Mank70

Woop woop, nu försvann det! Tack för den länken Cecilia och tack till er andra för er hjälp! MVH/Magnus

Jag följde MrO:s länk och laddade ner programmet gratis. Det gick att söka igenom datorn och det hittade 120-ish "fel" i datorn. Problemet var att det bara gick att ta bort 15 av dessa utan att pröjsa. Eller har jag missat ngt? /Magnus

Oki.. 450:- kostar AdwCleaner.. är det värt dessa pengar med andra ord? Tack för era svar!

Tack för era svar Nilsson och Cecilia! Jag provade Malwarebytes men det programmet hittade inte ens problemet. Kan detta hjälpa Cecilia? Bifogade fil, kunde av ngn anledning inte klistra in texten här. Må väl/Magnus SpybotSD.Results.txt

Hej! När jag kör Spybot så får jag fram Win32.Downloader.gen som Malware. Men det går inte att ta bort med det programmet. Windows Defender upptäcker inte malwaret alls. Har sökt på nätet efter sätt att kunna "fixa" detta problem men har ej funnit ngt som verkar fungera. Finns det ngn vänlig själ som kan hjälpa mig med detta? Tack på förhand/Magnus

Du hade rätt Cecilia! Det funkade när jag flyttade bildskärmskabeln till den andra anslutningen. Lite konstigt att jag redan hade de inställningar i BIOS som jag ville ha- men de började inte fungera först jag bytt anslutning.. Kan detta betyda att den andra anslutningen är helt körd eller går den kanske att använda till att koppla ihop med tv:n? Hur som helst- 1000 tack! Jag är mycket tacksam, hade planerat att köpa ny dator idag- men nu behöver jag inte det.. /Magnus

Skulle det problemet kunna uppstå nyligen då? Jag har nämligen gjort fabriksåterställning för typ 1/2 år sedan och då gick det bra.. Nu förstår jag att detta antagligen är ett HP-relaterat problem och inte har så mycket med windows att göra kanske.. men jag är tacksam för all hjälp!

Återställningsprogrammet är ett HP-program ser jag nu.. men bekymret är det samma.

Startar jag om datorn med skivorna i så händer ingenting- precis som om att grafikkortet lägger av och inte visar vad som händer. Samma sak händer om jag försöker gå in i bios... datorn funkar men ingen bild visas. Det är när jag försöker köra återställningshanteraren i windows som den säger till att jag saknar återställningspartition..

Grejen är den att min dator påstår att jag saknar återställningspartition.. Och det ända som kan vara av intresse för mig är hur datorn var när den var ny...

Kankse ska tillägga att jag har återställningsskivor..

Hej! Jag hade tänkt att göra en fabriksåterställning på min dator. HP Pavilion elite HPE 115 sc. Men när det är dags så säger den att jag inte har ngn återställningspartition.. Betyder det att jag nu är rökt på min önskan? Mycket tacksam för svar! /Magnus

Si3rra- den är inställd på automatisk. Det är väl så det ska vara eller? Ok, Cecilia, nu är det gjort. Jag tackar ödmjukast för ditt tålamod! MVH/Magnus

========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found. File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. C:\ProgramData\IBUpdaterService folder moved successfully. C:\0ebca1d037f143b46736e586b3ec8b\Sandbox folder moved successfully. C:\0ebca1d037f143b46736e586b3ec8b folder moved successfully. Error: Unable to interpret <:Commands[CREATERESTOREPOINT]> in the current context! Error: Unable to interpret <[REBOOT]> in the current context! OTL by OldTimer - Version 3.2.54.0 log created on 07152012_174903

Problemet i antivirus programmet kvarstår. Dock så har jag tydligen inget att hämta med windows update då den säger att jag har allt det senaste.. Tror du att en återställning med skivorna till den tidpunkt datorn var ny skulle funka? Jag är verkligen tacksam för din hjälp!

OTL logfile created on: 2012-07-15 10:44:05 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Mank70\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd 7,96 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 73,44% Memory free 15,92 Gb Paging File | 13,35 Gb Available in Paging File | 83,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 919,87 Gb Total Space | 600,97 Gb Free Space | 65,33% Space Free | Partition Type: NTFS Drive D: | 11,54 Gb Total Space | 11,46 Gb Free Space | 99,26% Space Free | Partition Type: NTFS Computer Name: MANK70-DATOR | User Name: Mank70 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mank70\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©) PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll () MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe () MOD - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL () ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (NisSrv) -- c:\Program\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.) DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech) DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/11 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B60729A2-1CD4-441A-8770-BCF7D800D4AA} IE:64bit: - HKLM\..\SearchScopes\{B60729A2-1CD4-441A-8770-BCF7D800D4AA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/11 IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {B60729A2-1CD4-441A-8770-BCF7D800D4AA} IE - HKLM\..\SearchScopes\{B60729A2-1CD4-441A-8770-BCF7D800D4AA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {B60729A2-1CD4-441A-8770-BCF7D800D4AA} IE - HKCU\..\SearchScopes\{B60729A2-1CD4-441A-8770-BCF7D800D4AA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Mank70\AppData\Local\RewardsArcade\498\Firefox O1 HOSTS File: ([2012-07-14 21:27:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL File not found O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL File not found O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard) O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard) O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech©) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{575E171D-DDF1-4DB7-AEDE-6ABC6CA8B4EB}: NameServer = 130.244.127.162,212.247.250.254 O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012-07-15 10:42:40 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Mank70\Desktop\OTL.exe [2012-07-14 21:30:30 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012-07-14 21:27:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012-07-13 14:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012-07-13 14:19:06 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2012-07-13 14:15:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Mank70\Desktop\aswMBR.exe [2012-07-13 14:12:40 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mank70\Desktop\tdsskiller.exe [2012-07-12 13:39:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012-07-12 13:39:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012-07-12 13:39:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012-07-12 13:39:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2012-07-12 13:39:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012-07-12 13:37:09 | 004,579,346 | R--- | C] (Swearware) -- C:\Users\Mank70\Desktop\ComboFix.exe [2012-07-12 00:05:24 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2012-07-12 00:05:24 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2012-07-11 14:59:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012-07-11 14:59:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012-07-11 14:59:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012-07-11 14:59:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012-07-11 14:59:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012-07-11 14:59:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012-07-11 14:59:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012-07-11 14:59:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012-07-11 14:59:24 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012-07-11 14:59:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012-07-11 14:59:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012-07-11 14:59:24 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012-07-11 14:59:24 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012-07-11 12:35:32 | 000,000,000 | ---D | C] -- C:\Users\Mank70\AppData\Roaming\Malwarebytes [2012-07-11 12:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012-07-11 12:35:24 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012-07-11 12:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012-07-11 12:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012-07-11 11:18:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012-07-11 11:18:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012-07-11 11:18:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012-07-11 11:18:47 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll [2012-07-11 11:18:47 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012-07-10 19:36:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mank70\Desktop\dds.scr [2012-07-09 19:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012-07-09 18:51:21 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012-07-09 18:51:21 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012-07-09 18:51:21 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012-07-09 18:51:12 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012-07-09 18:51:11 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012-07-09 18:51:11 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012-07-09 18:50:57 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012-07-09 18:50:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012-07-09 17:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService [2012-07-09 17:02:35 | 000,000,000 | ---D | C] -- C:\Users\Mank70\Documents\Ny mapp [2012-07-09 15:53:57 | 000,000,000 | ---D | C] -- C:\0ebca1d037f143b46736e586b3ec8b [2012-07-09 15:40:18 | 000,000,000 | ---D | C] -- C:\Users\Mank70\AppData\Local\ElevatedDiagnostics [2012-07-03 13:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET ========== Files - Modified Within 30 Days ========== [2012-07-15 10:42:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mank70\Desktop\OTL.exe [2012-07-15 09:04:13 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012-07-15 09:04:13 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012-07-15 08:56:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012-07-15 08:56:36 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys [2012-07-14 21:27:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012-07-14 21:20:50 | 004,579,346 | R--- | M] (Swearware) -- C:\Users\Mank70\Desktop\ComboFix.exe [2012-07-13 14:17:03 | 000,000,512 | ---- | M] () -- C:\Users\Mank70\Desktop\MBR.dat [2012-07-13 14:15:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Mank70\Desktop\aswMBR.exe [2012-07-13 14:12:54 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mank70\Desktop\tdsskiller.exe [2012-07-11 22:59:03 | 000,329,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012-07-11 13:08:09 | 000,165,376 | ---- | M] () -- C:\Users\Mank70\Desktop\SystemLook_x64.exe [2012-07-11 12:35:28 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-07-10 19:36:35 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mank70\Desktop\dds.scr [2012-07-09 19:16:26 | 000,001,195 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk ========== Files Created - No Company Name ========== [2012-07-13 14:17:03 | 000,000,512 | ---- | C] () -- C:\Users\Mank70\Desktop\MBR.dat [2012-07-12 13:39:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012-07-12 13:39:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012-07-12 13:39:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012-07-12 13:39:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012-07-12 13:39:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012-07-11 13:08:09 | 000,165,376 | ---- | C] () -- C:\Users\Mank70\Desktop\SystemLook_x64.exe [2012-07-11 12:35:28 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012-07-03 13:29:37 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012-02-09 16:36:41 | 000,000,314 | ---- | C] () -- C:\Users\Mank70\AppData\Roaming\wklnhst.dat [2012-01-26 18:36:39 | 000,886,681 | ---- | C] () -- C:\Users\Mank70\AppData\Local\tmpDSC_0128.JPG [2012-01-11 12:45:35 | 000,002,048 | -HS- | C] () -- C:\Users\Mank70\AppData\Local\{97784f56-152f-eded-999a-0ea970a7a1e5}\@ [2011-11-28 14:55:56 | 000,000,186 | ---- | C] () -- C:\Windows\wininit.ini [2011-11-25 20:27:27 | 000,000,032 | ---- | C] () -- C:\Program Files\plugins-04041e-fe8.dat [2011-11-25 17:16:54 | 001,492,470 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011-10-15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== LOP Check ========== [2012-07-13 13:44:03 | 000,000,000 | ---D | M] -- C:\Users\Mank70\AppData\Roaming\Azureus [2011-11-28 16:04:43 | 000,000,000 | ---D | M] -- C:\Users\Mank70\AppData\Roaming\Leadertech [2012-05-14 21:10:43 | 000,000,000 | ---D | M] -- C:\Users\Mank70\AppData\Roaming\Might & Magic Heroes VI [2012-04-18 09:09:35 | 000,000,000 | ---D | M] -- C:\Users\Mank70\AppData\Roaming\Personal [2011-11-25 20:25:59 | 000,000,000 | ---D | M] -- C:\Users\Mank70\AppData\Roaming\Systweak [2012-02-09 16:38:06 | 000,000,000 | ---D | M] -- C:\Users\Mank70\AppData\Roaming\Template [2012-05-31 10:19:02 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job [2012-07-12 14:11:04 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Proghrammen avinstallerade.. stratar om datorn och provar..

OTL Extras logfile created on: 2012-07-15 10:44:05 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Mank70\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd 7,96 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 73,44% Memory free 15,92 Gb Paging File | 13,35 Gb Available in Paging File | 83,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 919,87 Gb Total Space | 600,97 Gb Free Space | 65,33% Space Free | Partition Type: NTFS Drive D: | 11,54 Gb Total Space | 11,46 Gb Free Space | 99,26% Space Free | Partition Type: NTFS Computer Name: MANK70-DATOR | User Name: Mank70 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A92F6A9-0A28-4ACA-9702-C7FEF6009325}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2B36477D-3050-4362-A989-D34F275C39DF}" = rport=137 | protocol=17 | dir=out | app=system | "{37C960F5-6539-4CB5-86B4-7674EB6E9B33}" = lport=139 | protocol=6 | dir=in | app=system | "{5B717FC7-6CAA-4EE5-93BC-3A9AA1E63A0C}" = lport=138 | protocol=17 | dir=in | app=system | "{6476ABFE-0365-4FEF-9AB7-CF610819585A}" = lport=445 | protocol=6 | dir=in | app=system | "{6F662408-3622-4AD6-80FA-1A8AE6A4872B}" = rport=445 | protocol=6 | dir=out | app=system | "{8AC5C8E7-4ECE-424E-BC6F-3450BD2C6567}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{9D42069B-FEE9-4D07-AE17-3BCD305A69EE}" = rport=139 | protocol=6 | dir=out | app=system | "{AA1E36F1-644E-4E55-A979-CB65F763A539}" = lport=137 | protocol=17 | dir=in | app=system | "{CFC0EE5E-C3AB-4131-81DD-2BEA955C7C48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F9D85FDD-145E-4134-A17D-31614152AA9D}" = rport=138 | protocol=17 | dir=out | app=system | "{FD7A0DA0-89B4-4FC3-A7C5-781CD822967B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{070B630C-4748-45E8-86A2-2C0BAE6BE781}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{0C568B5C-D26D-4A5B-994C-9FC76932A544}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{17270B99-B929-4822-8450-E89C8B9C2874}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{18980CDB-AD60-4FF9-8608-7F26160BA3C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{235F1D15-564E-4924-B0C9-F2A8BA49D598}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{2F310D58-DD74-4CB4-B452-A69212E6D7F2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{2FF246A8-2983-4EFA-A021-8399A4AF4EA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{34B14B27-D3DA-40C1-8107-717B43DFD2DC}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{378CBC17-0407-4141-87CE-198C475A12EC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{407D9924-57C9-4601-A9E1-EFA08A5263E6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{49B12D15-68F0-43C4-8B72-4316F29DF211}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{5118FF9A-E009-44F3-94F9-B18215612C6D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{5CE88B03-D8C4-4FF8-AB60-6D15500278A6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{5F8EFBDA-B7C4-4740-9CC7-78B63657C0A4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{6AAD865D-06EF-41CB-BA14-3771E215D22D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{83DB60A2-A0F1-437C-898C-544207C5579D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{8FCC3607-D7C5-4F4E-9BCD-CED40257202C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{952B9CF9-DB9E-4CE2-B25F-F512CC08E98F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{9D46C6B3-A946-49B5-BFAA-FAE06A444C19}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{A1007F40-B0B0-4E0C-8CC2-2D4D8B50458E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A23CA438-BDA9-40ED-A8DD-07A720E84B92}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{A87B50CD-EC0B-49D3-B430-4314FC12E8FA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{A951C0C6-5FE2-465E-9AF1-7BF3A665C680}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | "{B4F53B7C-6488-46F2-BAAF-77F4222EFEED}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{BAE54F11-5DA0-4718-A7F6-EE1CA41F2B6D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{C8E40113-F43F-49DD-AB0F-9DB8300492B4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | "{CAD96D04-E6BE-4BCA-AF85-58F469AF4928}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{D1D2F7FD-0953-46BC-BE70-AEB6BE331389}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D9DF041E-91CB-44CB-A70B-E5CE0E38C79C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{DB52E9CD-3CB4-4398-BB09-1B83C1E7313A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{E636B122-6141-4DBB-A698-588A1690C016}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{E8F45C32-838A-4251-ABC6-0282F7D5B99A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{EE83D10A-72E7-47CB-BD30-3AAD07CC9EB9}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{F3E0F2B8-F760-4C86-ABEF-47F193FC15AF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{F69BDCA6-C8ED-4B05-B2C7-E45AFC5E1788}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | "TCP Query User{1A0427C8-B120-44B0-BB2B-1E079614302F}C:\users\mank70\appdata\local\microsoft\windows\temporary internet files\content.ie5\m72llwvv\diablo-iii-8370-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\mank70\appdata\local\microsoft\windows\temporary internet files\content.ie5\m72llwvv\diablo-iii-8370-engb-installer-downloader.exe | "TCP Query User{1ABFA41A-B5FB-4E43-954C-DFECF5B04E5C}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "TCP Query User{31E1B83D-A6C4-434A-95EF-DB9F45C67C52}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "TCP Query User{5F5CFBD9-E9BB-413D-8896-F4742DE5818F}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "TCP Query User{8D9C1E4F-CA87-4EFF-9DED-8012327F09F2}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "TCP Query User{CCB8653E-1DE8-44D0-B51C-27A8DA9E74A5}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{09CF4292-4D6C-4277-A32A-73C545CA04C8}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "UDP Query User{93D91748-67DF-402C-A5D6-1444D6E2E559}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "UDP Query User{C31D4D3A-4877-4FEC-BBF6-E6D6EF1F644C}C:\users\mank70\appdata\local\microsoft\windows\temporary internet files\content.ie5\m72llwvv\diablo-iii-8370-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\mank70\appdata\local\microsoft\windows\temporary internet files\content.ie5\m72llwvv\diablo-iii-8370-engb-installer-downloader.exe | "UDP Query User{D2C534DA-5CDD-44C7-ADA5-4FDEFFE931C4}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{E519FC14-1EA4-49BC-8D64-15CF1F9C33A7}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{FFEB6710-E5BF-4565-BC2D-1B4DC50EA81B}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java 6 Update 29 (64-bit) "{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.12 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu "{96CC6DCC-8EBA-3F85-899B-933F599C4142}" = Microsoft .NET Framework 4 Client Profile SVE Language Pack "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision drivrutin 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIAs kontrollpanel 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafikdrivrutin 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision drivrutin för styrenhet 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX systemprogramvara 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA-uppdatering 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client SV-SE Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F8D02DBB-9B81-4192-9E85-219AD0447920}" = Microsoft Antimalware Service SV-SE Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile SVE Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - SVE "Microsoft Security Client" = Microsoft Security Essentials "PC-Doctor for Windows" = Hårdvarudiagnostikverktyg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{2C1B58D5-6549-472C-86B7-17BE57186628}" = Microsoft Works "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-041D-0000-0000000FF1CE}" = Compatibility Pack för Office 2007-systemet "{95120000-00AF-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Swedish) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{AC76BA86-7AD7-1053-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Svenska "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "{FC98FBE9-E931-494C-8717-497185371053}" = Nero 7 Ultra Edition "7-Zip" = 7-Zip 9.22beta "8461-7759-5462-8226" = Vuze "Diablo III" = Diablo III "ESET Online Scanner" = ESET Online Scanner v3 "HP Remote Solution" = HP Remote Solution "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Personal" = BankID säkerhetsprogram 4.18.3 "WildTangent hp Master Uninstall" = HP Games "VLC media player" = VLC media player 1.1.11 "Vuze_Remote Toolbar" = Vuze Remote Toolbar ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2012-07-03 07:23:35 | Computer Name = Mank70-Dator | Source = Microsoft Security Client Setup | ID = 100 Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. (null) Error - 2012-07-04 04:34:20 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815 Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot - search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet * i attributet language i elementet assemblyIdentity är felaktigt. Error - 2012-07-05 04:58:41 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815 Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot - search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet * i attributet language i elementet assemblyIdentity är felaktigt. Error - 2012-07-08 04:46:26 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815 Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot - search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet * i attributet language i elementet assemblyIdentity är felaktigt. Error - 2012-07-09 06:40:39 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815 Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot - search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet * i attributet language i elementet assemblyIdentity är felaktigt. Error - 2012-07-10 07:19:57 | Computer Name = Mank70-Dator | Source = Application Error | ID = 1000 Description = Felet uppstod i programmet med namn: b0vy5k7q.exe, version 1.0.15.15641, tidsstämpel 0x4e21f2b1 , felet uppstod i modulen med namn: ntdll.dll, version 6.1.7601.17725, tidsstämpel 0x4ec49b8f Undantagskod: 0xc0000005 Felförskjutning: 0x0003331f Process-ID: 0xcf0 Programmets starttid: 0x01cd5e8d8e29806d Sökväg till program: C:\Users\Mank70\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYCUZSX4\b0vy5k7q.exe Sökväg till modul: C:\Windows\SysWOW64\ntdll.dll Rapport-ID: 2da29a9c-ca81-11e1-bc76-406186960ff2 Error - 2012-07-10 07:22:21 | Computer Name = Mank70-Dator | Source = Application Error | ID = 1000 Description = Felet uppstod i programmet med namn: RootkitRevealer.exe, version 1.71.0.0, tidsstämpel 0x44e255aa , felet uppstod i modulen med namn: RootkitRevealer.exe, version 1.71.0.0, tidsstämpel 0x44e255aa Undantagskod: 0xc0000005 Felförskjutning: 0x000040cd Process-ID: 0x119c Programmets starttid: 0x01cd5e8e40f643eb Sökväg till program: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Sökväg till modul: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Rapport-ID: 834d1dc7-ca81-11e1-bc76-406186960ff2 Error - 2012-07-10 07:24:33 | Computer Name = Mank70-Dator | Source = Application Error | ID = 1000 Description = Felet uppstod i programmet med namn: RootkitRevealer.exe, version 1.71.0.0, tidsstämpel 0x44e255aa , felet uppstod i modulen med namn: RootkitRevealer.exe, version 1.71.0.0, tidsstämpel 0x44e255aa Undantagskod: 0xc0000005 Felförskjutning: 0x000040cd Process-ID: 0x1374 Programmets starttid: 0x01cd5e8e8dfb66ef Sökväg till program: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Sökväg till modul: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Rapport-ID: d1f7615b-ca81-11e1-bc76-406186960ff2 Error - 2012-07-10 07:25:11 | Computer Name = Mank70-Dator | Source = Application Error | ID = 1000 Description = Felet uppstod i programmet med namn: RootkitRevealer.exe, version 1.71.0.0, tidsstämpel 0x44e255aa , felet uppstod i modulen med namn: RootkitRevealer.exe, version 1.71.0.0, tidsstämpel 0x44e255aa Undantagskod: 0xc0000005 Felförskjutning: 0x000040cd Process-ID: 0x52c Programmets starttid: 0x01cd5e8ea50a46f7 Sökväg till program: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Sökväg till modul: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Rapport-ID: e8a6819e-ca81-11e1-bc76-406186960ff2 Error - 2012-07-10 08:27:26 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815 Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot - search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet * i attributet language i elementet assemblyIdentity är felaktigt. [ System Events ] Error - 2012-05-04 02:04:13 | Computer Name = Mank70-Dator | Source = iaStor | ID = 262153 Description = Enheten \Device\Ide\iaStor0 har inte svarat inom den angivna tidsgränsen. Error - 2012-05-04 16:50:11 | Computer Name = Mank70-Dator | Source = Microsoft Antimalware | ID = 2001 Description = %%860 stötte på ett fel när signaturer skulle uppdateras. Ny signaturversion: Föregående signaturversion: 1.125.1048.0 Uppdateringskälla: %%859 Uppdateringsfas: %%852 Källsökväg: http://www.microsoft.com Signaturtyp: %%800 Uppdateringstyp: %%803 Användare: NT instans\SYSTEM Aktuell motorversion: Föregående motorversion: 1.1.8304.0 Felkod: 0x8024001e Felbeskrivning: Ett oväntat problem uppstod under sökningen efter uppdateringar. Mer information om hur du installerar och felsöker uppdateringar finns i Hjälp och support. Error - 2012-05-17 01:15:44 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7009 Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam Client Service skulle ansluta. Error - 2012-05-17 01:15:44 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7000 Description = Tjänsten Steam Client Service kunde inte startas på grund av följande fel: %%1053 Error - 2012-05-19 04:34:12 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7009 Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam Client Service skulle ansluta. Error - 2012-05-19 04:34:12 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7000 Description = Tjänsten Steam Client Service kunde inte startas på grund av följande fel: %%1053 Error - 2012-05-20 05:06:49 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7009 Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam Client Service skulle ansluta. Error - 2012-05-20 05:06:49 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7000 Description = Tjänsten Steam Client Service kunde inte startas på grund av följande fel: %%1053 Error - 2012-06-08 14:23:59 | Computer Name = Mank70-Dator | Source = DCOM | ID = 10010 Description = Error - 2012-06-11 04:46:23 | Computer Name = Mank70-Dator | Source = Microsoft Antimalware | ID = 2001 Description = %%860 stötte på ett fel när signaturer skulle uppdateras. Ny signaturversion: Föregående signaturversion: 1.127.1680.0 Uppdateringskälla: %%859 Uppdateringsfas: %%852 Källsökväg: http://www.microsoft.com Signaturtyp: %%800 Uppdateringstyp: %%803 Användare: NT instans\SYSTEM Aktuell motorversion: Föregående motorversion: 1.1.8403.0 Felkod: 0x8024001e Felbeskrivning: Ett oväntat problem uppstod under sökningen efter uppdateringar. Mer information om hur du installerar och felsöker uppdateringar finns i Hjälp och support. < End of report > OTL Extras logfile created on: 2012-07-15 10:44:05 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Mank70\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd 7,96 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 73,44% Memory free 15,92 Gb Paging File | 13,35 Gb Available in Paging File | 83,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 919,87 Gb Total Space | 600,97 Gb Free Space | 65,33% Space Free | Partition Type: NTFS Drive D: | 11,54 Gb Total Space | 11,46 Gb Free Space | 99,26% Space Free | Partition Type: NTFS Computer Name: MANK70-DATOR | User Name: Mank70 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A92F6A9-0A28-4ACA-9702-C7FEF6009325}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2B36477D-3050-4362-A989-D34F275C39DF}" = rport=137 | protocol=17 | dir=out | app=system | "{37C960F5-6539-4CB5-86B4-7674EB6E9B33}" = lport=139 | protocol=6 | dir=in | app=system | "{5B717FC7-6CAA-4EE5-93BC-3A9AA1E63A0C}" = lport=138 | protocol=17 | dir=in | app=system | "{6476ABFE-0365-4FEF-9AB7-CF610819585A}" = lport=445 | protocol=6 | dir=in | app=system | "{6F662408-3622-4AD6-80FA-1A8AE6A4872B}" = rport=445 | protocol=6 | dir=out | app=system | "{8AC5C8E7-4ECE-424E-BC6F-3450BD2C6567}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{9D42069B-FEE9-4D07-AE17-3BCD305A69EE}" = rport=139 | protocol=6 | dir=out | app=system | "{AA1E36F1-644E-4E55-A979-CB65F763A539}" = lport=137 | protocol=17 | dir=in | app=system | "{CFC0EE5E-C3AB-4131-81DD-2BEA955C7C48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F9D85FDD-145E-4134-A17D-31614152AA9D}" = rport=138 | protocol=17 | dir=out | app=system | "{FD7A0DA0-89B4-4FC3-A7C5-781CD822967B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{070B630C-4748-45E8-86A2-2C0BAE6BE781}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{0C568B5C-D26D-4A5B-994C-9FC76932A544}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{17270B99-B929-4822-8450-E89C8B9C2874}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{18980CDB-AD60-4FF9-8608-7F26160BA3C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{235F1D15-564E-4924-B0C9-F2A8BA49D598}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | "{2F310D58-DD74-4CB4-B452-A69212E6D7F2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | "{2FF246A8-2983-4EFA-A021-8399A4AF4EA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{34B14B27-D3DA-40C1-8107-717B43DFD2DC}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | "{378CBC17-0407-4141-87CE-198C475A12EC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{407D9924-57C9-4601-A9E1-EFA08A5263E6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | "{49B12D15-68F0-43C4-8B72-4316F29DF211}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{5118FF9A-E009-44F3-94F9-B18215612C6D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{5CE88B03-D8C4-4FF8-AB60-6D15500278A6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{5F8EFBDA-B7C4-4740-9CC7-78B63657C0A4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | "{6AAD865D-06EF-41CB-BA14-3771E215D22D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{83DB60A2-A0F1-437C-898C-544207C5579D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{8FCC3607-D7C5-4F4E-9BCD-CED40257202C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{952B9CF9-DB9E-4CE2-B25F-F512CC08E98F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | "{9D46C6B3-A946-49B5-BFAA-FAE06A444C19}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{A1007F40-B0B0-4E0C-8CC2-2D4D8B50458E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A23CA438-BDA9-40ED-A8DD-07A720E84B92}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{A87B50CD-EC0B-49D3-B430-4314FC12E8FA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | "{A951C0C6-5FE2-465E-9AF1-7BF3A665C680}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | "{B4F53B7C-6488-46F2-BAAF-77F4222EFEED}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{BAE54F11-5DA0-4718-A7F6-EE1CA41F2B6D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | "{C8E40113-F43F-49DD-AB0F-9DB8300492B4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | "{CAD96D04-E6BE-4BCA-AF85-58F469AF4928}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | "{D1D2F7FD-0953-46BC-BE70-AEB6BE331389}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D9DF041E-91CB-44CB-A70B-E5CE0E38C79C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{DB52E9CD-3CB4-4398-BB09-1B83C1E7313A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{E636B122-6141-4DBB-A698-588A1690C016}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | "{E8F45C32-838A-4251-ABC6-0282F7D5B99A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{EE83D10A-72E7-47CB-BD30-3AAD07CC9EB9}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "{F3E0F2B8-F760-4C86-ABEF-47F193FC15AF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | "{F69BDCA6-C8ED-4B05-B2C7-E45AFC5E1788}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | "TCP Query User{1A0427C8-B120-44B0-BB2B-1E079614302F}C:\users\mank70\appdata\local\microsoft\windows\temporary internet files\content.ie5\m72llwvv\diablo-iii-8370-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\mank70\appdata\local\microsoft\windows\temporary internet files\content.ie5\m72llwvv\diablo-iii-8370-engb-installer-downloader.exe | "TCP Query User{1ABFA41A-B5FB-4E43-954C-DFECF5B04E5C}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "TCP Query User{31E1B83D-A6C4-434A-95EF-DB9F45C67C52}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "TCP Query User{5F5CFBD9-E9BB-413D-8896-F4742DE5818F}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "TCP Query User{8D9C1E4F-CA87-4EFF-9DED-8012327F09F2}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "TCP Query User{CCB8653E-1DE8-44D0-B51C-27A8DA9E74A5}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{09CF4292-4D6C-4277-A32A-73C545CA04C8}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "UDP Query User{93D91748-67DF-402C-A5D6-1444D6E2E559}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | "UDP Query User{C31D4D3A-4877-4FEC-BBF6-E6D6EF1F644C}C:\users\mank70\appdata\local\microsoft\windows\temporary internet files\content.ie5\m72llwvv\diablo-iii-8370-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\mank70\appdata\local\microsoft\windows\temporary internet files\content.ie5\m72llwvv\diablo-iii-8370-engb-installer-downloader.exe | "UDP Query User{D2C534DA-5CDD-44C7-ADA5-4FDEFFE931C4}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{E519FC14-1EA4-49BC-8D64-15CF1F9C33A7}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{FFEB6710-E5BF-4565-BC2D-1B4DC50EA81B}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java 6 Update 29 (64-bit) "{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.12 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu "{96CC6DCC-8EBA-3F85-899B-933F599C4142}" = Microsoft .NET Framework 4 Client Profile SVE Language Pack "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision drivrutin 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIAs kontrollpanel 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafikdrivrutin 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision drivrutin för styrenhet 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX systemprogramvara 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA-uppdatering 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client SV-SE Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F8D02DBB-9B81-4192-9E85-219AD0447920}" = Microsoft Antimalware Service SV-SE Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile SVE Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - SVE "Microsoft Security Client" = Microsoft Security Essentials "PC-Doctor for Windows" = Hårdvarudiagnostikverktyg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{2C1B58D5-6549-472C-86B7-17BE57186628}" = Microsoft Works "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0 "{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-041D-0000-0000000FF1CE}" = Compatibility Pack för Office 2007-systemet "{95120000-00AF-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Swedish) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{AC76BA86-7AD7-1053-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Svenska "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004) "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "{FC98FBE9-E931-494C-8717-497185371053}" = Nero 7 Ultra Edition "7-Zip" = 7-Zip 9.22beta "8461-7759-5462-8226" = Vuze "Diablo III" = Diablo III "ESET Online Scanner" = ESET Online Scanner v3 "HP Remote Solution" = HP Remote Solution "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Personal" = BankID säkerhetsprogram 4.18.3 "WildTangent hp Master Uninstall" = HP Games "VLC media player" = VLC media player 1.1.11 "Vuze_Remote Toolbar" = Vuze Remote Toolbar ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2012-07-03 07:23:35 | Computer Name = Mank70-Dator | Source = Microsoft Security Client Setup | ID = 100 Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. (null) Error - 2012-07-04 04:34:20 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815 Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot - search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet * i attributet language i elementet assemblyIdentity är felaktigt. Error - 2012-07-05 04:58:41 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815 Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot - search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet * i attributet language i elementet assemblyIdentity är felaktigt. Error - 2012-07-08 04:46:26 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815 Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot - search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet * i attributet language i elementet assemblyIdentity är felaktigt. Error - 2012-07-09 06:40:39 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815 Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot - search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet * i attributet language i elementet assemblyIdentity är felaktigt. Error - 2012-07-10 07:19:57 | Computer Name = Mank70-Dator | Source = Application Error | ID = 1000 Description = Felet uppstod i programmet med namn: b0vy5k7q.exe, version 1.0.15.15641, tidsstämpel 0x4e21f2b1 , felet uppstod i modulen med namn: ntdll.dll, version 6.1.7601.17725, tidsstämpel 0x4ec49b8f Undantagskod: 0xc0000005 Felförskjutning: 0x0003331f Process-ID: 0xcf0 Programmets starttid: 0x01cd5e8d8e29806d Sökväg till program: C:\Users\Mank70\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYCUZSX4\b0vy5k7q.exe Sökväg till modul: C:\Windows\SysWOW64\ntdll.dll Rapport-ID: 2da29a9c-ca81-11e1-bc76-406186960ff2 Error - 2012-07-10 07:22:21 | Computer Name = Mank70-Dator | Source = Application Error | ID = 1000 Description = Felet uppstod i programmet med namn: RootkitRevealer.exe, version 1.71.0.0, tidsstämpel 0x44e255aa , felet uppstod i modulen med namn: RootkitRevealer.exe, version 1.71.0.0, tidsstämpel 0x44e255aa Undantagskod: 0xc0000005 Felförskjutning: 0x000040cd Process-ID: 0x119c Programmets starttid: 0x01cd5e8e40f643eb Sökväg till program: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Sökväg till modul: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Rapport-ID: 834d1dc7-ca81-11e1-bc76-406186960ff2 Error - 2012-07-10 07:24:33 | Computer Name = Mank70-Dator | Source = Application Error | ID = 1000 Description = Felet uppstod i programmet med namn: RootkitRevealer.exe, version 1.71.0.0, tidsstämpel 0x44e255aa , felet uppstod i modulen med namn: RootkitRevealer.exe, version 1.71.0.0, tidsstämpel 0x44e255aa Undantagskod: 0xc0000005 Felförskjutning: 0x000040cd Process-ID: 0x1374 Programmets starttid: 0x01cd5e8e8dfb66ef Sökväg till program: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Sökväg till modul: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Rapport-ID: d1f7615b-ca81-11e1-bc76-406186960ff2 Error - 2012-07-10 07:25:11 | Computer Name = Mank70-Dator | Source = Application Error | ID = 1000 Description = Felet uppstod i programmet med namn: RootkitRevealer.exe, version 1.71.0.0, tidsstämpel 0x44e255aa , felet uppstod i modulen med namn: RootkitRevealer.exe, version 1.71.0.0, tidsstämpel 0x44e255aa Undantagskod: 0xc0000005 Felförskjutning: 0x000040cd Process-ID: 0x52c Programmets starttid: 0x01cd5e8ea50a46f7 Sökväg till program: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Sökväg till modul: C:\Users\Mank70\Documents\RootkitRevealer\RootkitRevealer.exe Rapport-ID: e8a6819e-ca81-11e1-bc76-406186960ff2 Error - 2012-07-10 08:27:26 | Computer Name = Mank70-Dator | Source = SideBySide | ID = 16842815 Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot - search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet * i attributet language i elementet assemblyIdentity är felaktigt. [ System Events ] Error - 2012-05-04 02:04:13 | Computer Name = Mank70-Dator | Source = iaStor | ID = 262153 Description = Enheten \Device\Ide\iaStor0 har inte svarat inom den angivna tidsgränsen. Error - 2012-05-04 16:50:11 | Computer Name = Mank70-Dator | Source = Microsoft Antimalware | ID = 2001 Description = %%860 stötte på ett fel när signaturer skulle uppdateras. Ny signaturversion: Föregående signaturversion: 1.125.1048.0 Uppdateringskälla: %%859 Uppdateringsfas: %%852 Källsökväg: http://www.microsoft.com Signaturtyp: %%800 Uppdateringstyp: %%803 Användare: NT instans\SYSTEM Aktuell motorversion: Föregående motorversion: 1.1.8304.0 Felkod: 0x8024001e Felbeskrivning: Ett oväntat problem uppstod under sökningen efter uppdateringar. Mer information om hur du installerar och felsöker uppdateringar finns i Hjälp och support. Error - 2012-05-17 01:15:44 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7009 Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam Client Service skulle ansluta. Error - 2012-05-17 01:15:44 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7000 Description = Tjänsten Steam Client Service kunde inte startas på grund av följande fel: %%1053 Error - 2012-05-19 04:34:12 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7009 Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam Client Service skulle ansluta. Error - 2012-05-19 04:34:12 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7000 Description = Tjänsten Steam Client Service kunde inte startas på grund av följande fel: %%1053 Error - 2012-05-20 05:06:49 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7009 Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Steam Client Service skulle ansluta. Error - 2012-05-20 05:06:49 | Computer Name = Mank70-Dator | Source = Service Control Manager | ID = 7000 Description = Tjänsten Steam Client Service kunde inte startas på grund av följande fel: %%1053 Error - 2012-06-08 14:23:59 | Computer Name = Mank70-Dator | Source = DCOM | ID = 10010 Description = Error - 2012-06-11 04:46:23 | Computer Name = Mank70-Dator | Source = Microsoft Antimalware | ID = 2001 Description = %%860 stötte på ett fel när signaturer skulle uppdateras. Ny signaturversion: Föregående signaturversion: 1.127.1680.0 Uppdateringskälla: %%859 Uppdateringsfas: %%852 Källsökväg: http://www.microsoft.com Signaturtyp: %%800 Uppdateringstyp: %%803 Användare: NT instans\SYSTEM Aktuell motorversion: Föregående motorversion: 1.1.8403.0 Felkod: 0x8024001e Felbeskrivning: Ett oväntat problem uppstod under sökningen efter uppdateringar. Mer information om hur du installerar och felsöker uppdateringar finns i Hjälp och support. < End of report > (Jag vet ej hur man sparar som fil). Microsoft security essentials går inte att uppdatera- den klagar på min nätverksuppslutning. Windows går ej heller att uppdatera- jag får felmeddelandet- kod80070666

ComboFix 12-07-14.01 - Mank70 2012-07-14 21:21:53.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8151.6126 [GMT 2:00] Körs från: c:\users\Mank70\Desktop\ComboFix.exe Kommandoväxlar som använts :: c:\users\Mank70\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((( Filer skapade från 2012-06-14 till 2012-07-14 )))))))))))))))))))))))))))))) . . 2012-07-14 19:25 . 2012-07-14 19:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-14 19:25 . 2012-07-14 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-11 22:05 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-07-11 22:05 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-07-11 13:02 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 10:35 . 2012-07-11 10:35 -------- d-----w- c:\users\Mank70\AppData\Roaming\Malwarebytes 2012-07-11 10:35 . 2012-07-11 10:35 -------- d-----w- c:\programdata\Malwarebytes 2012-07-11 10:35 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-11 10:35 . 2012-07-11 10:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-09 16:53 . 2012-02-11 11:08 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{657BA206-C594-4B71-AC0D-6D8FCFC2B281}\gapaengine.dll 2012-07-09 16:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-07-09 16:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-07-09 16:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-07-09 16:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-07-09 16:51 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-07-09 16:51 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-07-09 16:51 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-07-09 16:50 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-07-09 16:50 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-07-09 16:47 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F8AD044-29E9-46C9-A717-07EE333CCEA4}\mpengine.dll 2012-07-09 15:11 . 2012-07-09 15:11 -------- d-----w- c:\programdata\IBUpdaterService 2012-07-09 13:53 . 2012-07-09 13:54 -------- d-----w- C:\0ebca1d037f143b46736e586b3ec8b 2012-07-09 13:40 . 2012-07-09 13:45 -------- d-----w- c:\users\Mank70\AppData\Local\ElevatedDiagnostics 2012-07-05 08:18 . 2012-02-11 11:08 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-07-03 11:02 . 2012-07-03 11:02 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-06-17 18:57 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-09 20:42 . 2012-04-05 06:24 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-09 20:42 . 2011-11-25 17:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-04 11:06 . 2012-06-13 10:18 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 10:18 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 10:18 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-13 10:18 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 10:18 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 10:18 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 10:18 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 10:18 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-13 10:18 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-13 10:18 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-13 10:18 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 10:18 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 10:18 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-13 10:18 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-12_11.44.31 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-23 12:51 . 2012-07-14 09:13 36644 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-14 09:13 25474 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-11-25 13:53 . 2012-07-14 09:13 11786 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3382149981-3805900502-4243604806-1000_UserData.bin + 2011-11-25 13:39 . 2012-07-14 19:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-11-25 13:39 . 2012-07-12 11:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-11-25 13:39 . 2012-07-14 19:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-11-25 13:39 . 2012-07-12 11:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-14 19:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-07-12 11:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-07-12 12:07 94640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2012-07-12 11:44 . 2012-07-12 11:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-14 19:26 . 2012-07-14 19:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-14 19:26 . 2012-07-14 19:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-12 11:44 . 2012-07-12 11:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-11-25 20:33 . 2012-07-13 11:01 273992 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin - 2009-07-14 05:01 . 2012-07-12 11:43 288976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-14 19:26 288976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-11-25 13:50 . 2012-07-14 19:26 4837211 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3382149981-3805900502-4243604806-1000-8192.dat . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-28 1242448] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992] "LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024] "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696] "Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-18 1088920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-11-28 410184] R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-11-28 341832] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-11-28 16008] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-25 1255736] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-11-28 22408] S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-11-28 66328] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-19 702976] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616] . . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-05-31 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360] "PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . ------- Extra genomsökning ------- . uStart Page = hxxp://www.google.se/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: Interfaces\{575E171D-DDF1-4DB7-AEDE-6ABC6CA8B4EB}: NameServer = 130.244.127.162,212.247.250.254 . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) . . . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1] @="131473" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andra processer som körs ------------------------ . c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe . ************************************************************************** . Sluttid: 2012-07-14 21:30:28 - datorn startades om. ComboFix-quarantined-files.txt 2012-07-14 19:30 ComboFix2.txt 2012-07-13 12:06 ComboFix3.txt 2012-07-12 11:47 . Före genomsökningen: 645 261 389 824 byte ledigt Efter genomsökningen: 645 504 188 416 byte ledigt . - - End Of File - - C4B5CD9A0D6D5719FFAF2DD9ABDCDB03 . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Mank70 at 21:35:22 on 2012-07-14 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8151.6166 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Personal\bin\Personal.exe C:\Program Files\Windows Media Player\WMPSideShowGadget.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Logitech\G35\G35.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.se/ uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll TCP: Interfaces\{575E171D-DDF1-4DB7-AEDE-6ABC6CA8B4EB} : NameServer = 130.244.127.162,212.247.250.254 {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {53707962-6F74-2D53-2644-206D7942484F} {9CB65201-89C4-402c-BA80-02D8C59F9B1D} {ba14329e-9550-4989-b3f2-9732e92d17cc} {FE063DB1-4EC0-403e-8DD8-394C54984B2C} {ba14329e-9550-4989-b3f2-9732e92d17cc} {FE063DB9-4EC0-403e-8DD8-394C54984B2C} mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-11 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-25 2253120] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?] R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\system32\DRIVERS\LGSHidFilt.Sys --> C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [?] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\system32\DRIVERS\ladfGSCamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSCamd64.sys [?] S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\system32\DRIVERS\ladfGSRamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSRamd64.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-14 19:27:09 -------- d-sh--w- C:\$RECYCLE.BIN 2012-07-13 12:19:09 -------- d-----w- C:\Program Files (x86)\ESET 2012-07-13 12:19:06 -------- d--h--w- C:\Windows\AxInstSV 2012-07-12 11:39:18 98816 ----a-w- C:\Windows\sed.exe 2012-07-12 11:39:18 518144 ----a-w- C:\Windows\SWREG.exe 2012-07-12 11:39:18 256000 ----a-w- C:\Windows\PEV.exe 2012-07-12 11:39:18 208896 ----a-w- C:\Windows\MBR.exe 2012-07-11 22:05:24 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-07-11 22:05:24 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-07-11 13:02:04 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 10:35:32 -------- d-----w- C:\Users\Mank70\AppData\Roaming\Malwarebytes 2012-07-11 10:35:24 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-11 10:35:24 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-11 10:35:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-09 16:53:34 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{657BA206-C594-4B71-AC0D-6D8FCFC2B281}\gapaengine.dll 2012-07-09 16:51:21 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-07-09 16:51:11 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-07-09 16:50:57 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-07-09 16:50:57 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-07-09 16:47:58 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F8AD044-29E9-46C9-A717-07EE333CCEA4}\mpengine.dll 2012-07-09 15:11:33 -------- d-----w- C:\ProgramData\IBUpdaterService 2012-07-09 13:53:57 -------- d-----w- C:\0ebca1d037f143b46736e586b3ec8b 2012-07-09 13:40:18 -------- d-----w- C:\Users\Mank70\AppData\Local\ElevatedDiagnostics 2012-07-05 08:18:51 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-06-17 18:57:30 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll . ==================== Find3M ==================== . 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-09 20:42:46 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-09 20:42:46 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 21:36:15,67 =============== Jo, Esets hittade en infekterad fil. Den tidigare nämnda Asktoolbar.

1. SystemLook 30.07.11 by jpshortstuff Log created at 13:12 on 11/07/2012 by Mank70 Administrator - Elevation successful ========== dir ========== C:\ProgramData\IBUpdaterService - Parameters: "(none)" ---Files--- repository.xml --a---- 3596 bytes [15:11 09/07/2012] [15:11 09/07/2012] ---Folders--- None found. C:\0ebca1d037f143b46736e586b3ec8b - Parameters: "(none)" ---Files--- None found. ---Folders--- Sandbox d------ [13:53 09/07/2012] -= EOF =- . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Mank70 at 14:10:49 on 2012-07-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8151.6133 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\WUDFHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Personal\bin\Personal.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Logitech\G35\G35.exe C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe C:\Program Files\Windows Media Player\WMPSideShowGadget.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.se/ uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll TCP: Interfaces\{575E171D-DDF1-4DB7-AEDE-6ABC6CA8B4EB} : NameServer = 130.244.127.162,212.247.250.254 {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {53707962-6F74-2D53-2644-206D7942484F} {9CB65201-89C4-402c-BA80-02D8C59F9B1D} {ba14329e-9550-4989-b3f2-9732e92d17cc} {FE063DB1-4EC0-403e-8DD8-394C54984B2C} {ba14329e-9550-4989-b3f2-9732e92d17cc} {FE063DB9-4EC0-403e-8DD8-394C54984B2C} mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-11 654408] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-25 2253120] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?] R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\system32\DRIVERS\LGSHidFilt.Sys --> C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [?] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\system32\DRIVERS\ladfGSCamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSCamd64.sys [?] S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\system32\DRIVERS\ladfGSRamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSRamd64.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-13 12:07:34 -------- d-sh--w- C:\$RECYCLE.BIN 2012-07-12 11:39:18 98816 ----a-w- C:\Windows\sed.exe 2012-07-12 11:39:18 518144 ----a-w- C:\Windows\SWREG.exe 2012-07-12 11:39:18 256000 ----a-w- C:\Windows\PEV.exe 2012-07-12 11:39:18 208896 ----a-w- C:\Windows\MBR.exe 2012-07-11 22:05:24 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-07-11 22:05:24 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-07-11 13:02:04 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 10:35:32 -------- d-----w- C:\Users\Mank70\AppData\Roaming\Malwarebytes 2012-07-11 10:35:24 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-11 10:35:24 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-11 10:35:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-09 16:53:34 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{657BA206-C594-4B71-AC0D-6D8FCFC2B281}\gapaengine.dll 2012-07-09 16:51:21 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-07-09 16:51:11 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-07-09 16:50:57 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-07-09 16:50:57 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-07-09 16:47:58 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F8AD044-29E9-46C9-A717-07EE333CCEA4}\mpengine.dll 2012-07-09 15:11:33 -------- d-----w- C:\ProgramData\IBUpdaterService 2012-07-09 13:53:57 -------- d-----w- C:\0ebca1d037f143b46736e586b3ec8b 2012-07-09 13:40:18 -------- d-----w- C:\Users\Mank70\AppData\Local\ElevatedDiagnostics 2012-07-05 08:18:51 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-06-17 18:57:30 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll . ==================== Find3M ==================== . 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-09 20:42:46 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-09 20:42:46 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 14:11:42,76 =============== 2. 14:12:57.0069 3756 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35 14:12:57.0444 3756 ============================================================ 14:12:57.0444 3756 Current date / time: 2012/07/13 14:12:57.0444 14:12:57.0444 3756 SystemInfo: 14:12:57.0444 3756 14:12:57.0444 3756 OS Version: 6.1.7601 ServicePack: 1.0 14:12:57.0444 3756 Product type: Workstation 14:12:57.0444 3756 ComputerName: MANK70-DATOR 14:12:57.0444 3756 UserName: Mank70 14:12:57.0444 3756 Windows directory: C:\Windows 14:12:57.0444 3756 System windows directory: C:\Windows 14:12:57.0444 3756 Running under WOW64 14:12:57.0444 3756 Processor architecture: Intel x64 14:12:57.0444 3756 Number of processors: 8 14:12:57.0444 3756 Page size: 0x1000 14:12:57.0444 3756 Boot type: Normal boot 14:12:57.0444 3756 ============================================================ 14:12:58.0817 3756 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:12:58.0848 3756 ============================================================ 14:12:58.0848 3756 \Device\Harddisk0\DR0: 14:12:58.0848 3756 MBR partitions: 14:12:58.0848 3756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 14:12:58.0848 3756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72FBC1C1 14:12:58.0848 3756 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72FEE9C1, BlocksNum 0x1717000 14:12:58.0848 3756 ============================================================ 14:12:58.0879 3756 C: <-> \Device\Harddisk0\DR0\Partition1 14:12:58.0926 3756 D: <-> \Device\Harddisk0\DR0\Partition2 14:12:58.0926 3756 ============================================================ 14:12:58.0926 3756 Initialize success 14:12:58.0926 3756 ============================================================ 14:13:00.0579 4600 ============================================================ 14:13:00.0595 4600 Scan started 14:13:00.0595 4600 Mode: Manual; 14:13:00.0595 4600 ============================================================ 14:13:00.0829 4600 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 14:13:00.0829 4600 1394ohci - ok 14:13:00.0876 4600 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 14:13:00.0891 4600 ACPI - ok 14:13:00.0907 4600 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 14:13:00.0907 4600 AcpiPmi - ok 14:13:01.0079 4600 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 14:13:01.0079 4600 AdobeARMservice - ok 14:13:01.0157 4600 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 14:13:01.0203 4600 adp94xx - ok 14:13:01.0235 4600 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 14:13:01.0266 4600 adpahci - ok 14:13:01.0313 4600 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 14:13:01.0313 4600 adpu320 - ok 14:13:01.0359 4600 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 14:13:01.0359 4600 AeLookupSvc - ok 14:13:01.0422 4600 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 14:13:01.0437 4600 AFD - ok 14:13:01.0469 4600 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 14:13:01.0469 4600 agp440 - ok 14:13:01.0500 4600 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 14:13:01.0500 4600 ALG - ok 14:13:01.0515 4600 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 14:13:01.0515 4600 aliide - ok 14:13:01.0547 4600 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 14:13:01.0547 4600 amdide - ok 14:13:01.0562 4600 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 14:13:01.0562 4600 AmdK8 - ok 14:13:01.0593 4600 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 14:13:01.0593 4600 AmdPPM - ok 14:13:01.0640 4600 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 14:13:01.0640 4600 amdsata - ok 14:13:01.0687 4600 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 14:13:01.0687 4600 amdsbs - ok 14:13:01.0703 4600 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 14:13:01.0703 4600 amdxata - ok 14:13:01.0734 4600 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 14:13:01.0734 4600 AppID - ok 14:13:01.0749 4600 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 14:13:01.0749 4600 AppIDSvc - ok 14:13:01.0812 4600 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 14:13:01.0812 4600 Appinfo - ok 14:13:01.0843 4600 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 14:13:01.0843 4600 arc - ok 14:13:01.0859 4600 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 14:13:01.0859 4600 arcsas - ok 14:13:01.0890 4600 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 14:13:01.0890 4600 AsyncMac - ok 14:13:01.0937 4600 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 14:13:01.0937 4600 atapi - ok 14:13:02.0015 4600 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 14:13:02.0046 4600 AudioEndpointBuilder - ok 14:13:02.0061 4600 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 14:13:02.0061 4600 AudioSrv - ok 14:13:02.0124 4600 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 14:13:02.0124 4600 AxInstSV - ok 14:13:02.0171 4600 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 14:13:02.0202 4600 b06bdrv - ok 14:13:02.0249 4600 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 14:13:02.0249 4600 b57nd60a - ok 14:13:02.0295 4600 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 14:13:02.0295 4600 BDESVC - ok 14:13:02.0311 4600 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 14:13:02.0311 4600 Beep - ok 14:13:02.0405 4600 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 14:13:02.0436 4600 BFE - ok 14:13:02.0529 4600 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 14:13:02.0576 4600 BITS - ok 14:13:02.0639 4600 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 14:13:02.0639 4600 blbdrive - ok 14:13:02.0654 4600 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 14:13:02.0654 4600 bowser - ok 14:13:02.0670 4600 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:13:02.0670 4600 BrFiltLo - ok 14:13:02.0670 4600 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:13:02.0670 4600 BrFiltUp - ok 14:13:02.0717 4600 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 14:13:02.0717 4600 BridgeMP - ok 14:13:02.0732 4600 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 14:13:02.0748 4600 Browser - ok 14:13:02.0779 4600 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 14:13:02.0795 4600 Brserid - ok 14:13:02.0810 4600 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 14:13:02.0810 4600 BrSerWdm - ok 14:13:02.0810 4600 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 14:13:02.0810 4600 BrUsbMdm - ok 14:13:02.0810 4600 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 14:13:02.0810 4600 BrUsbSer - ok 14:13:02.0826 4600 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 14:13:02.0826 4600 BTHMODEM - ok 14:13:02.0873 4600 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 14:13:02.0873 4600 bthserv - ok 14:13:02.0904 4600 catchme - ok 14:13:02.0919 4600 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 14:13:02.0919 4600 cdfs - ok 14:13:02.0966 4600 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 14:13:02.0982 4600 cdrom - ok 14:13:02.0997 4600 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 14:13:03.0013 4600 CertPropSvc - ok 14:13:03.0044 4600 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 14:13:03.0044 4600 circlass - ok 14:13:03.0091 4600 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 14:13:03.0091 4600 CLFS - ok 14:13:03.0153 4600 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:13:03.0153 4600 clr_optimization_v2.0.50727_32 - ok 14:13:03.0216 4600 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:13:03.0216 4600 clr_optimization_v2.0.50727_64 - ok 14:13:03.0294 4600 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:13:03.0294 4600 clr_optimization_v4.0.30319_32 - ok 14:13:03.0356 4600 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:13:03.0356 4600 clr_optimization_v4.0.30319_64 - ok 14:13:03.0387 4600 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 14:13:03.0387 4600 CmBatt - ok 14:13:03.0419 4600 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 14:13:03.0419 4600 cmdide - ok 14:13:03.0497 4600 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 14:13:03.0497 4600 CNG - ok 14:13:03.0543 4600 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 14:13:03.0543 4600 Compbatt - ok 14:13:03.0575 4600 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 14:13:03.0575 4600 CompositeBus - ok 14:13:03.0590 4600 COMSysApp - ok 14:13:03.0637 4600 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 14:13:03.0637 4600 crcdisk - ok 14:13:03.0684 4600 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 14:13:03.0684 4600 CryptSvc - ok 14:13:03.0762 4600 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 14:13:03.0777 4600 DcomLaunch - ok 14:13:03.0824 4600 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 14:13:03.0840 4600 defragsvc - ok 14:13:03.0887 4600 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 14:13:03.0887 4600 DfsC - ok 14:13:03.0933 4600 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 14:13:03.0949 4600 Dhcp - ok 14:13:03.0965 4600 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 14:13:03.0965 4600 discache - ok 14:13:03.0980 4600 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 14:13:03.0980 4600 Disk - ok 14:13:04.0027 4600 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 14:13:04.0027 4600 Dnscache - ok 14:13:04.0074 4600 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 14:13:04.0089 4600 dot3svc - ok 14:13:04.0136 4600 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 14:13:04.0136 4600 DPS - ok 14:13:04.0152 4600 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 14:13:04.0152 4600 drmkaud - ok 14:13:04.0230 4600 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 14:13:04.0245 4600 DXGKrnl - ok 14:13:04.0261 4600 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 14:13:04.0277 4600 EapHost - ok 14:13:04.0433 4600 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 14:13:04.0511 4600 ebdrv - ok 14:13:04.0635 4600 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 14:13:04.0635 4600 EFS - ok 14:13:04.0729 4600 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 14:13:04.0745 4600 ehRecvr - ok 14:13:04.0776 4600 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 14:13:04.0776 4600 ehSched - ok 14:13:04.0869 4600 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 14:13:04.0885 4600 elxstor - ok 14:13:04.0901 4600 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 14:13:04.0901 4600 ErrDev - ok 14:13:04.0979 4600 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 14:13:04.0994 4600 EventSystem - ok 14:13:05.0041 4600 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 14:13:05.0041 4600 exfat - ok 14:13:05.0072 4600 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 14:13:05.0072 4600 fastfat - ok 14:13:05.0166 4600 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 14:13:05.0166 4600 Fax - ok 14:13:05.0181 4600 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 14:13:05.0181 4600 fdc - ok 14:13:05.0197 4600 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 14:13:05.0197 4600 fdPHost - ok 14:13:05.0213 4600 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 14:13:05.0213 4600 FDResPub - ok 14:13:05.0228 4600 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 14:13:05.0228 4600 FileInfo - ok 14:13:05.0244 4600 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 14:13:05.0244 4600 Filetrace - ok 14:13:05.0259 4600 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 14:13:05.0259 4600 flpydisk - ok 14:13:05.0291 4600 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 14:13:05.0291 4600 FltMgr - ok 14:13:05.0400 4600 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 14:13:05.0431 4600 FontCache - ok 14:13:05.0493 4600 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:13:05.0493 4600 FontCache3.0.0.0 - ok 14:13:05.0525 4600 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 14:13:05.0525 4600 FsDepends - ok 14:13:05.0571 4600 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 14:13:05.0571 4600 Fs_Rec - ok 14:13:05.0618 4600 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 14:13:05.0618 4600 fvevol - ok 14:13:05.0634 4600 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 14:13:05.0634 4600 gagp30kx - ok 14:13:05.0743 4600 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe 14:13:05.0759 4600 GameConsoleService - ok 14:13:05.0837 4600 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 14:13:05.0852 4600 gpsvc - ok 14:13:05.0868 4600 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 14:13:05.0868 4600 hcw85cir - ok 14:13:05.0915 4600 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 14:13:05.0915 4600 HDAudBus - ok 14:13:05.0946 4600 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 14:13:05.0946 4600 HECIx64 - ok 14:13:05.0961 4600 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 14:13:05.0961 4600 HidBatt - ok 14:13:05.0977 4600 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 14:13:05.0977 4600 HidBth - ok 14:13:05.0993 4600 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 14:13:05.0993 4600 HidIr - ok 14:13:06.0024 4600 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 14:13:06.0024 4600 hidserv - ok 14:13:06.0039 4600 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 14:13:06.0039 4600 HidUsb - ok 14:13:06.0071 4600 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 14:13:06.0086 4600 hkmsvc - ok 14:13:06.0117 4600 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 14:13:06.0117 4600 HomeGroupListener - ok 14:13:06.0164 4600 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 14:13:06.0164 4600 HomeGroupProvider - ok 14:13:06.0195 4600 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 14:13:06.0195 4600 HpSAMD - ok 14:13:06.0273 4600 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 14:13:06.0289 4600 HTTP - ok 14:13:06.0289 4600 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 14:13:06.0305 4600 hwpolicy - ok 14:13:06.0336 4600 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 14:13:06.0336 4600 i8042prt - ok 14:13:06.0398 4600 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys 14:13:06.0398 4600 iaStor - ok 14:13:06.0476 4600 IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 14:13:06.0476 4600 IAStorDataMgrSvc - ok 14:13:06.0539 4600 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 14:13:06.0554 4600 iaStorV - ok 14:13:06.0663 4600 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:13:06.0663 4600 idsvc - ok 14:13:06.0710 4600 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 14:13:06.0710 4600 iirsp - ok 14:13:06.0788 4600 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 14:13:06.0804 4600 IKEEXT - ok 14:13:06.0960 4600 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys 14:13:06.0975 4600 IntcAzAudAddService - ok 14:13:07.0116 4600 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 14:13:07.0116 4600 intelide - ok 14:13:07.0147 4600 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 14:13:07.0147 4600 intelppm - ok 14:13:07.0178 4600 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 14:13:07.0178 4600 IPBusEnum - ok 14:13:07.0225 4600 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:13:07.0225 4600 IpFilterDriver - ok 14:13:07.0303 4600 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 14:13:07.0303 4600 iphlpsvc - ok 14:13:07.0334 4600 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 14:13:07.0334 4600 IPMIDRV - ok 14:13:07.0350 4600 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 14:13:07.0350 4600 IPNAT - ok 14:13:07.0365 4600 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 14:13:07.0365 4600 IRENUM - ok 14:13:07.0381 4600 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 14:13:07.0381 4600 isapnp - ok 14:13:07.0428 4600 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 14:13:07.0443 4600 iScsiPrt - ok 14:13:07.0459 4600 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 14:13:07.0459 4600 kbdclass - ok 14:13:07.0475 4600 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 14:13:07.0475 4600 kbdhid - ok 14:13:07.0506 4600 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:13:07.0506 4600 KeyIso - ok 14:13:07.0553 4600 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 14:13:07.0553 4600 KSecDD - ok 14:13:07.0568 4600 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 14:13:07.0584 4600 KSecPkg - ok 14:13:07.0599 4600 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 14:13:07.0599 4600 ksthunk - ok 14:13:07.0646 4600 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 14:13:07.0677 4600 KtmRm - ok 14:13:07.0724 4600 LADF_CaptureOnly (ce4347e2d90db2e5517b6f2bc720a862) C:\Windows\system32\DRIVERS\ladfGSCamd64.sys 14:13:07.0740 4600 LADF_CaptureOnly - ok 14:13:07.0787 4600 LADF_RenderOnly (85a9d21d3ae2ea963e111cb150895877) C:\Windows\system32\DRIVERS\ladfGSRamd64.sys 14:13:07.0802 4600 LADF_RenderOnly - ok 14:13:07.0849 4600 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 14:13:07.0865 4600 LanmanServer - ok 14:13:07.0896 4600 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 14:13:07.0896 4600 LanmanWorkstation - ok 14:13:07.0927 4600 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys 14:13:07.0927 4600 LGBusEnum - ok 14:13:07.0974 4600 LGSHidFilt (158d22b9ea55c5d7449add199015715e) C:\Windows\system32\DRIVERS\LGSHidFilt.Sys 14:13:07.0974 4600 LGSHidFilt - ok 14:13:07.0989 4600 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys 14:13:07.0989 4600 LGVirHid - ok 14:13:08.0083 4600 LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 14:13:08.0083 4600 LightScribeService - ok 14:13:08.0130 4600 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 14:13:08.0130 4600 lltdio - ok 14:13:08.0177 4600 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 14:13:08.0192 4600 lltdsvc - ok 14:13:08.0223 4600 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 14:13:08.0223 4600 lmhosts - ok 14:13:08.0255 4600 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 14:13:08.0255 4600 LSI_FC - ok 14:13:08.0270 4600 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 14:13:08.0270 4600 LSI_SAS - ok 14:13:08.0301 4600 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:13:08.0301 4600 LSI_SAS2 - ok 14:13:08.0317 4600 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:13:08.0333 4600 LSI_SCSI - ok 14:13:08.0348 4600 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 14:13:08.0348 4600 luafv - ok 14:13:08.0411 4600 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 14:13:08.0411 4600 MBAMProtector - ok 14:13:08.0473 4600 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 14:13:08.0489 4600 MBAMService - ok 14:13:08.0520 4600 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 14:13:08.0520 4600 Mcx2Svc - ok 14:13:08.0535 4600 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 14:13:08.0535 4600 megasas - ok 14:13:08.0551 4600 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 14:13:08.0567 4600 MegaSR - ok 14:13:08.0613 4600 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 14:13:08.0613 4600 MMCSS - ok 14:13:08.0629 4600 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 14:13:08.0629 4600 Modem - ok 14:13:08.0676 4600 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 14:13:08.0676 4600 monitor - ok 14:13:08.0707 4600 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 14:13:08.0707 4600 mouclass - ok 14:13:08.0723 4600 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 14:13:08.0723 4600 mouhid - ok 14:13:08.0769 4600 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 14:13:08.0769 4600 mountmgr - ok 14:13:08.0847 4600 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys 14:13:08.0847 4600 MpFilter - ok 14:13:08.0894 4600 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 14:13:08.0894 4600 mpio - ok 14:13:08.0925 4600 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 14:13:08.0925 4600 mpsdrv - ok 14:13:09.0003 4600 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 14:13:09.0019 4600 MpsSvc - ok 14:13:09.0081 4600 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 14:13:09.0081 4600 MRxDAV - ok 14:13:09.0128 4600 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:13:09.0128 4600 mrxsmb - ok 14:13:09.0159 4600 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:13:09.0175 4600 mrxsmb10 - ok 14:13:09.0206 4600 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:13:09.0206 4600 mrxsmb20 - ok 14:13:09.0237 4600 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 14:13:09.0237 4600 msahci - ok 14:13:09.0253 4600 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 14:13:09.0253 4600 msdsm - ok 14:13:09.0300 4600 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 14:13:09.0300 4600 MSDTC - ok 14:13:09.0315 4600 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 14:13:09.0331 4600 Msfs - ok 14:13:09.0347 4600 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 14:13:09.0347 4600 mshidkmdf - ok 14:13:09.0362 4600 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 14:13:09.0362 4600 msisadrv - ok 14:13:09.0393 4600 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 14:13:09.0409 4600 MSiSCSI - ok 14:13:09.0409 4600 msiserver - ok 14:13:09.0440 4600 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 14:13:09.0440 4600 MSKSSRV - ok 14:13:09.0518 4600 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe 14:13:09.0518 4600 MsMpSvc - ok 14:13:09.0534 4600 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 14:13:09.0534 4600 MSPCLOCK - ok 14:13:09.0549 4600 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 14:13:09.0549 4600 MSPQM - ok 14:13:09.0596 4600 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 14:13:09.0596 4600 MsRPC - ok 14:13:09.0612 4600 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 14:13:09.0612 4600 mssmbios - ok 14:13:09.0627 4600 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 14:13:09.0627 4600 MSTEE - ok 14:13:09.0643 4600 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 14:13:09.0643 4600 MTConfig - ok 14:13:09.0659 4600 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 14:13:09.0659 4600 Mup - ok 14:13:09.0705 4600 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 14:13:09.0705 4600 napagent - ok 14:13:09.0752 4600 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 14:13:09.0768 4600 NativeWifiP - ok 14:13:09.0924 4600 NBService (89844c3d3a7aae8999e229c88e452633) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe 14:13:09.0939 4600 NBService - ok 14:13:10.0017 4600 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 14:13:10.0033 4600 NDIS - ok 14:13:10.0064 4600 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 14:13:10.0064 4600 NdisCap - ok 14:13:10.0080 4600 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 14:13:10.0080 4600 NdisTapi - ok 14:13:10.0111 4600 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 14:13:10.0111 4600 Ndisuio - ok 14:13:10.0158 4600 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 14:13:10.0158 4600 NdisWan - ok 14:13:10.0205 4600 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 14:13:10.0205 4600 NDProxy - ok 14:13:10.0205 4600 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 14:13:10.0205 4600 NetBIOS - ok 14:13:10.0251 4600 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 14:13:10.0251 4600 NetBT - ok 14:13:10.0283 4600 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:13:10.0283 4600 Netlogon - ok 14:13:10.0329 4600 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 14:13:10.0345 4600 Netman - ok 14:13:10.0376 4600 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 14:13:10.0392 4600 netprofm - ok 14:13:10.0470 4600 netr28x (44d4bd55191624c82a2745296ba42814) C:\Windows\system32\DRIVERS\netr28x.sys 14:13:10.0501 4600 netr28x - ok 14:13:10.0563 4600 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:13:10.0563 4600 NetTcpPortSharing - ok 14:13:10.0610 4600 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 14:13:10.0610 4600 nfrd960 - ok 14:13:10.0657 4600 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 14:13:10.0657 4600 NisDrv - ok 14:13:10.0735 4600 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe 14:13:10.0751 4600 NisSrv - ok 14:13:10.0813 4600 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 14:13:10.0813 4600 NlaSvc - ok 14:13:10.0907 4600 NMIndexingService (8dd0cdb0c700992d10169d8769ef5f43) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe 14:13:10.0907 4600 NMIndexingService - ok 14:13:10.0938 4600 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 14:13:10.0938 4600 Npfs - ok 14:13:10.0953 4600 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 14:13:10.0953 4600 nsi - ok 14:13:10.0985 4600 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 14:13:10.0985 4600 nsiproxy - ok 14:13:11.0109 4600 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 14:13:11.0125 4600 Ntfs - ok 14:13:11.0219 4600 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 14:13:11.0219 4600 Null - ok 14:13:11.0702 4600 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys 14:13:11.0749 4600 nvlddmkm - ok 14:13:11.0843 4600 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 14:13:11.0843 4600 nvraid - ok 14:13:11.0858 4600 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 14:13:11.0874 4600 nvstor - ok 14:13:11.0967 4600 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe 14:13:11.0999 4600 nvsvc - ok 14:13:12.0186 4600 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 14:13:12.0233 4600 nvUpdatusService - ok 14:13:12.0311 4600 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 14:13:12.0311 4600 nv_agp - ok 14:13:12.0342 4600 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 14:13:12.0342 4600 ohci1394 - ok 14:13:12.0404 4600 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 14:13:12.0404 4600 p2pimsvc - ok 14:13:12.0482 4600 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 14:13:12.0498 4600 p2psvc - ok 14:13:12.0529 4600 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 14:13:12.0545 4600 Parport - ok 14:13:12.0591 4600 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 14:13:12.0591 4600 partmgr - ok 14:13:12.0607 4600 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 14:13:12.0623 4600 PcaSvc - ok 14:13:12.0638 4600 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 14:13:12.0638 4600 pci - ok 14:13:12.0669 4600 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 14:13:12.0669 4600 pciide - ok 14:13:12.0685 4600 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 14:13:12.0685 4600 pcmcia - ok 14:13:12.0701 4600 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 14:13:12.0701 4600 pcw - ok 14:13:12.0763 4600 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 14:13:12.0779 4600 PEAUTH - ok 14:13:12.0872 4600 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 14:13:12.0872 4600 PerfHost - ok 14:13:12.0997 4600 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 14:13:13.0044 4600 pla - ok 14:13:13.0122 4600 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 14:13:13.0137 4600 PlugPlay - ok 14:13:13.0169 4600 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 14:13:13.0169 4600 PNRPAutoReg - ok 14:13:13.0215 4600 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 14:13:13.0215 4600 PNRPsvc - ok 14:13:13.0309 4600 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 14:13:13.0325 4600 PolicyAgent - ok 14:13:13.0371 4600 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 14:13:13.0371 4600 Power - ok 14:13:13.0434 4600 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 14:13:13.0434 4600 PptpMiniport - ok 14:13:13.0481 4600 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 14:13:13.0481 4600 Processor - ok 14:13:13.0512 4600 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 14:13:13.0512 4600 ProfSvc - ok 14:13:13.0527 4600 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:13:13.0527 4600 ProtectedStorage - ok 14:13:13.0574 4600 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 14:13:13.0574 4600 Psched - ok 14:13:13.0715 4600 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 14:13:13.0746 4600 ql2300 - ok 14:13:13.0886 4600 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 14:13:13.0886 4600 ql40xx - ok 14:13:14.0136 4600 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 14:13:14.0151 4600 QWAVE - ok 14:13:14.0183 4600 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 14:13:14.0183 4600 QWAVEdrv - ok 14:13:14.0183 4600 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 14:13:14.0198 4600 RasAcd - ok 14:13:14.0229 4600 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 14:13:14.0229 4600 RasAgileVpn - ok 14:13:14.0261 4600 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 14:13:14.0261 4600 RasAuto - ok 14:13:14.0307 4600 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:13:14.0307 4600 Rasl2tp - ok 14:13:14.0370 4600 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 14:13:14.0401 4600 RasMan - ok 14:13:14.0432 4600 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 14:13:14.0432 4600 RasPppoe - ok 14:13:14.0495 4600 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 14:13:14.0510 4600 RasSstp - ok 14:13:14.0635 4600 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 14:13:14.0651 4600 rdbss - ok 14:13:14.0666 4600 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 14:13:14.0666 4600 rdpbus - ok 14:13:14.0713 4600 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:13:14.0713 4600 RDPCDD - ok 14:13:14.0791 4600 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 14:13:14.0791 4600 RDPENCDD - ok 14:13:14.0807 4600 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 14:13:14.0807 4600 RDPREFMP - ok 14:13:15.0087 4600 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 14:13:15.0087 4600 RDPWD - ok 14:13:15.0134 4600 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 14:13:15.0134 4600 rdyboost - ok 14:13:15.0181 4600 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 14:13:15.0181 4600 RemoteAccess - ok 14:13:15.0228 4600 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 14:13:15.0228 4600 RemoteRegistry - ok 14:13:15.0243 4600 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 14:13:15.0243 4600 RpcEptMapper - ok 14:13:15.0275 4600 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 14:13:15.0275 4600 RpcLocator - ok 14:13:15.0337 4600 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 14:13:15.0337 4600 RpcSs - ok 14:13:15.0368 4600 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 14:13:15.0368 4600 rspndr - ok 14:13:15.0399 4600 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys 14:13:15.0399 4600 RTL8167 - ok 14:13:15.0493 4600 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:13:15.0493 4600 SamSs - ok 14:13:15.0602 4600 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 14:13:15.0602 4600 sbp2port - ok 14:13:15.0649 4600 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 14:13:15.0649 4600 SCardSvr - ok 14:13:15.0680 4600 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 14:13:15.0680 4600 scfilter - ok 14:13:15.0789 4600 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 14:13:15.0821 4600 Schedule - ok 14:13:15.0852 4600 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 14:13:15.0852 4600 SCPolicySvc - ok 14:13:15.0899 4600 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 14:13:15.0899 4600 SDRSVC - ok 14:13:16.0055 4600 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 14:13:16.0070 4600 secdrv - ok 14:13:16.0101 4600 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 14:13:16.0117 4600 seclogon - ok 14:13:16.0164 4600 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 14:13:16.0164 4600 SENS - ok 14:13:16.0211 4600 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 14:13:16.0211 4600 SensrSvc - ok 14:13:16.0226 4600 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 14:13:16.0226 4600 Serenum - ok 14:13:16.0257 4600 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 14:13:16.0257 4600 Serial - ok 14:13:16.0304 4600 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 14:13:16.0304 4600 sermouse - ok 14:13:16.0398 4600 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 14:13:16.0398 4600 SessionEnv - ok 14:13:16.0445 4600 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 14:13:16.0460 4600 sffdisk - ok 14:13:16.0491 4600 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 14:13:16.0491 4600 sffp_mmc - ok 14:13:16.0507 4600 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 14:13:16.0507 4600 sffp_sd - ok 14:13:16.0507 4600 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 14:13:16.0523 4600 sfloppy - ok 14:13:16.0569 4600 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 14:13:16.0585 4600 SharedAccess - ok 14:13:16.0757 4600 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 14:13:16.0788 4600 ShellHWDetection - ok 14:13:16.0850 4600 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:13:16.0850 4600 SiSRaid2 - ok 14:13:16.0913 4600 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 14:13:16.0944 4600 SiSRaid4 - ok 14:13:16.0975 4600 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 14:13:16.0975 4600 Smb - ok 14:13:17.0006 4600 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 14:13:17.0006 4600 SNMPTRAP - ok 14:13:17.0022 4600 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 14:13:17.0022 4600 spldr - ok 14:13:17.0178 4600 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 14:13:17.0193 4600 Spooler - ok 14:13:17.0490 4600 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 14:13:17.0568 4600 sppsvc - ok 14:13:17.0849 4600 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 14:13:17.0849 4600 sppuinotify - ok 14:13:17.0942 4600 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 14:13:17.0958 4600 srv - ok 14:13:18.0005 4600 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 14:13:18.0020 4600 srv2 - ok 14:13:18.0051 4600 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 14:13:18.0051 4600 srvnet - ok 14:13:18.0083 4600 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 14:13:18.0098 4600 SSDPSRV - ok 14:13:18.0116 4600 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 14:13:18.0116 4600 SstpSvc - ok 14:13:18.0194 4600 Steam Client Service - ok 14:13:18.0272 4600 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 14:13:18.0288 4600 Stereo Service - ok 14:13:18.0319 4600 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 14:13:18.0319 4600 stexstor - ok 14:13:18.0382 4600 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 14:13:18.0413 4600 stisvc - ok 14:13:18.0444 4600 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 14:13:18.0444 4600 swenum - ok 14:13:18.0491 4600 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 14:13:18.0506 4600 swprv - ok 14:13:18.0709 4600 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 14:13:18.0725 4600 SysMain - ok 14:13:18.0896 4600 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 14:13:18.0896 4600 TabletInputService - ok 14:13:18.0928 4600 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 14:13:18.0959 4600 TapiSrv - ok 14:13:18.0990 4600 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 14:13:18.0990 4600 TBS - ok 14:13:19.0271 4600 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 14:13:19.0333 4600 Tcpip - ok 14:13:19.0676 4600 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 14:13:19.0692 4600 TCPIP6 - ok 14:13:19.0754 4600 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 14:13:19.0754 4600 tcpipreg - ok 14:13:19.0786 4600 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 14:13:19.0786 4600 TDPIPE - ok 14:13:19.0801 4600 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 14:13:19.0801 4600 TDTCP - ok 14:13:19.0848 4600 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 14:13:19.0848 4600 tdx - ok 14:13:19.0895 4600 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 14:13:19.0895 4600 TermDD - ok 14:13:19.0973 4600 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 14:13:20.0020 4600 TermService - ok 14:13:20.0066 4600 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 14:13:20.0066 4600 Themes - ok 14:13:20.0098 4600 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 14:13:20.0098 4600 THREADORDER - ok 14:13:20.0129 4600 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 14:13:20.0144 4600 TrkWks - ok 14:13:20.0191 4600 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 14:13:20.0191 4600 TrustedInstaller - ok 14:13:20.0222 4600 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:13:20.0222 4600 tssecsrv - ok 14:13:20.0254 4600 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 14:13:20.0254 4600 TsUsbFlt - ok 14:13:20.0316 4600 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 14:13:20.0332 4600 tunnel - ok 14:13:20.0347 4600 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 14:13:20.0347 4600 uagp35 - ok 14:13:20.0410 4600 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 14:13:20.0410 4600 udfs - ok 14:13:20.0441 4600 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 14:13:20.0441 4600 UI0Detect - ok 14:13:20.0472 4600 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 14:13:20.0472 4600 uliagpkx - ok 14:13:20.0503 4600 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 14:13:20.0503 4600 umbus - ok 14:13:20.0519 4600 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 14:13:20.0519 4600 UmPass - ok 14:13:20.0566 4600 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 14:13:20.0597 4600 upnphost - ok 14:13:20.0644 4600 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 14:13:20.0644 4600 usbaudio - ok 14:13:20.0675 4600 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 14:13:20.0675 4600 usbccgp - ok 14:13:20.0706 4600 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 14:13:20.0706 4600 usbcir - ok 14:13:20.0737 4600 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 14:13:20.0737 4600 usbehci - ok 14:13:20.0784 4600 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 14:13:20.0800 4600 usbhub - ok 14:13:20.0815 4600 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 14:13:20.0815 4600 usbohci - ok 14:13:20.0846 4600 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 14:13:20.0846 4600 usbprint - ok 14:13:20.0862 4600 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:13:20.0862 4600 USBSTOR - ok 14:13:20.0878 4600 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 14:13:20.0878 4600 usbuhci - ok 14:13:20.0893 4600 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 14:13:20.0909 4600 UxSms - ok 14:13:20.0924 4600 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 14:13:20.0924 4600 VaultSvc - ok 14:13:20.0956 4600 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 14:13:20.0956 4600 vdrvroot - ok 14:13:21.0034 4600 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 14:13:21.0065 4600 vds - ok 14:13:21.0112 4600 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 14:13:21.0112 4600 vga - ok 14:13:21.0127 4600 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 14:13:21.0127 4600 VgaSave - ok 14:13:21.0158 4600 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 14:13:21.0174 4600 vhdmp - ok 14:13:21.0205 4600 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 14:13:21.0205 4600 viaide - ok 14:13:21.0236 4600 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 14:13:21.0236 4600 volmgr - ok 14:13:21.0283 4600 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 14:13:21.0299 4600 volmgrx - ok 14:13:21.0330 4600 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 14:13:21.0330 4600 volsnap - ok 14:13:21.0408 4600 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 14:13:21.0424 4600 vsmraid - ok 14:13:21.0595 4600 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 14:13:21.0611 4600 VSS - ok 14:13:21.0782 4600 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 14:13:21.0782 4600 vwifibus - ok 14:13:21.0814 4600 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 14:13:21.0814 4600 vwififlt - ok 14:13:21.0845 4600 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 14:13:21.0845 4600 vwifimp - ok 14:13:21.0907 4600 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 14:13:21.0923 4600 W32Time - ok 14:13:21.0938 4600 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 14:13:21.0938 4600 WacomPen - ok 14:13:21.0985 4600 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 14:13:21.0985 4600 WANARP - ok 14:13:22.0001 4600 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 14:13:22.0001 4600 Wanarpv6 - ok 14:13:22.0313 4600 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 14:13:22.0344 4600 WatAdminSvc - ok 14:13:22.0516 4600 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 14:13:22.0531 4600 wbengine - ok 14:13:22.0781 4600 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 14:13:22.0796 4600 WbioSrvc - ok 14:13:22.0859 4600 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 14:13:22.0859 4600 wcncsvc - ok 14:13:22.0890 4600 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 14:13:22.0890 4600 WcsPlugInService - ok 14:13:22.0937 4600 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 14:13:22.0937 4600 Wd - ok 14:13:22.0999 4600 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 14:13:23.0015 4600 Wdf01000 - ok 14:13:23.0030 4600 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 14:13:23.0030 4600 WdiServiceHost - ok 14:13:23.0046 4600 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 14:13:23.0046 4600 WdiSystemHost - ok 14:13:23.0093 4600 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 14:13:23.0093 4600 WebClient - ok 14:13:23.0108 4600 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 14:13:23.0124 4600 Wecsvc - ok 14:13:23.0140 4600 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 14:13:23.0140 4600 wercplsupport - ok 14:13:23.0171 4600 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 14:13:23.0171 4600 WerSvc - ok 14:13:23.0233 4600 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 14:13:23.0233 4600 WfpLwf - ok 14:13:23.0249 4600 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 14:13:23.0249 4600 WIMMount - ok 14:13:23.0280 4600 WinDefend - ok 14:13:23.0296 4600 WinHttpAutoProxySvc - ok 14:13:23.0358 4600 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 14:13:23.0358 4600 Winmgmt - ok 14:13:23.0545 4600 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 14:13:23.0608 4600 WinRM - ok 14:13:23.0873 4600 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 14:13:23.0888 4600 Wlansvc - ok 14:13:23.0951 4600 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 14:13:23.0951 4600 WmiAcpi - ok 14:13:24.0044 4600 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 14:13:24.0044 4600 wmiApSrv - ok 14:13:24.0091 4600 WMPNetworkSvc - ok 14:13:24.0122 4600 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 14:13:24.0122 4600 WPCSvc - ok 14:13:24.0154 4600 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 14:13:24.0154 4600 WPDBusEnum - ok 14:13:24.0185 4600 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 14:13:24.0185 4600 ws2ifsl - ok 14:13:24.0216 4600 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 14:13:24.0216 4600 wscsvc - ok 14:13:24.0232 4600 WSearch - ok 14:13:24.0544 4600 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 14:13:24.0606 4600 wuauserv - ok 14:13:24.0934 4600 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 14:13:24.0934 4600 WudfPf - ok 14:13:24.0980 4600 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:13:24.0980 4600 WUDFRd - ok 14:13:25.0012 4600 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 14:13:25.0012 4600 wudfsvc - ok 14:13:25.0074 4600 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 14:13:25.0074 4600 WwanSvc - ok 14:13:25.0105 4600 MBR (0x1B8) (d6d2341f2259cc7c8d5580191a32a9b7) \Device\Harddisk0\DR0 14:13:25.0495 4600 \Device\Harddisk0\DR0 - ok 14:13:25.0495 4600 Boot (0x1200) (80934264636d45a8f73c3287524af7c0) \Device\Harddisk0\DR0\Partition0 14:13:25.0495 4600 \Device\Harddisk0\DR0\Partition0 - ok 14:13:25.0511 4600 Boot (0x1200) (6768be59c160c91b3899b8373abdbebd) \Device\Harddisk0\DR0\Partition1 14:13:25.0511 4600 \Device\Harddisk0\DR0\Partition1 - ok 14:13:25.0558 4600 Boot (0x1200) (eb037aa99de0f21941585c4bee95d490) \Device\Harddisk0\DR0\Partition2 14:13:25.0558 4600 \Device\Harddisk0\DR0\Partition2 - ok 14:13:25.0558 4600 ============================================================ 14:13:25.0558 4600 Scan finished 14:13:25.0558 4600 ============================================================ 14:13:25.0573 5004 Detected object count: 0 14:13:25.0573 5004 Actual detected object count: 0 14:13:49.0816 3388 Deinitialize success 3. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-13 14:15:24 ----------------------------- 14:15:24.213 OS Version: Windows x64 6.1.7601 Service Pack 1 14:15:24.213 Number of processors: 8 586 0x1E05 14:15:24.213 ComputerName: MANK70-DATOR UserName: Mank70 14:15:26.616 Initialize success 14:16:14.463 AVAST engine defs: 12071300 14:16:16.397 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 14:16:16.413 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8 14:16:16.428 Disk 0 MBR read successfully 14:16:16.428 Disk 0 MBR scan 14:16:16.444 Disk 0 unknown MBR code 14:16:16.444 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 14:16:16.506 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941944 MB offset 206848 14:16:16.553 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11822 MB offset 1929308609 14:16:16.662 Disk 0 scanning C:\Windows\system32\drivers 14:16:27.754 Service scanning 14:16:53.945 Modules scanning 14:16:53.961 Disk 0 trace - called modules: 14:16:53.976 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 14:16:54.491 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007af6790] 14:16:54.491 3 CLASSPNP.SYS[fffff88001bd043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800781b050] 14:16:58.516 AVAST engine scan C:\Windows 14:17:03.523 Disk 0 MBR has been saved successfully to "C:\Users\Mank70\Desktop\MBR.dat" 14:17:03.523 The log file has been saved successfully to "C:\Users\Mank70\Desktop\aswMBR.txt" 4. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK

Det stod ingenting om ngt rootkit eller ngt annat. Detta är texten som lämnades: ComboFix 12-07-12.02 - Mank70 2012-07-12 13:39:55.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8151.6140 [GMT 2:00] Körs från: c:\users\Mank70\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Mank70\AppData\Local\Temp\{912F698F-3990-43C0-87D8-3917736BB774}\fpb.tmp . . (((((((((((((((((((((((( Filer skapade från 2012-06-12 till 2012-07-12 )))))))))))))))))))))))))))))) . . 2012-07-11 22:05 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-07-11 22:05 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-07-11 13:02 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 10:35 . 2012-07-11 10:35 -------- d-----w- c:\users\Mank70\AppData\Roaming\Malwarebytes 2012-07-11 10:35 . 2012-07-11 10:35 -------- d-----w- c:\programdata\Malwarebytes 2012-07-11 10:35 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-11 10:35 . 2012-07-11 10:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-09 16:53 . 2012-02-11 11:08 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{657BA206-C594-4B71-AC0D-6D8FCFC2B281}\gapaengine.dll 2012-07-09 16:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-07-09 16:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-07-09 16:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-07-09 16:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-07-09 16:51 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-07-09 16:51 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-07-09 16:51 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-07-09 16:50 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-07-09 16:50 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-07-09 16:47 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F8AD044-29E9-46C9-A717-07EE333CCEA4}\mpengine.dll 2012-07-09 15:11 . 2012-07-09 15:11 -------- d-----w- c:\programdata\IBUpdaterService 2012-07-09 13:53 . 2012-07-09 13:54 -------- d-----w- C:\0ebca1d037f143b46736e586b3ec8b 2012-07-09 13:40 . 2012-07-09 13:45 -------- d-----w- c:\users\Mank70\AppData\Local\ElevatedDiagnostics 2012-07-05 08:18 . 2012-02-11 11:08 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-07-03 11:02 . 2012-07-03 11:02 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-06-17 18:57 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-09 20:42 . 2012-04-05 06:24 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-09 20:42 . 2011-11-25 17:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-28 1242448] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992] "LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024] "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696] "Logitech G35"="c:\program files (x86)\Logitech\G35\G35.exe" [2010-10-05 1811800] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BankID säkerhetsprogram.lnk - c:\program files (x86)\Personal\bin\Personal.exe [2012-4-18 1088920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-11-28 410184] R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-11-28 341832] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-11-28 16008] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688] R3 NisSrv;Microsoft Nätverkskontroll;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-25 1255736] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-11-28 22408] S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2011-11-28 66328] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-19 702976] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616] . . --- Övriga tjänster/drivrutiner i minnet --- . *NewlyCreated* - WS2IFSL . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-05-31 c:\windows\Tasks\PCDRScheduledMaintenance.job - c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360] "PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Extra genomsökning ------- . uStart Page = hxxp://www.google.se/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: Interfaces\{575E171D-DDF1-4DB7-AEDE-6ABC6CA8B4EB}: NameServer = 130.244.127.162,212.247.250.254 . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) . . . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1] @="131473" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andra processer som körs ------------------------ . c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe . ************************************************************************** . Sluttid: 2012-07-12 13:47:49 - datorn startades om. ComboFix-quarantined-files.txt 2012-07-12 11:47 . Före genomsökningen: 644 445 216 768 byte ledigt Efter genomsökningen: 644 549 283 840 byte ledigt . - - End Of File - - CEE9FEBF91642C3269F6F6508A89C3A2

1.Jag har fixat att ta bort de första 2. ask toolbar hittar jag helt sonkia inte. 2. Jag har lagt in mägnder med olika program i syfte att få bukt med mina nuvarande dataproblem de senaste dagarna- svårt att veta vilket.. 3: SystemLook 30.07.11 by jpshortstuff Log created at 13:12 on 11/07/2012 by Mank70 Administrator - Elevation successful ========== dir ========== C:\ProgramData\IBUpdaterService - Parameters: "(none)" ---Files--- repository.xml --a---- 3596 bytes [15:11 09/07/2012] [15:11 09/07/2012] ---Folders--- None found. C:\0ebca1d037f143b46736e586b3ec8b - Parameters: "(none)" ---Files--- None found. ---Folders--- Sandbox d------ [13:53 09/07/2012] -= EOF =-

Here we go.. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Mank70 at 19:36:49 on 2012-07-10 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.8151.6052 [GMT 2:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files (x86)\Steam\Steam.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Logitech\G35\G35.exe C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe C:\Program Files\Windows Media Player\WMPSideShowGadget.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe C:\Windows\system32\taskeng.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.se/ uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: RewardsArcade: {597a9974-8cb0-4f41-b61f-ed065738a397} - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - C:\Program Files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll TCP: Interfaces\{575E171D-DDF1-4DB7-AEDE-6ABC6CA8B4EB} : NameServer = 130.244.127.162,212.247.250.254 {18DF081C-E8AD-4283-A596-FA578C2EBDC3} {53707962-6F74-2D53-2644-206D7942484F} {597A9974-8CB0-4f41-B61F-ED065738A397} {9CB65201-89C4-402c-BA80-02D8C59F9B1D} {ba14329e-9550-4989-b3f2-9732e92d17cc} {FE063DB1-4EC0-403e-8DD8-394C54984B2C} {ba14329e-9550-4989-b3f2-9732e92d17cc} {FE063DB9-4EC0-403e-8DD8-394C54984B2C} mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Standard)] mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-25 2253120] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?] R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\system32\DRIVERS\LGSHidFilt.Sys --> C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [?] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\system32\DRIVERS\ladfGSCamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSCamd64.sys [?] S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\system32\DRIVERS\ladfGSRamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSRamd64.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-09 16:53:34 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{657BA206-C594-4B71-AC0D-6D8FCFC2B281}\gapaengine.dll 2012-07-09 16:51:21 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-07-09 16:51:11 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-07-09 16:50:57 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-07-09 16:50:57 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-07-09 16:47:58 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F8AD044-29E9-46C9-A717-07EE333CCEA4}\mpengine.dll 2012-07-09 15:11:33 -------- d-----w- C:\ProgramData\IBUpdaterService 2012-07-09 13:53:57 -------- d-----w- C:\0ebca1d037f143b46736e586b3ec8b 2012-07-09 13:40:18 -------- d-----w- C:\Users\Mank70\AppData\Local\ElevatedDiagnostics 2012-07-05 08:18:51 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-06-17 18:57:30 8955792 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-13 10:18:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe . ==================== Find3M ==================== . 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-09 20:42:46 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-09 20:42:46 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 19:37:10,43 ===============

Hej Cecilia. Med backupskiva menar jag den återställningsskiva jag skapade när jag köpte datorn eftersom det windows som följde med köpet redan var inlagt och ingen windowsorginalskiva följde med.. Jag har nu gjort som det stod på sidan du länkade till och skapat en textfil. Ska jag alltså skriva ut den här i forumet eller hur menar du? Fortfarande mycket tacksam för den hjlp jag får! /Magnus

Tack för sbaren! Jag har provat de trix som förelsagits och det har gått bet. Nu kan jag ej heller uppdatera Microsoft secrity essentials. Så det blir nog till att ominstallera windows. Frågan är då funkar det eftersom jag inte kan tömma hårddisken- då jag bara har en backupskiva för windows? Och vad äre MBR? Tack!

Nope.. jag har inte den mappen C:windows64 som nämns i t¨åden. Tack änbdå.. Funderar på att boota om hela datorn.. det borde ju funka.. eller?