AD1D-83CA-4082-8E04-9AD7593312A7}C:\program files (x86)\calibre2\calibre.exe” = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
“TCP Query User{FB4EDA0E-A8FE-4D76-AAE5-50BE46708279}C:\program files (x86)\yousee player\yousee player.exe” = protocol=6 | dir=in | app=c:\program files (x86)\yousee player\yousee player.exe |
“UDP Query User{9EB82156-44BA-4320-A7CC-5E15944031B8}C:\program files (x86)\yousee player\yousee player.exe” = protocol=17 | dir=in | app=c:\program files (x86)\yousee player\yousee player.exe |
“UDP Query User{B7996DA5-7530-4217-BD2E-071D6937923B}C:\program files (x86)\calibre2\calibre.exe” = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
“UDP Query User{DEB604E4-D9C6-48BC-9726-5B85C43A2D6E}C:\program files (x86)\yousee player\yousee player.exe” = protocol=17 | dir=in | app=c:\program files (x86)\yousee player\yousee player.exe |
“UDP Query User{E683874B-7208-4A38-B7D6-8465F18A6070}C:\users\ibenspc2012\appdata\roaming\dropbox\bin\dropbox.exe” = protocol=17 | dir=in | app=c:\users\ibenspc2012\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{027E5FAB-1476-4C59-AAB4-32EF28520399}” = Windows Live Language Selector
“{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}” = AuthenTec TrueAPI
“{0576788F-2993-455F-80CD-980114095103}” = HP Security Assistant
“{071c9b48-7c32-4621-a0ac-3f809523288f}” = Microsoft Visual C++ 2005 Redistributable (x64)
“{0EF86E06-C755-4C6F-8E47-2528D0546C0A}” = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
“{1685AE50-97ED-485B-80F6-145071EE14B0}” = Windows Live Remote Service Resources
“{1876545F-47B1-80A7-2F98-D175DA98A392}” = ccc-utility64
“{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}” = Windows Live ID Sign-in Assistant
“{25FBDA9A-E868-4B3B-B9FF-D923818511A1}” = Intel(R) PROSet/Wireless WiFi Software
“{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}” = HP Client Services
“{28EF7372-9087-4AC3-9B9F-D9751FCDF830}” = Intel(R) Wireless Display
“{2C1A6191-9804-4FDC-AB01-6F9183C91A13}” = Windows Live Remote Client Resources
“{2F9C2FBC-656B-4E1A-8327-044CF9086850}” = HP 3D DriveGuard
“{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}” = AMD Catalyst Install Manager
“{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}” = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
“{4C2E49C0-9276-4324-841D-774CCCE5DB48}” = Windows Live Remote Client Resources
“{503F672D-6C84-448A-8F8F-4BC35AC83441}” = AMD APP SDK Runtime
“{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}” = Windows Live Remote Service Resources
“{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}” = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
“{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}” = Windows Live Remote Service Resources
“{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}” = Microsoft Visual C++ 2005 Redistributable (x64)
“{79174AF2-6CB1-42F5-981E-66DCA49391D0}” = Validity WBF DDK
“{7AEC844D-448A-455E-A34E-E1032196BBCD}” = Windows Live Remote Service Resources
“{8220EEFE-38CD-377E-8595-13398D740ACE}” = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
“{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}” = Windows Live Remote Client Resources
“{850B8072-2EA7-4EDC-B930-7FE569495E76}” = Windows Live Remote Client Resources
“{8E34682C-8118-31F1-BC4C-98CD9675E1C2}” = Microsoft .NET Framework 4 Extended
“{90140000-006D-0406-1000-0000000FF1CE}” = Microsoft Office Klik og kør 2010
“{95120000-00B9-0409-1000-0000000FF1CE}” = Microsoft Application Error Reporting
“{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}” = Microsoft Security Client
“{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}” = Windows Live Remote Client Resources
“{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}” = Microsoft Visual C++ 2005 Redistributable (x64)
“{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}” = HP Launch Box
“{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}” = HP Auto
“{DA54F80E-261C-41A2-A855-549A144F2F59}” = Windows Live MIME IFilter
“{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}” = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
“{DC911ADF-7B60-40F2-A112-FB1EB6402D07}” = Microsoft Security Client DA-DK Language Pack
“{DF6D988A-EEA0-4277-AAB8-158E086E439B}” = Windows Live Remote Client
“{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}” = Windows Live Remote Service
“{F27D5AAD-758E-460F-964D-6F2E65964C08}” = Microsoft Antimalware Service DA-DK Language Pack
“{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}” = Microsoft .NET Framework 4 Client Profile
“{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}” = Windows Live Remote Service Resources
“{F83E9BF0-B8D8-3D68-9E07-7505290C2202}” = Microsoft .NET Framework 4 Client Profile DAN Language Pack
“CCleaner” = CCleaner
“Microsoft .NET Framework 4 Client Profile” = Microsoft .NET Framework 4 Client Profile
“Microsoft .NET Framework 4 Client Profile DAN Language Pack” = Microsoft .NET Framework 4 Client Profile DAN sprogpakke
“Microsoft .NET Framework 4 Extended” = Microsoft .NET Framework 4 Extended
“Microsoft Security Client” = Microsoft Security Essentials
“ProInst” = Intel PROSet Wireless
“SynTPDeinstKey” = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{00884F14-05BD-4D8E-90E5-1ABF78948CA4}” = Windows Live Mesh
“{01FB4998-33C4-4431-85ED-079E3EEFE75D}” = CyberLink YouCam
“{0659C351-D5AB-F8FD-9074-EA33FEA26149}” = YouSee Player
“{07AF6797-0CF6-FFBB-FDE3-CC51D3B5F342}” = Catalyst Control Center Graphics Previews Common
“{07FA4960-B038-49EB-891B-9F95930AA544}” = HP Customer Experience Enhancements
“{08523528-BA2F-43BB-87E3-252C081872B9}” = Catalyst Control Center - Branding
“{09B7C7EB-3140-4B5E-842F-9C79A7137139}” = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
“{0B0F231F-CE6A-483D-AA23-77B364F75917}” = Windows Live Installer
“{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}” = Windows Liven sähköposti
“{0CC1F1A2-D8BD-4441-9581-9BFB7881E368}” = HP Software Framework
“{10186F1A-6A14-43DF-A404-F0105D09BB07}” = Windows Live Mail
“{110668B7-54C6-47C9-BAC4-1CE77F156AF5}” = Windows Live Mesh
“{1111706F-666A-4037-7777-211328764D10}” = JavaFX 2.1.1
“{11417707-1F72-4279-95A3-01E0B898BBF5}” = Windows Live Mesh
“{120F4744-38ED-FB1E-F313-A7A7E419A71E}” = CCC Help Chinese Traditional
“{133D9D67-D475-4407-AC3C-D558087B2453}” = Windows Live Movie Maker
“{135AAD7D-FB4A-800C-E7F2-58D02B936C38}” = Catalyst Control Center Localization All
“{16B7BDA1-B967-4D2D-8B27-E12727C28350}” = HP CoolSense
“{178EA4CE-9622-76B4-308F-73FEC150DBB4}” = CCC Help Norwegian
“{196467F1-C11F-4F76-858B-5812ADC83B94}” = MSXML 4.0 SP3 Parser
“{19BA08F7-C728-469C-8A35-BFBD3633BE08}” = Windows Live Movie Maker
“{1A72337E-D126-4BAF-AC89-E6122DB71866}” = Windows Liven valokuvavalikoima
“{1AE85A98-397D-B62B-0D21-3F7DC93F4F3A}” = CCC Help Swedish
“{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
“{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}” = Junk Mail filter update
“{200FEC62-3C34-4D60-9CE8-EC372E01C08F}” = Windows Live SOXE Definitions
“{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}” = Windows Live UX Platform Language Pack
“{24DF33E0-F924-4D0D-9B96-11F28F0D602D}” = Windows Live UX Platform Language Pack
“{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}” = Windows Live Writer
“{26A24AE4-039D-4CA4-87B4-2F83216022F0}” = Java(TM) 6 Update 22
“{26A24AE4-039D-4CA4-87B4-2F83216031FF}” = Java(TM) 6 Update 31
“{26A24AE4-039D-4CA4-87B4-2F83217005FF}” = Java(TM) 7 Update 5
“{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}” = HP Quick Launch
“{28B9D2D8-4304-483F-AD71-51890A063A74}” = Windows Live Photo Common
“{2902F983-B4C1-44BA-B85D-5C6D52E2C441}” = Windows Live Mesh ActiveX Control for Remote Connections
“{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}” = Windows Live Messenger
“{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}” = Windows Live Writer Resources
“{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App” = Update Installer for WildTangent Games App
“{31A559C1-9E4D-423B-9DD3-34A6C5398752}” = HTC BMP USB Driver
“{3336F667-9049-4D46-98B6-4C743EEBC5B1}” = Windows Live Photo Gallery
“{339F5A1B-8DB7-E4F8-0A07-EF35B60EBE53}” = CCC Help Portuguese
“{34F4D9A4-42C2-4348-BEF4-E553C84549E7}” = Windows Live Photo Gallery
“{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}” = opensource
“{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}” = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
“{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}” = Windows Live Mesh
“{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}” = Intel(R) Rapid Storage Technology
“{412308A1-73B4-A26B-57A8-BE827ADA9BF9}” = Catalyst Control Center Profiles Mobile
“{423FBEB8-21C6-4720-A8DA-B19B06FDB607}” = HP SimplePass 2012
“{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}” = Windows Live Photo Gallery
“{459F2CFC-D6E0-48EA-BF86-C6C9EE5F405F}” = Adobe Shockwave Player 11.6
“{47FA2C44-D148-4DBC-AF60-B91934AA4842}” = Adobe AIR
“{48657AA5-5A07-4C3A-8ED8-8B7CA4A9707C}” = OpenOffice.org 3.3
“{4A03706F-666A-4037-7777-5F2748764D10}” = Java Auto Updater
“{4A04DB63-8F81-4EF4-9D09-61A2057EF419}” = Windows Live Essentials
“{4A6937DA-DABE-31C9-C433-D67C640B7BED}” = CCC Help Italian
“{4B744C85-DBB1-4038-B989-4721EB22C582}” = Windows Live Messenger
“{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}” = Windows Live Meshin etäyhteyksien ActiveX-komponentti
“{52594AFD-2797-356A-CC6F-57047524F1E1}” = CCC Help Japanese
“{5442DAB8-7177-49E1-8B22-09A049EA5996}” = Renesas Electronics USB 3.0 Host Controller Driver
“{54F0ED3B-BD05-4B41-BCFC-E03FE2DDFF1D}” = HP Documentation
“{57220148-3B2B-412A-A2E0-82B9DF423696}” = Windows Live Mesh ActiveX-objekt til fjernforbindelser
“{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}” = Windows Live UX Platform Language Pack
“{5C2F5C1B-9732-4F81-8FBF-6711627DC508}” = Windows Live Fotogalleri
“{5C7F3D35-9018-A839-3B9C-E50B517B9458}” = CCC Help Hungarian
“{5CA75999-3DDE-7B58-3394-38A4E82D8466}” = Catalyst Control Center InstallProxy
“{60CD8628-DDD9-B498-A368-D01A4793CCFA}” = CCC Help Dutch
“{612C34C7-5E90-47D8-9B5C-0F717DD82726}” = swMSM
“{65153EA5-8B6E-43B6-857B-C6E4FC25798A}” = Intel(R) Management Engine Components
“{682B3E4F-696A-42DE-A41C-4C07EA1678B4}” = Windows Live SOXE
“{6866ADAD-71F1-D306-B979-6371D8C4411A}” = CCC Help German
“{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}” = Windows Live Writer Resources
“{6A67578E-095B-4661-88F7-0B199CEC3371}” = Windows Live Messenger
“{6D6664A9-3342-4948-9B7E-034EFE366F0F}” = HTC Driver Installer
“{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}” = Windows Live Movie Maker
“{6F340107-F9AA-47C6-B54C-C3A19F11553F}” = Hewlett-Packard ACLM.NET v1.1.2.0
“{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}” = HP Support Assistant
“{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp” = WildTangent Games App (HP Games)
“{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}” = Microsoft Visual C++ 2005 Redistributable
“{7257132D-7F65-41E6-A90F-43BF6099461A}” = Intel(R) WiDi
“{734104DE-C2BF-412F-BB97-FCCE1EC94229}” = Windows Live Writer Resources
“{76D0E682-0183-E295-FA4C-DA6763669CCA}” = CCC Help English
“{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}” = Windows Live Photo Common
“{827D3E4A-0186-48B7-9801-7D1E9DD40C07}” = Windows Live Essentials
“{83C292B7-38A5-440B-A731-07070E81A64F}” = Windows Live PIMT Platform
“{8833FFB6-5B0C-4764-81AA-06DFEED9A476}” = Realtek Ethernet Controller Driver
“{885F1BCD-C344-4758-85BD-09640CF449A5}” = Windows Live Photo Gallery
“{8909CFA8-97BF-4077-AC0F-6925243FFE08}” = Windows Liven asennustyökalu
“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
“{8C6D6116-B724-4810-8F2D-D047E6B7D68E}” = Mesh Runtime
“{8CF5D47D-27B7-49D6-A14F-10550B92749D}” = Windows Live UX Platform Language Pack
“{8DB85CDE-EC37-A333-05B1-23846D03F08D}” = CCC Help Russian
“{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}” = MSVCRT
“{8F6285DB-2536-7EDE-23D2-CA10E2D6399C}” = CCC Help French
“{90140011-0066-0406-0000-0000000FF1CE}” = Microsoft Office Starter 2010 - dansk
“{924B4D82-1B97-48EB-8F1E-55C4353C22DB}” = Windows Live Mail
“{92EA4134-10D1-418A-91E1-5A0453131A38}” = Windows Live Movie Maker
“{95140000-0070-0000-0000-0000000FF1CE}” = Microsoft Office 2010
“{9A25302D-30C0-39D9-BD6F-21E6EC160475}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
“{9BE518E6-ECC6-35A9-88E4-87755C07200F}” = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
“{9D56775A-93F3-44A3-8092-840E3826DE30}” = Windows Live Mail
“{A0C91188-C88F-4E86-93E6-CD7C9A266649}” = Windows Live Mesh
“{A726AE06-AAA3-43D1-87E3-70F510314F04}” = Windows Live Writer
“{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}” = Windows Live Photo Common
“{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}” = HTC Sync
“{AC76BA86-7AD7-FFFF-7B44-AA0000000001}” = Adobe Reader X (10.1.4) MUI
“{AE856388-AFAD-4753-81DF-D96B19D0A17C}” = HP Setup Manager
“{B357B619-36C5-7C1E-063B-92677609CB14}” = CCC Help Danish
“{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1” = Spybot - Search & Destroy
“{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}” = HP Connection Manager
“{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}” = HP QuickWeb
“{BDEB2CF5-C1C5-BCC8-DF29-1EE4CF389F9D}” = CCC Help Turkish
“{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}” = Windows Live Messenger
“{C01A86F5-56E7-101F-9BC9-E3F1025EB779}” = Intel(R) Identity Protection Technology 1.1.2.0
“{C1557D39-C05A-4680-9117-56AEEB2134FE}” = Eovendo
“{C1594429-8296-4652-BF54-9DBE4932A44C}” = Realtek PCIE Card Reader
“{C5D8263A-4D81-8979-91DE-B10120642FC5}” = Catalyst Control Center
“{C66824E4-CBB3-4851-BB3F-E8CFD6350923}” = Windows Live Mail
“{CD442136-9115-4236-9C14-278F6A9DCB3F}” = Windows Live Movie Maker
“{CD7CB1E6-267A-408F-877D-B532AD2C882E}” = Windows Live Photo Common
“{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}” = Windows Live UX Platform
“{CEEE5B98-96F1-2F1E-0627-853C5F98DE41}” = CCC Help Finnish
“{CF48FF43-B417-637C-C804-0F285FD7ED05}” = CCC Help Spanish
“{CF671BFE-6BA3-44E7-98C1-500D9C51D947}” = Windows Live Photo Gallery
“{CF6A05D4-E715-BCF4-9ED2-A3307E386D28}” = CCC Help Czech
“{D0B44725-3666-492D-BEF6-587A14BD9BD9}” = MSVCRT_amd64
“{D31169F2-CD71-4337-B783-3E53F29F4CAD}” = Windows Live Mail
“{D436F577-1695-4D2F-8B44-AC76C99E0002}” = Windows Live Photo Common
“{D45240D3-B6B3-4FF9-B243-54ECE3E10066}” = Windows Live Communications Platform
“{DA29F644-2420-4448-8128-1331BE588999}” = Windows Live Writer
“{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}” = Windows Live Movie Maker
“{DB2C5E6A-CFDD-D6FD-480E-692EBEC17BFC}” = CCC Help Greek
“{DBCD5E64-7379-4648-9444-8A6558DCB614}” = HP Recovery Manager
“{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}” = Windows Live Writer
“{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}” = Windows Live Writer Resources
“{DECDCB7C-58CC-4865-91AF-627F9798FE48}” = Windows Live Mesh
“{E09C4DB7-630C-4F06-A631-8EA7239923AF}” = D3DX10
“{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}” = IDT Audio
“{E44578C7-4667-4124-8BC2-1161BCA54978}” = HP Power Manager
“{E59E0B3D-F840-5910-DF8C-73CFA82613C2}” = CCC Help Polish
“{E5B21F11-6933-4E0B-A25C-7963E3C07D11}” = Windows Live Messenger
“{E5DD4723-FE0B-436E-A815-DC23CF902A0B}” = Windows Live UX Platform Language Pack
“{E635F3DC-E92B-6E68-A2E7-BF77298E8584}” = PX Profile Update
“{E77268D6-5E7F-6DE1-34AC-A1A276710C21}” = CCC Help Chinese Standard
“{E8524B28-3BBB-4763-AC83-0E83FE31C350}” = Windows Live Writer
“{E96CAA2A-0244-4A2A-8403-0C3C9534778B}” = ESU for Microsoft Windows 7 SP1
“{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}” = Windows Live Writer Resources
“{ED1BD69A-07E3-418C-91F1-D856582581BF}” = HP On Screen Display
“{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}” = Skype™ 5.8
“{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}” = Microsoft SQL Server 2005 Compact Edition [ENU]
“{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}” = Intel(R) Display Audio Driver
“{F0F9505B-3ACF-4158-9311-D0285136AA00}” = Windows Live Essentials
“{F5C7356C-463C-75BC-E4E0-324E4516EB73}” = CCC Help Thai
“{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}” = HP Setup
“{F761359C-9CED-45AE-9A51-9D6605CD55C4}” = Evernote v. 4.2.3
“{F833B666-1D46-4C21-8A2F-DF2080995741}” = calibre
“{F8A9085D-4C7A-41a9-8A77-C8998A96C421}” = Intel(R) Control Center
“{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}” = Windows Live Essentials
“{FFFA0584-8E3D-4195-8283-CCA3AD73C746}” = Windows Live Messenger
“{AA16FAFC-CCD3-899B-2860-A709BDE31CDC}” = CCC Help Korean
“{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}” = Windows Live Writer
“{AAF454FC-82CA-4F29-AB31-6A109485E76E}” = Windows Live Writer
“Adobe AIR” = Adobe AIR
“Adobe Flash Player ActiveX” = Adobe Flash Player 11 ActiveX
“Adobe Flash Player Plugin” = Adobe Flash Player 11 Plugin
“Adobe Shockwave Player” = Adobe Shockwave Player 11.6
“am-islandtribe” = Island Tribe
“BFGC” = Big Fish Games: Game Manager
“BFG-Chicken Invaders 4 - Ultimate Omelette Easter Edition” = Chicken Invaders 4: Ultimate Omelette Easter Edition
“BFG-Fix-it-up - Kates Adventure” = Fix-it-up: Kate`s Adventure
“BFG-Fix-It-Up - World Tour” = Fix-It-Up: World Tour
“BFG-Fix-It-Up Eighties - Meet Kate’s Parents” = Fix-It-Up Eighties: Meet Kate’s Parents
“BFG-Magic Farm - Ultimate Flower” = Magic Farm: Ultimate Flower
“BFG-Magic Farm 2 - Fairy Lands” = Magic Farm 2: Fairy Lands
“BFG-My Kingdom for the Princess” = My Kingdom for the Princess
“BFG-My Kingdom for the Princess II” = My Kingdom for the Princess II
“BFG-My Kingdom for the Princess III” = My Kingdom for the Princess III
“BFG-Roads of Rome” = Roads of Rome
“BFG-Royal Envoy 2” = Royal Envoy 2
“BFG-The Fifth Gate” = The Fifth Gate
“BFG-The Promised Land” = The Promised Land
“BFG-Virtual Villagers - New Believers” = Virtual Villagers: New Believers
“BFG-Virtual Villagers - The Tree of Life” = Virtual Villagers: The Tree of Life
“Browser Defender_is1” = Browser Guard 4.0
“Digital Editions” = Adobe Digital Editions
“dk.in2media.yousee.youseeplayer” = YouSee Player
“EasyBits Magic Desktop” = Magic Desktop
“Heimdal” = Heimdal
“InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}” = CyberLink YouCam
“InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}” = Renesas Electronics USB 3.0 Host Controller Driver
“Malwarebytes’ Anti-Malware_is1” = Malwarebytes Anti-Malware version 1.62.0.1300
“Office14.Click2Run” = Microsoft Office Klik og kør 2010
“ProInst” = Intel PROSet Wireless
“Spyware Doctor” = PC Tools Spyware Doctor 9.0
“uTorrent” = µTorrent
“VIP Access SDK” = VIP Access SDK (1.0.1.2)
“VLC media player” = VLC media player 2.0.1
“WildTangent hp Master Uninstall” = HP Games
“WinLiveSuite” = Windows Live Essentials
“WTA-12319a7d-2cdd-4121-97ba-4419d1270dfe” = The Treasures of Mystery Island: The Ghost Ship
“WTA-1953f37a-1db9-41db-9792-02a94e2f2db5” = Polar Bowler
“WTA-22c5c33e-6172-4cf2-b614-954cbc35b628” = Luxor HD
“WTA-2545726b-d3d9-40bb-81c8-dbe38d2105d4” = RollerCoaster Tycoon 3: Platinum
“WTA-30e3cf1b-93da-40ef-9b65-c3bcbe61809c” = Penguins!
“WTA-31307a27-099d-44ab-a6b6-33bd31d0ce38” = Letters from Nowhere 2
“WTA-348b79c1-723c-40da-9880-1dd0fb32b5c9” = Plants vs. Zombies - Game of the Year
“WTA-386f8400-6284-46da-b158-0032eeffb206” = Jewel Match 3
“WTA-3a88b7fe-dd28-4ab2-a9ce-41f42f75440f” = FATE
“WTA-3d1efdbc-a12e-49a9-9cfc-e2a5859b262a” = Farm Frenzy
“WTA-44a645a8-fbfc-44dd-9743-aa698dd7a9cf” = Cradle of Rome 2
“WTA-47377c30-874b-4cf4-9185-2820a443a877” = Dora’s World Adventure
“WTA-4b498980-6cbe-4dbb-8beb-4a283a9fee69” = Blackhawk Striker 2
“WTA-5d4ec27d-4ba6-4285-bb16-c9900c571d21” = Hoyle Card Games
“WTA-6006e6d9-233a-4fee-8474-e57da84e52b0” = Bejeweled 3
“WTA-60850065-67b9-4e6a-9af6-67a87fad9760” = Jewel Quest Mysteries: The Seventh Gate Collector’s Edition
“WTA-64b0cec8-7740-4a08-8697-c144c89e12de” = Zuma’s Revenge
“WTA-843aa759-b525-4cbd-a256-a133e0a4ae52” = Final Drive Fury
“WTA-8da78c0e-68b9-437d-a2dc-a55b0270f125” = Farmscapes
“WTA-8aa9b055-9ecb-4118-8acf-f2d6b677bdef” = Torchlight
“WTA-a7249167-b7ec-4009-a8af-9929ed58ba25” = Virtual Villagers 4 - The Tree of Life
“WTA-af5fac54-fd56-4862-8f8a-a2e66768aa75” = Mah Jong Medley
“WTA-c7efc018-8e75-422c-b555-e760f7f10438” = Poker Superstars III
“WTA-cbf08536-d404-4e8c-b3d1-a8d45582b422” = John Deere Drive Green
“WTA-ce08d9d0-5207-47da-b321-7fa4b3192d74” = Chuzzle Deluxe
“WTA-d2341c8c-ef2c-41eb-a2b0-d6e5cac6a351” = Polar Golfer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“Dropbox” = Dropbox
“Google Chrome” = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01-08-2012 03:01:14 | Computer Name = Ibenspc2012-HP | Source = WinMgmt | ID = 10
Description =

Error - 01-08-2012 03:11:16 | Computer Name = Ibenspc2012-HP | Source = CVHSVC | ID = 100
Description = Kun oplysninger.  (Patch task for {90140011-0066-0406-0000-0000000FF1CE}):
DownloadLatest Failed: Der er ingen aktiv netværksforbindelse i øjeblikket. BITS
(Background Intelligent Transfer Service) prøver igen, når der er tilsluttet et
netværkskort. 

Error - 01-08-2012 16:34:18 | Computer Name = Ibenspc2012-HP | Source = WinMgmt | ID = 10
Description =

Error - 02-08-2012 02:39:26 | Computer Name = Ibenspc2012-HP | Source = WinMgmt | ID = 10
Description =

Error - 02-08-2012 02:41:13 | Computer Name = Ibenspc2012-HP | Source = Google Update | ID = 20
Description =

Error - 02-08-2012 14:02:11 | Computer Name = Ibenspc2012-HP | Source = Google Update | ID = 20
Description =

Error - 02-08-2012 16:34:21 | Computer Name = Ibenspc2012-HP | Source = Google Update | ID = 20
Description =

Error - 02-08-2012 16:44:55 | Computer Name = Ibenspc2012-HP | Source = Google Update | ID = 20
Description =

Error - 03-08-2012 01:07:55 | Computer Name = Ibenspc2012-HP | Source = WinMgmt | ID = 10
Description =

Error - 03-08-2012 08:47:44 | Computer Name = Ibenspc2012-HP | Source = WinMgmt | ID = 10
Description =

[ Hewlett-Packard Events ]
Error - 01-05-2012 13:44:09 | Computer Name = Ibenspc2012-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 08-05-2012 10:50:22 | Computer Name = Ibenspc2012-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 08-05-2012 10:53:15 | Computer Name = Ibenspc2012-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 15-05-2012 10:53:48 | Computer Name = Ibenspc2012-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 19-06-2012 17:35:02 | Computer Name = Ibenspc2012-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   ved HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category)    ved HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

  ved HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan)  Message: Failed to perform update.  StackTrace:  ved HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category)    ved HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

  ved HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Objektet ‘/48302afd_2e93_4276_838a_901102766de3/0obzdmto+sxd9mgnjuhzwvgx_5.rem’
er blevet afbrudt eller findes ikke på serveren.  Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
da-DK RAM: 8139 Ram Utilization: 20 TargetSite: Void UpdateDetail(System.String) 

Error - 19-06-2012 17:35:51 | Computer Name = Ibenspc2012-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10-07-2012 17:39:42 | Computer Name = Ibenspc2012-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   ved HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category)    ved HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

  ved HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan)  Message: Failed to perform update.  StackTrace:  ved HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category)    ved HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

  ved HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Objektet ‘/5344f9e4_7673_40f9_b026_46d15dd8649b/yqoksnydwb3qzhtbtowlieoh_5.rem’
er blevet afbrudt eller findes ikke på serveren.  Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
da-DK RAM: 8139 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String) 

Error - 19-07-2012 20:43:33 | Computer Name = Ibenspc2012-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 07-08-2012 15:38:06 | Computer Name = Ibenspc2012-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   ved HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category)    ved HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

  ved HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan)  Message: Failed to perform update.  StackTrace:  ved HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category)    ved HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

  ved HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Objektet ‘/d375576d_e090_4966_971d_d93090a4b576/w4hwi6smdjge_jdudqhuvnir_5.rem’
er blevet afbrudt eller findes ikke på serveren.  Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
da-DK RAM: 8139 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String) 

Error - 14-08-2012 15:49:12 | Computer Name = Ibenspc2012-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   ved HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category)    ved HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

  ved HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan)  Message: Failed to perform update.  StackTrace:  ved HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category)    ved HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

  ved HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Objektet ‘/da7c436a_00b7_472a_a82a_81facba6326c/7oei_7vo2bdglcqaugf7hi9c_5.rem’
er blevet afbrudt eller findes ikke på serveren.  Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
da-DK RAM: 8139 Ram Utilization:  TargetSite: Void UpdateDetail(System.String) 

[ HP Connection Manager Events ]
Error - 15-08-2012 08:04:40 | Computer Name = Ibenspc2012-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/15 14:04:40.420|00001D0C|Error     |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 16-08-2012 08:02:37 | Computer Name = Ibenspc2012-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/16 14:02:37.909|00001EDC|Error     |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 16-08-2012 19:05:41 | Computer Name = Ibenspc2012-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/17 01:05:41.361|00001468|Error     |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 16-08-2012 19:05:42 | Computer Name = Ibenspc2012-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/17 01:05:42.500|00001468|Error     |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 17-08-2012 20:25:47 | Computer Name = Ibenspc2012-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/18 02:25:47.749|000004E8|Error     |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 18-08-2012 07:58:57 | Computer Name = Ibenspc2012-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/18 13:58:57.612|00001978|Error     |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 19-08-2012 19:42:41 | Computer Name = Ibenspc2012-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/20 01:42:41.385|00001CE4|Error     |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 20-08-2012 19:45:44 | Computer Name = Ibenspc2012-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/21 01:45:44.949|000014C4|Error     |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 21-08-2012 07:57:53 | Computer Name = Ibenspc2012-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/21 13:57:53.087|00001984|Error     |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 21-08-2012 19:00:33 | Computer Name = Ibenspc2012-HP | Source = hpCMSrv | ID = 5
Description = 2012/08/22 01:00:33.194|0000077C|Error     |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ HP Software Framework Events ]
Error - 02-05-2012 23:22:47 | Computer Name = Ibenspc2012-HP | Source = CaslWmi | ID = 5
Description = 2012-05-03 05:22:47.375|000015A0|Error     |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 03-05-2012 09:33:58 | Computer Name = Ibenspc2012-HP | Source = CaslWmi | ID = 5
Description = 2012-05-03 15:33:58.589|00001508|Error     |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 03-05-2012 23:41:02 | Computer Name = Ibenspc2012-HP | Source = CaslWmi | ID = 5
Description = 2012-05-04 05:41:02.211|00001828|Error     |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 05-05-2012 12:46:00 | Computer Name = Ibenspc2012-HP | Source = CaslWmi | ID = 5
Description = 2012-05-05 18:46:00.476|000019AC|Error     |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 05-05-2012 23:10:51 | Computer Name = Ibenspc2012-HP | Source = CaslWmi | ID = 5
Description = 2012-05-06 05:10:51.129|0000148C|Error     |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 06-05-2012 09:43:24 | Computer Name = Ibenspc2012-HP | Source = CaslWmi | ID = 5
Description = 2012-05-06 15:43:24.851|00001598|Error     |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 07-05-2012 02:45:12 | Computer Name = Ibenspc2012-HP | Source = CaslWmi | ID = 5
Description = 2012-05-07 08:45:12.311|00001150|Error     |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 08-05-2012 01:57:16 | Computer Name = Ibenspc2012-HP | Source = CaslWmi | ID = 5
Description = 2012-05-08 07:57:16.836|000007A4|Error     |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 08-05-2012 10:49:31 | Computer Name = Ibenspc2012-HP | Source = CaslWmi | ID = 5
Description = 2012-05-08 16:49:31.676|00001D64|Error     |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 08-05-2012 10:49:35 | Computer Name = Ibenspc2012-HP | Source = CaslWmi | ID = 5
Description = 2012-05-08 16:49:35.500|000020A4|Error     |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ System Events ]
Error - 01-05-2012 15:20:25 | Computer Name = Ibenspc2012-HP | Source = DCOM | ID = 10010
Description =

Error - 21-05-2012 07:57:19 | Computer Name = Ibenspc2012-HP | Source = DCOM | ID = 10010
Description =

Error - 21-05-2012 18:41:30 | Computer Name = Ibenspc2012-HP | Source = DCOM | ID = 10010
Description =

Error - 26-05-2012 13:36:52 | Computer Name = Ibenspc2012-HP | Source = BROWSER | ID = 8032
Description =

Error - 03-06-2012 23:57:21 | Computer Name = Ibenspc2012-HP | Source = DCOM | ID = 10010
Description =

Error - 13-06-2012 20:48:45 | Computer Name = Ibenspc2012-HP | Source = DCOM | ID = 10010
Description =


< End of report >

Jeg fjerner Spywaredoctor, for det er ikke meget værd.

•  Start OTL
•  Kopier nedenstånde med fed skrift ind i Custom Scan feltet

:Services
:OTL
PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: “URL” = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: “URL” = http://dk.search.yahoo.com/search?p={searchTerms}&ei;={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: “URL” = http://da.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/5
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/5
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2A73010C-D304-4296-A568-A05A8B6F3DBA}: “URL” = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link;_code=qs&index=aps&field;-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: “URL” = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: “URL” = http://dk.search.yahoo.com/search?p={searchTerms}&ei;={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: “URL” = http://da.wikipedia.org/wiki/Special:Search?search={searchTerms}

:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]

•  Klik på  Run Fix - Knappen
•  Hvis OTL spørger om at genstarte, så sig ja.
•  Klik på OK.
•  En log vil åbne, kopier den herind i dit næste svar.
• 
•  Ellers kan den findes her:
•    C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss

Hent Combofix, og gem den på dit skrivebord:
Her

NB -> Deaktiver dit antivirus/antispyware program. Da det/de kan ”forstyrre” og konflikte med combofix, eller fjerne vigtige combofix filer, hvilket kan få computeren til fryse.

Kør så combofix.exe, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Den kan også findes her - > C: combofix txt

Her var først den fra OTL:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
No active process named Program Files was found!
No active process named Program Files was found!
No active process named Program Files was found!
No active process named Program Files was found!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2A73010C-D304-4296-A568-A05A8B6F3DBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A73010C-D304-4296-A568-A05A8B6F3DBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ deleted successfully.
C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{657B7956-3D9A-4B16-8047-9D8CF8F808A8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{657B7956-3D9A-4B16-8047-9D8CF8F808A8}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
ADS C:\ProgramData\Temp:FD786DCA deleted successfully.
ADS C:\ProgramData\Temp:EE7A6A39 deleted successfully.
ADS C:\ProgramData\Temp:A6B07419 deleted successfully.
ADS C:\ProgramData\Temp:9CF728A6 deleted successfully.
ADS C:\ProgramData\Temp:E5BA9ADD deleted successfully.
ADS C:\ProgramData\Temp:38FF076E deleted successfully.
ADS C:\ProgramData\Temp:3571475C deleted successfully.
ADS C:\ProgramData\Temp:A843AC18 deleted successfully.
ADS C:\ProgramData\Temp:99AC3203 deleted successfully.
ADS C:\ProgramData\Temp:27F44544 deleted successfully.
ADS C:\ProgramData\Temp:663B62CA deleted successfully.
ADS C:\ProgramData\Temp:D2397415 deleted successfully.
ADS C:\ProgramData\Temp:ADFAD95A deleted successfully.
ADS C:\ProgramData\Temp:12EA4DC9 deleted successfully.
ADS C:\ProgramData\Temp:1B9E79B3 deleted successfully.
ADS C:\ProgramData\Temp:11EFE63D deleted successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:258D2F8B deleted successfully.
ADS C:\ProgramData\Temp:F3591DDB deleted successfully.
ADS C:\ProgramData\Temp:E153075C deleted successfully.
ADS C:\ProgramData\Temp:8C12CFCD deleted successfully.
ADS C:\ProgramData\Temp:F98E6C67 deleted successfully.
ADS C:\ProgramData\Temp:801ED9DF deleted successfully.
ADS C:\ProgramData\Temp:6E3C585B deleted successfully.
ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
ADS C:\ProgramData\Temp:8AC20936 deleted successfully.
ADS C:\ProgramData\Temp:29C0641D deleted successfully.
ADS C:\ProgramData\Temp:6DDFD746 deleted successfully.
ADS C:\ProgramData\Temp:3C9B05C4 deleted successfully.
ADS C:\ProgramData\Temp:9F50A55A deleted successfully.
ADS C:\ProgramData\Temp:60C897F3 deleted successfully.
ADS C:\ProgramData\Temp:0AE2C68F deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-konfiguration
DNS Resolver Cache blev t›mt.
C:\Users\Ibenspc2012\Downloads\cmd.bat deleted successfully.
C:\Users\Ibenspc2012\Downloads\cmd.txt deleted successfully.
C:\Program Files (x86)\Common Files\PC Tools\TDI folder moved successfully.
C:\Program Files (x86)\Common Files\PC Tools\pctEFA folder moved successfully.
C:\Program Files (x86)\Common Files\PC Tools\Lsp folder moved successfully.
C:\Program Files (x86)\Common Files\PC Tools\KDS folder moved successfully.
C:\Program Files (x86)\Common Files\PC Tools\GenTDI folder moved successfully.
C:\Program Files (x86)\Common Files\PC Tools folder moved successfully.
C:\ProgramData\PC Tools\Temp folder moved successfully.
C:\ProgramData\PC Tools\PC Tools Internet Security\SpamMonitor folder moved successfully.
C:\ProgramData\PC Tools\PC Tools Internet Security folder moved successfully.
C:\ProgramData\PC Tools\DownloadManager\SecurityScanner folder moved successfully.
C:\ProgramData\PC Tools\DownloadManager\SecurityPackage folder moved successfully.
C:\ProgramData\PC Tools\DownloadManager\SecurityLanguageFiles folder moved successfully.
C:\ProgramData\PC Tools\DownloadManager\SecurityDatabase folder moved successfully.
C:\ProgramData\PC Tools\DownloadManager\Security\7.0.0.0\SD\NRM\1 folder moved successfully.
C:\ProgramData\PC Tools\DownloadManager\Security\7.0.0.0\SD\NRM folder moved successfully.
C:\ProgramData\PC Tools\DownloadManager\Security\7.0.0.0\SD folder moved successfully.
C:\ProgramData\PC Tools\DownloadManager\Security\7.0.0.0 folder moved successfully.
C:\ProgramData\PC Tools\DownloadManager\Security folder moved successfully.
C:\ProgramData\PC Tools\DownloadManager folder moved successfully.
C:\ProgramData\PC Tools folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: buildbot
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ibenspc2012
->Temp folder emptied: 44514612 bytes
->Temporary Internet Files folder emptied: 2682200 bytes
->Java cache emptied: 965092 bytes
->Google Chrome cache emptied: 127252069 bytes
->Flash cache emptied: 15340861 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1714511 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3729226 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50383 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 187,00 mb


[EMPTYFLASH]

User: All Users

User: buildbot

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Ibenspc2012
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: buildbot

User: Default

User: Default User

User: Ibenspc2012
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08222012_220728

Files\Folders moved on Reboot…
C:\Users\Ibenspc2012\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files…

Registry entries deleted on Reboot…

Og combofix:

ComboFix 12-08-22.03 - Ibenspc2012 22-08-2012 22:19:46.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.45.1030.18.8140.5473 [GMT 2:00]
Kører fra: c:\users\Ibenspc2012\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: PC Tools Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2012-07-22 til 2012-08-22 )))))))))))))))))))))))))))))))))))
.
.
2012-08-22 20:27 . 2012-08-22 20:27   ————  d——-w-  c:\users\Default\AppData\Local\temp
2012-08-22 20:27 . 2012-08-22 20:27   ————  d——-w-  c:\users\buildbot\AppData\Local\temp
2012-08-22 20:11 . 2012-08-22 20:11   ————  d——-w-  c:\programdata\PC Tools
2012-08-22 20:11 . 2012-08-22 20:11   ————  d——-w-  c:\program files (x86)\Common Files\PC Tools
2012-08-22 20:07 . 2012-08-22 20:07   ————  d——-w-  C:\_OTL
2012-08-22 08:57 . 2012-08-01 22:58   9309624   ——a-w-  c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62BAFB5E-A6E9-40B2-9436-17762D8911BF}\mpengine.dll
2012-08-21 23:16 . 2012-06-22 09:39   85224   ——a-w-  c:\windows\system32\drivers\PCTBD64.sys
2012-08-21 23:16 . 2012-06-22 09:38   767960   ——a-w-  c:\windows\BDTSupport.dll
2012-08-21 23:16 . 2012-06-22 09:39   149464   ——a-w-  c:\windows\SGDetectionTool.dll
2012-08-21 23:16 . 2012-06-22 09:39   2267096   ——a-w-  c:\windows\PCTBDCore.dll
2012-08-21 23:16 . 2012-06-22 09:39   1689560   ——a-w-  c:\windows\PCTBDRes.dll
2012-08-21 23:15 . 2012-06-22 13:29   145464   ——a-w-  c:\windows\system32\drivers\pctwfpfilter64.sys
2012-08-21 23:15 . 2012-06-22 13:29   341200   ——a-w-  c:\windows\system32\drivers\pctgntdi64.sys
2012-08-21 23:15 . 2012-06-22 13:33   14808   ——a-w-  c:\windows\system32\drivers\pctBTFix64.sys
2012-08-21 23:15 . 2012-06-22 13:35   92928   ——a-w-  c:\windows\system32\drivers\pctplsg64.sys
2012-08-21 23:15 . 2012-08-21 23:15   ————  d——-w-  c:\program files (x86)\PC Tools
2012-08-21 23:11 . 2012-02-28 09:43   1096176   ——a-w-  c:\windows\system32\drivers\pctEFA64.sys
2012-08-21 23:11 . 2012-02-28 09:43   453896   ——a-w-  c:\windows\system32\drivers\pctDS64.sys
2012-08-21 23:11 . 2012-04-23 10:36   426616   ——a-w-  c:\windows\system32\drivers\PCTCore64.sys
2012-08-21 23:11 . 2012-06-22 13:35   251560   ——a-w-  c:\windows\system32\drivers\PCTSD64.sys
2012-08-21 23:11 . 2012-08-21 23:11   ————  d——-w-  c:\users\Ibenspc2012\AppData\Roaming\TestApp
2012-08-21 22:31 . 2012-08-21 22:59   ————  d——-w-  c:\programdata\Spybot - Search & Destroy
2012-08-21 22:31 . 2012-08-21 22:31   ————  d——-w-  c:\program files (x86)\Spybot - Search & Destroy
2012-08-21 20:27 . 2012-08-01 22:58   9309624   ——a-w-  c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-21 20:21 . 2012-08-21 20:21   ————  d——-w-  c:\users\Ibenspc2012\AppData\Roaming\Malwarebytes
2012-08-21 20:21 . 2012-08-21 20:21   ————  d——-w-  c:\program files (x86)\Malwarebytes’ Anti-Malware
2012-08-21 20:21 . 2012-08-21 20:21   ————  d——-w-  c:\programdata\Malwarebytes
2012-08-21 20:21 . 2012-07-03 11:46   24904   ——a-w-  c:\windows\system32\drivers\mbam.sys
2012-08-21 20:03 . 2012-08-21 20:03   ————  d——-w-  c:\program files\Enigma Software Group
2012-08-21 20:02 . 2012-08-21 20:02   ————  d——-w-  c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-21 06:15 . 2012-08-21 06:15   ————  d——-w-  c:\program files (x86)\Perion
2012-08-21 06:15 . 2012-08-21 06:15   448   ——a-w-  C:\user.js
2012-08-17 19:29 . 2012-08-17 19:29   ————  d——-w-  c:\program files (x86)\Eovendo
2012-08-12 21:40 . 2012-08-12 21:51   ————  d——-w-  c:\users\Ibenspc2012\AppData\Roaming\Farm Girl at the Nile
2012-08-12 19:49 . 2012-08-12 19:49   ————  d——-w-  c:\programdata\Eovendo
2012-08-05 10:29 . 2012-08-05 10:29   ————  d——-w-  c:\users\Ibenspc2012\AppData\Roaming\Boolat Games
2012-08-05 10:16 . 2012-08-05 10:17   ————  d——-w-  c:\program files (x86)\The Promised Land
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 12:01 . 2012-03-01 13:32   62134624   ——a-w-  c:\windows\system32\MRT.exe
2012-08-14 22:07 . 2012-04-05 05:34   426184   ——a-w-  c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 22:07 . 2011-11-16 17:49   70344   ——a-w-  c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 14:04 . 2012-06-25 14:04   1394248   ——a-w-  c:\windows\SysWow64\msxml4.dll
2012-06-22 08:43 . 2012-08-21 23:16   3488   ——a-w-  c:\windows\UDB.zip
2012-06-22 08:43 . 2012-08-21 23:16   131   ——a-w-  c:\windows\IDB.zip
2012-06-09 05:43 . 2012-07-11 09:39   14172672   ——a-w-  c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 09:39   2004480   ——a-w-  c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 09:39   1881600   ——a-w-  c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 09:39   1133568   ——a-w-  c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 09:39   1390080   ——a-w-  c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 09:39   1236992   ——a-w-  c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 09:39   805376   ——a-w-  c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-24 15:25   38424   ——a-w-  c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 15:25   2428952   ——a-w-  c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 15:25   57880   ——a-w-  c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 15:25   44056   ——a-w-  c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 15:25   701976   ——a-w-  c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 15:25   2622464   ——a-w-  c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 15:25   99840   ——a-w-  c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-24 15:24   186752   ——a-w-  c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-24 15:24   36864   ——a-w-  c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 09:39   458704   ——a-w-  c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 09:39   151920   ——a-w-  c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 09:39   95600   ——a-w-  c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 09:39   340992   ——a-w-  c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 09:39   307200   ——a-w-  c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 09:39   22016   ——a-w-  c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 09:39   225280   ——a-w-  c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 09:39   219136   ——a-w-  c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 09:39   96768   ——a-w-  c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@=”{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   94208   ——a-w-  c:\users\Ibenspc2012\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@=”{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   94208   ——a-w-  c:\users\Ibenspc2012\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@=”{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   94208   ——a-w-  c:\users\Ibenspc2012\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
“IAStorIcon”=“c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe” [2011-05-20 284440]
“StartCCC”=“c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2011-10-01 343168]
“NUSB3MON”=“c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe” [2011-04-15 113288]
“HPQuickWebProxy”=“c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe” [2011-10-08 169528]
“HP Quick Launch”=“c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe” [2011-07-11 574008]
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2012-07-27 919008]
“HPOSD”=“c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe” [2011-08-19 379960]
“HP CoolSense”=“c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe” [2011-08-26 1342008]
“Easybits Recovery”=“c:\program files (x86)\EasyBits For Kids\ezRecover.exe” [2011-09-15 61112]
“HPConnectionManager”=“c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe” [2011-09-13 103992]
“HTC Sync Loader”=“c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe” [2012-04-17 651264]
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe” [2012-01-17 252296]
“Malwarebytes’ Anti-Malware”=“c:\program files (x86)\Malwarebytes’ Anti-Malware\mbamgui.exe” [2012-07-03 462920]
“ISTray”=“c:\program files (x86)\PC Tools\PC Tools Security\pctsGui.exe” [2012-06-22 2673624]
.
c:\users\Ibenspc2012\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ibenspc2012\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-3 26868192]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Eovendo.lnk - c:\program files (x86)\Eovendo\Eovendo\Eovendo.exe [2012-8-16 4856784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
“HideFastUserSwitching”= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“EnableShellExecuteHooks”= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=“Service”
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-07-07 52736]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-07 274944]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-11 99384]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-07 59904]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-08-05 34200]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Netværksinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2012-04-23 426616]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2012-02-28 453896]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2012-02-28 1096176]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-06-22 251560]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-01 204288]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-07-13 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-07-13 1001808]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-06-22 575448]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 EOVENDO.Client.DataService;EOVENDO.Client.DataService;c:\program files (x86)\Eovendo\Eovendo\Eovendo.Client.DataService.exe [2012-07-11 791640]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424]
S2 HeimdalSecureDNS;Heimdal Secure DNS Service;c:\program files (x86)\Heimdal\HeimdalSecureDNS\DnsService.exe [2012-07-09 89232]
S2 HeimdalService;Heimdal Service;c:\program files (x86)\Heimdal\Service\HeimdalAgentService.exe [2012-07-09 135312]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-29 2413056]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes’ Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2012-06-22 402368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-01 9981952]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-01 310272]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-07-13 1321296]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-09-13 1098296]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-08-05 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-06-11 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-06-11 208896]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [2012-06-22 85224]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
—- Andre Services/Drivers i Hukommelsen—-
.
*Deregistered* - PCTSDInjDriver64
.
Indhold af mappen ‘Planlagte Opgaver’
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:07]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1099950465-931844365-3547754557-1000Core.job
- c:\users\Ibenspc2012\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21 20:43]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1099950465-931844365-3547754557-1000UA.job
- c:\users\Ibenspc2012\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21 20:43]
.
2012-08-20 c:\windows\Tasks\HPCeeScheduleForIBENSPC2012-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
2012-08-21 c:\windows\Tasks\HPCeeScheduleForIbenspc2012.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43]
.
.
————- X64 Entries—————-
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@=”{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   97792   ——a-w-  c:\users\Ibenspc2012\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@=”{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   97792   ——a-w-  c:\users\Ibenspc2012\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@=”{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   97792   ——a-w-  c:\users\Ibenspc2012\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@=”{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}”
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   97792   ——a-w-  c:\users\Ibenspc2012\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2011-08-09 167704]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2011-08-09 392472]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2011-08-09 416024]
“SysTrayApp”=“c:\program files\IDT\WDM\sttray64.exe” [2011-06-02 1128448]
“IntelPAN”=“c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe” [2011-07-28 1935120]
“BTMTrayAgent”=“c:\program files (x86)\Intel\Bluetooth\btmshell.dll” [2011-07-13 10372368]
“SetDefault”=“c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe” [2011-09-30 43320]
“MSC”=“c:\program files\Microsoft Security Client\msseces.exe” [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“LoadAppInit_DLLs”=0x0
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 193.162.153.164 194.239.134.83
.
- - - - TOMME GENVEJE FJERNET - - - -
.
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=”@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
“Enabled”=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx”
“ThreadingModel”=“Apartment”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@=“0”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@=“ShockwaveFlash.ShockwaveFlash.11”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@=”{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@=“1.0”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=“ShockwaveFlash.ShockwaveFlash”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx”
“ThreadingModel”=“Apartment”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@=“FlashFactory.FlashFactory.1”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@=”{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@=“1.0”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@=“FlashFactory.FlashFactory”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@=“IFlashBroker4”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@=”{00020424-0000-0000-C000-000000000046}”
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@=”{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Gennemført tid: 2012-08-22 22:29:25
ComboFix-quarantined-files.txt 2012-08-22 20:29
.
Pre-Kørsel: 899.820.462.080 byte ledig
Post-Kørsel: 899.296.796.672 byte ledig
.
- - End Of File - - 4F907D0F4DFB2BB70A1DAC2E8AD198BE

Lige efter, at jeg gjorde disse to ting, var den der stadig, når jeg åbnede ny fane i Chrome.

Jeg gik ind og fjernede 2 tilføjelser der lå der (de lå der ikke sidst jeg kiggede…i går) og ryddede browserhistorik efter at have sat flueben i “Ryd data fra hostede apps”, den var ikke prevalgt. Det skal også nævnes, at jeg tidligere afinstallerede både Chrome og Firefox i håb om at få den væk.

Lige nu er den væk…det er en værre bras, jeg har fået raget til mig…er den mon helt væk nu?

Jeg har også hentet Firefox igen, og der er den også væk, og der er heller ikke noget i IE.

Ellers vil jeg da bare sige, at I er enormt seje sådan at bruge tid på tosser som mig…jeg sætter virkelig pris på det !

Det lyder da godt            

Og den er ikke dukket op siden ? for der er ikke noget at se i loggen…........

Nej, der har ikke været noget, og hvis den ikke er i loggen, så er den vel væk

Tusind tak for hjælpen, I er bare nogle stjerner !

Tak for roserne      

Start OTL

Klik på CleanUp! knappen.

Du vil blive spurgt, om du vil begynde at rensningen? Vælg Ja.

Dette trin fjerner de filer, mapper og genveje skabt af de værktøjer,  du har downloadet og kørt.

Når du er færdig, vil du blive bedt om at genstarte computeren.

Genstart venligst din computer.

Det er hermed gjort

Endnu en gang, tusind tak for hjælpen

Fint, så lukker jeg pænt efter os