Security Shield!

[MrO]

Det funkade ändå inte :/ Har fortfarande inte behörighet, säger datorn.

O dina popups är fortfarande kvar?

[bengsi]

Ja, popupsen är kvar.

[MrO]

Har du provat att installera en annan webläsare för att se om problemet kvarstår?

[bengsi]

Ja, har provat med både Firefox och Chrome, men det var samma sak där.

Skulle det kunna funka att försöka med en systemåterställning?

[MrO]

Ok då ligger inte problemet i webläsaren utan i windows,nej för då finns risken att du återskapar infektionen i systemet!

Vi får kolla vidare,sen får du hjälp av Cecilia istället för jag har annat för mig!

OTListIt by OldTimer (Nerladdning/Instruktioner):

#: Viktigt:

Skriv ut nedanstående Instruktioner eller kopiera dem till ett textdokumet och spara den till skrivbordet:

Läs/följ nedanstående Instruktioner noga:

#: Hämta hem OTL by OldTimer

=> http://oldtimer.geekstogo.com/OTL.exe

1: Spara filen till skrivbordet

2: Stäng alla öppna program

3: Dubbelklicka för att starta igång programmet

(För Vista och/eller Windows 7 => Högerklicka på verktyget och välj => Kör som Admin)

4: Under Output högt upp så välj Minimal Output.

5: Bocka för LOP Check och Purity Check.

6: Nu klicka på Run Scan och låt programmet scanna klart (Kan ta en stund innan den scannat klart) så ha tålamod.

7: Då den scannat klart kommer den att producera två text-loggar med namnen

OTListIt.txt och Extras.txt. Spara dem till skrivbordet.

OBS Notera:

Om något av dina säkerhetsprogram reagerar och vill ha tillstånd/access till Internet. Ge då tillstånd.

I ditt svar kopierar/klistrar du in nedanstående loggar som du tidigare sparade till ditt skrivbord:

1: OTListIt.txt

2: Extras.txt

OBS:

Kopiera INTE in loggan (textfilen) som bifogad fil ej heller inom code-taggar eller annat.

Kopiera/klistra in loggan/loggarna DIREKT i ditt inlägg.

Spara OTL på Skrivbordet. http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista och Windows 7 högerklicka och Kör som administratör).

I rutan Custom scan's and fixes klistra in följande rader (kolla att du verkligen får med alla raderna och att varje rad här blir en egen rad i rutan):

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Tryck på Quick Scan och låt programmet köra ostört.

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

[bengsi]

OTL logfile created on: 06/08/2012 17:48:18 - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Emma\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3.86 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 68.39% Memory free

7.71 Gb Paging File | 5.60 Gb Available in Paging File | 72.58% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.45 Gb Total Space | 259.64 Gb Free Space | 57.51% Space Free | Partition Type: NTFS

Computer Name: EMMA-VAIO | User Name: Emma | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Emma\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe (Adobe Systems Incorporated)

PRC - C:\Users\Emma\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Personal\bin\Personal.exe (Technology Nexus AB)

PRC - C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Sony of America Corporation)

PRC - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

PRC - C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)

PRC - C:\Program Files (x86)\ekort\ekort.exe (Orbiscom Ltd. All rights reserved.)

PRC - C:\Windows\SysWOW64\OBroker.exe ()

PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Users\Emma\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\SysWOW64\OBroker.exe ()

MOD - C:\Program Files (x86)\ekort\EkortRes.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)

SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()

SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()

SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)

SRV:64bit: - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)

SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)

SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)

SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)

SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)

SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV:64bit: - (TabletService) -- C:\Windows\SysNative\Tablet.exe (Wacom Technology, Corp.)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (VAIO Event Service) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)

SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)

SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)

SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)

SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)

SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)

SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)

SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)

SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)

DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)

DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)

DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)

DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)

DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)

DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)

DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)

DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)

DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)

DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 E9 1E C5 26 73 CD 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{1B75A58B-EF69-4423-930F-4D1373A6B54F}: "URL" =

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ekort@orbiscom: C:\Program Files (x86)\ekort [2011/04/14 13:30:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/29 13:39:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/25 18:24:48 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/08/02 00:49:50 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 78.46.61.26 www.google-analytics.com.

O1 - Hosts: 78.46.61.26 ad-emea.doubleclick.net.

O1 - Hosts: 78.46.61.26 www.statcounter.com.

O1 - Hosts: 108.163.215.51 www.google-analytics.com.

O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.

O1 - Hosts: 108.163.215.51 www.statcounter.com.

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120629133947.dll (McAfee, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120629133947.dll (McAfee, Inc.)

O2 - BHO: (e-kort Helper Class) - {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program Files (x86)\ekort\EKortHelper.dll ()

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (e-kort Toolbar) - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program Files (x86)\ekort\EKortToolbar.dll ()

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart File not found

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [browserChoice] "C:\Windows\System32\browserchoice.exe" /run File not found

O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Emma\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

O4 - Startup: C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} http://www.turntool.com/ViewerInstall.exe (TurnTool Scene)

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujidirekt.se/aurigma/ImageUploader5.cab (Image Uploader Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36601CEE-D5D8-49CC-9878-7011DD745294}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D7BD819-48F2-4E64-8CDB-988BAD52DF69}: DhcpNameServer = 195.54.122.199 195.54.122.204

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/06 17:44:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Emma\Desktop\OTL.exe

[2012/08/06 11:00:12 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Local\Mozilla

[2012/08/06 11:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/08/06 10:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/08/06 10:32:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/08/06 10:25:20 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/08/05 21:01:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2012/08/05 21:01:00 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/08/05 19:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/08/05 19:19:09 | 002,975,336 | ---- | C] (Piriform Ltd) -- C:\Users\Emma\Desktop\ccsetup321_slim.exe

[2012/08/05 18:12:01 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\f-secure

[2012/08/05 18:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure

[2012/08/05 14:25:15 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\TuneUp Software

[2012/08/05 14:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2012/08/05 14:23:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2012/08/05 14:23:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/08/05 13:03:34 | 000,000,000 | R--D | C] -- C:\Users\Emma\Documents\Favorites

[2012/08/03 15:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/08/03 13:58:17 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Emma\Desktop\TFC.exe

[2012/08/03 12:24:48 | 000,000,000 | ---D | C] -- C:\Users\Emma\Desktop\RK_Quarantine

[2012/08/03 11:30:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Emma\Desktop\aswMBR.exe

[2012/08/03 09:49:29 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Emma\Desktop\dds.scr

[2012/08/02 22:00:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/08/02 22:00:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/08/02 22:00:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/08/02 21:55:04 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/02 21:54:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/08/02 21:49:04 | 004,725,168 | R--- | C] (Swearware) -- C:\Users\Emma\Desktop\ComboFix.exe

[2012/08/02 20:06:31 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\Malwarebytes

[2012/08/02 20:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/02 20:06:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/08/02 20:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/02 20:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/08/02 20:03:58 | 000,000,000 | ---D | C] -- C:\Users\Emma\Desktop\rkill-backup

[2012/08/02 00:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CC77000844B0C9AE2DF4F875F002

[2012/07/24 22:47:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/07/24 13:22:36 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Emma\Desktop\TDSSKiller.exe

[2012/07/17 17:18:06 | 000,000,000 | ---D | C] -- C:\Users\Emma\Desktop\BRIGHTON BECKS

[2012/07/13 20:13:29 | 000,000,000 | ---D | C] -- C:\Users\Emma\Documents\Brighton

[2012/07/12 23:39:03 | 000,000,000 | ---D | C] -- C:\Users\Emma\Documents\mythical-creatures-assets-package_2

[2012/07/12 22:05:44 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2012/07/12 22:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe

[2012/07/12 22:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM

[2012/07/12 21:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2012/07/12 21:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2012/07/12 20:50:37 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/07/12 20:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant

[2012/07/12 20:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2012/07/12 01:57:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/07/12 01:57:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/07/12 01:57:58 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/07/12 01:57:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/07/12 01:57:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/07/12 01:57:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/07/12 01:57:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/07/12 01:57:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/07/12 01:57:54 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/07/12 01:57:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/07/12 01:57:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/07/12 01:57:54 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/07/12 01:57:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/07/11 19:18:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2012/07/11 19:18:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2012/07/11 19:18:11 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012/07/11 19:18:01 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

[2012/07/11 19:17:57 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll

========== Files - Modified Within 30 Days ==========

[2012/08/06 17:50:00 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/06 17:45:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Emma\Desktop\OTL.exe

[2012/08/06 17:41:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/06 16:38:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/06 14:09:51 | 000,000,824 | ---- | M] () -- C:\Users\Emma\Desktop\hosts

[2012/08/06 10:40:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/06 10:40:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/06 10:37:03 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk

[2012/08/06 10:32:17 | 000,001,004 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/06 10:31:37 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/06 09:50:25 | 004,725,168 | R--- | M] (Swearware) -- C:\Users\Emma\Desktop\ComboFix.exe

[2012/08/05 20:23:19 | 001,466,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/05 20:23:19 | 000,626,006 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2012/08/05 20:23:19 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/05 20:23:19 | 000,124,128 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2012/08/05 20:23:19 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/05 20:10:01 | 000,003,240 | ---- | M] () -- C:\Users\Emma\Desktop\Attach.zip

[2012/08/05 19:20:46 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/08/05 19:19:25 | 002,975,336 | ---- | M] (Piriform Ltd) -- C:\Users\Emma\Desktop\ccsetup321_slim.exe

[2012/08/05 18:45:55 | 000,000,134 | ---- | M] () -- C:\Users\Emma\Desktop\hosts-perm.bat

[2012/08/05 18:40:22 | 000,000,274 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AA0C8ADD-AA4A-433E-8C79-299935B01853}.job

[2012/08/05 17:31:21 | 000,003,664 | ---- | M] () -- C:\bootsqm.dat

[2012/08/03 14:41:56 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/08/03 14:41:56 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/08/03 13:58:18 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Emma\Desktop\TFC.exe

[2012/08/03 12:23:10 | 001,552,384 | ---- | M] () -- C:\Users\Emma\Desktop\RogueKiller.exe

[2012/08/03 11:35:23 | 000,000,512 | ---- | M] () -- C:\Users\Emma\Desktop\MBR.dat

[2012/08/03 11:30:53 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Emma\Desktop\aswMBR.exe

[2012/08/03 11:21:38 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Emma\Desktop\TDSSKiller.exe

[2012/08/03 09:49:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Emma\Desktop\dds.scr

[2012/08/02 20:06:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/02 00:49:50 | 000,001,392 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/08/01 15:41:35 | 000,423,053 | ---- | M] () -- C:\Users\Emma\Documents\kvitto lensway.xps

[2012/08/01 09:50:36 | 000,244,774 | ---- | M] () -- C:\test.xml

[2012/07/18 16:58:10 | 035,852,793 | ---- | M] () -- C:\Users\Emma\Documents\OnFire_chapter1.pdf

[2012/07/15 14:02:17 | 005,002,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/14 21:40:44 | 002,640,603 | ---- | M] () -- C:\Users\Emma\Documents\hallelujah.wma

[2012/07/12 20:50:34 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk

========== Files Created - No Company Name ==========

[2012/08/06 14:09:51 | 000,000,824 | ---- | C] () -- C:\Users\Emma\Desktop\hosts

[2012/08/05 20:10:01 | 000,003,240 | ---- | C] () -- C:\Users\Emma\Desktop\Attach.zip

[2012/08/05 19:20:46 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/08/05 18:45:55 | 000,000,134 | ---- | C] () -- C:\Users\Emma\Desktop\hosts-perm.bat

[2012/08/05 18:40:22 | 000,000,274 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{AA0C8ADD-AA4A-433E-8C79-299935B01853}.job

[2012/08/05 17:31:21 | 000,003,664 | ---- | C] () -- C:\bootsqm.dat

[2012/08/03 12:23:08 | 001,552,384 | ---- | C] () -- C:\Users\Emma\Desktop\RogueKiller.exe

[2012/08/03 11:35:23 | 000,000,512 | ---- | C] () -- C:\Users\Emma\Desktop\MBR.dat

[2012/08/02 22:00:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/08/02 22:00:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/08/02 22:00:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/08/02 22:00:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/08/02 22:00:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/08/02 20:06:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/01 15:41:34 | 000,423,053 | ---- | C] () -- C:\Users\Emma\Documents\kvitto lensway.xps

[2012/07/18 16:58:08 | 035,852,793 | ---- | C] () -- C:\Users\Emma\Documents\OnFire_chapter1.pdf

[2012/07/14 21:44:15 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk

[2012/07/14 21:43:26 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk

[2012/07/14 21:40:44 | 002,640,603 | ---- | C] () -- C:\Users\Emma\Documents\hallelujah.wma

[2012/07/12 22:02:08 | 000,001,650 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk

[2012/07/12 22:00:51 | 000,001,518 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk

[2012/07/12 21:59:44 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk

[2012/07/12 21:59:07 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk

[2012/07/12 21:53:46 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk

[2012/07/12 21:53:31 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk

[2012/07/12 21:53:06 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk

[2012/07/12 20:50:34 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk

[2012/07/12 20:50:34 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk

[2011/11/23 15:33:54 | 000,000,272 | ---- | C] () -- C:\Users\Emma\AppData\Roaming\.backup.dm

[2011/04/14 13:30:20 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\OBroker.exe

[2010/10/10 23:17:44 | 000,010,752 | ---- | C] () -- C:\Users\Emma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/11 00:11:38 | 000,000,004 | ---- | C] () -- C:\Users\Emma\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2012/06/30 22:28:56 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Audacity

[2010/07/11 19:01:41 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Auslogics

[2012/04/07 13:09:41 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\BitZipper

[2012/01/20 15:02:49 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Canon

[2012/07/12 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/08/05 18:12:01 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\f-secure

[2011/05/31 17:48:51 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Fit3DLive

[2010/10/03 00:03:27 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Opera

[2011/04/08 15:07:08 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Personal

[2011/07/28 22:53:17 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\RenPy

[2012/06/25 17:21:46 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\SanDisk

[2012/07/18 00:01:40 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Spotify

[2012/07/12 22:05:44 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010/09/11 00:12:40 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Template

[2012/08/05 14:25:15 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\TuneUp Software

[2012/08/05 20:06:18 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\uTorrent

[2011/01/10 16:24:43 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Windows Live Writer

[2012/08/05 19:14:23 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/08/05 18:40:22 | 000,000,274 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AA0C8ADD-AA4A-433E-8C79-299935B01853}.job

========== Purity Check ==========

< End of report >

[bengsi]

OTL Extras logfile created on: 06/08/2012 17:48:18 - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Emma\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3.86 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 68.39% Memory free

7.71 Gb Paging File | 5.60 Gb Available in Paging File | 72.58% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.45 Gb Total Space | 259.64 Gb Free Space | 57.51% Space Free | Partition Type: NTFS

Computer Name: EMMA-VAIO | User Name: Emma | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{173E726E-C763-4F39-9D34-14F75868832B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{28A09FA6-A1A0-460A-B3ED-1B4BE30BEB25}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{2B262F65-9AA8-484A-8AD8-5E63C9ACC7D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2FDBD31C-D0B8-434E-BEFD-275047DE6022}" = lport=138 | protocol=17 | dir=in | app=system |

"{3B2A31C8-AEF5-4EAE-BF9A-A9DF81504BD1}" = lport=445 | protocol=6 | dir=in | app=system |

"{3FC74F5C-23A3-42DE-A1C8-C1B5FAB6E664}" = lport=139 | protocol=6 | dir=in | app=system |

"{45F85A10-B218-408D-8CAB-B34D5B347284}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{545D74E0-EE70-42C2-B31B-E06ADF7733D3}" = rport=138 | protocol=17 | dir=out | app=system |

"{65F672A0-EAAF-4875-8E30-F728F6F131FD}" = lport=2869 | protocol=6 | dir=in | app=system |

"{67B445C3-CC03-4DBE-ABD2-6BCB5D737A40}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{685AFF91-EA0F-4657-9A21-A2199A250586}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{6D44E3BA-727B-4CF5-92E9-0DB0D9FD33DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7F11A23E-DD25-4D6B-A1F8-F897C20BE0FD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{880E84C9-E55E-46FA-974B-3D59776A4C13}" = lport=137 | protocol=17 | dir=in | app=system |

"{8BA42885-5CEC-4381-B328-92211D1FFFDA}" = rport=137 | protocol=17 | dir=out | app=system |

"{9D6BA8F2-F5BF-4705-926D-2D36D780186D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{A25A6369-F05F-463B-BA3D-8B6B97C2C50E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{AAD9CA4B-8433-406F-95A5-D10AC7680388}" = lport=2869 | protocol=6 | dir=in | app=system |

"{AEC69A38-F4A8-4092-ADC6-A4245766628A}" = lport=10243 | protocol=6 | dir=in | app=system |

"{B21909C0-EC05-409C-9372-222382687EA9}" = rport=139 | protocol=6 | dir=out | app=system |

"{D30B3FAE-437B-415E-AA6C-6D881EB619F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{E1C61DCC-A1F6-4884-A1A4-3E7060808F88}" = rport=445 | protocol=6 | dir=out | app=system |

"{EE3A3F95-D54B-4CA5-8026-E9106247DDAC}" = rport=10243 | protocol=6 | dir=out | app=system |

"{F5762939-047D-4F8F-A26E-8BC32B62CF5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{FFE675FF-AB2F-4156-8565-E8BCBE01448C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0964731C-A534-4D13-9B23-A1FB8A5FFC96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0F44C7DB-7C94-4F88-9656-46CB4466B94C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{1281AACB-3F57-40CC-84C7-F05DF978FBB2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{137EF48A-6B1B-4C10-939B-066D516CA227}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{1CAC4890-9BDD-4071-A6A7-DC9843A28D84}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{1F6488BF-B368-46D2-B212-C12B21D6FC73}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{210410D8-E307-4CDC-998C-F9297AD12B38}" = protocol=6 | dir=out | app=system |

"{26BF1C85-654B-41EA-B2E0-DBBB843AF1DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{302DF6AD-FC22-40F8-AA42-515A21B5C08E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{30E77DBF-3E34-4E6A-906F-642AD9522955}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{3BFB0708-E6B4-4908-A617-1DB805D5E54C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{435A1B51-E807-4604-9444-81E8C3BA7752}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{4D18DDBF-D0EA-4692-85DE-587A89DEEA04}" = protocol=58 | dir=in | app=system |

"{5457857E-4AEC-4467-A601-B8BF95BDD092}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{57ED467C-3420-40D9-BAC6-449208D4510F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{626C3850-43B6-49AB-861D-5F576B8DAF94}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{78C0543C-7709-45A3-98F3-095CBF831067}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{8767BDB6-1E91-438B-88BD-E5A68DFD54C2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{9A1FCB1D-9B6B-4139-A5AA-2283BBB87753}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A1A30DD6-864F-49B5-B594-8F2B8B016913}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AEE598C7-B358-4725-BC92-91B8996C3A92}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B9D0C3D5-500E-4FE3-B2CA-C920AEB8239B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{BAB3C80D-580E-4809-AE23-7F9F83CF44CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{D19EB56C-8B21-4CCC-9228-5138E41D0927}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{D96F18A4-8C1B-463F-9E2D-D48C61CBE473}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{DB11027E-1347-4673-BDE1-02660CDF9322}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{DD7DB7AF-5E03-4847-9B60-AB6DA5913BD8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E5714268-1063-462D-B7C8-EBD6442BEAB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E6BD7EAB-7897-4087-A91A-523D50390246}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{EEAB42BB-16C0-471C-822A-15C4AE785587}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{F9ACB208-53F3-484F-8C2A-A6C9B2969444}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{FB1D0263-049A-4F56-B99F-4CEF2FC91852}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{FEF8699E-99AF-4007-B38C-FB3F6FA4785F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP260_series" = Canon MP260 series MP Drivers

"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java 6 Update 16 (64-bit)

"{393A9268-A428-4F5A-9B20-BD753309A98E}" = Click to Disc MergeModules x64

"{3F2A8756-C008-43D7-8E1D-7300AA394549}" = Windows Live Family Safety

"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8CD311D9-CE40-2D2C-89CB-EED5027D9ED9}" = ccc-utility64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-002A-041D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Swedish) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96CC6DCC-8EBA-3F85-899B-933F599C4142}" = Microsoft .NET Framework 4 Client Profile SVE Language Pack

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{C37B6246-7D4A-4E5C-BFB4-11C8660BDC99}" = VAIO Movie Story MergeModules x64

"{CC2B71CC-F0FB-7E59-2ACD-614F7FB5D5F2}" = ATI Catalyst Install Manager

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile SVE Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - SVE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care

"{01169717-5E26-9395-A544-DC9098896147}" = Catalyst Control Center InstallProxy

"{012005D4-E3EF-1B6C-AF73-5CD654F7C566}" = CCC Help Spanish

"{0712E505-7C49-F24B-C526-53D13B070397}" = Catalyst Control Center Graphics Previews Vista

"{077AFFE9-BC8B-7811-0EEF-632D31E49C87}" = Catalyst Control Center Graphics Full New

"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord

"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B4F37D9-951B-B4C0-31FD-06304092DD70}" = CCC Help Norwegian

"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings

"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)

"{1E450972-E996-4EC1-A4C3-1518A46928D0}" = VAIO Content Metadata Intelligent Network Service Manager

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FD416D0-CC16-41D1-A25C-C9986CD8BBAB}" = VAIO Content Metadata Intelligent Analyzing Manager

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{208345BE-27BB-4367-B245-A5B6E764FDD0}" = VAIO Content Metadata Intelligent Analyzing Manager

"{2110ECBD-BF15-4673-8852-8C68DDEB26AC}" = Media Gallery

"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch

"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Monitoring Settings

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1

"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common

"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library

"{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library

"{304FA186-DECC-9CC7-2FAE-0B67DB6FAE61}" = CCC Help Portuguese

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool

"{3619666A-CB7E-0D03-3DFB-3F83BAF0FB6B}" = CCC Help Turkish

"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care

"{37531547-B1F4-45E6-98FC-8AF5F2F0EAA4}" = VAIO Content Metadata Manager Settings

"{37DA1B85-CB86-E048-8DB8-44B893C8AEA1}" = Catalyst Control Center Localization All

"{3DD0F01F-98E4-6682-6272-DC51658035CA}" = Catalyst Control Center Graphics Light

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{4427F384-B5BE-4769-B7D0-C784FC321EB1}" = VAIO Content Metadata Intelligent Network Service Manager

"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2

"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6

"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials

"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC

"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)

"{4F753D00-FC8E-4AB2-E9EC-91251BC44F60}" = CCC Help German

"{50026CD1-BDF2-29E1-10DF-9A414DFD90A8}" = CCC Help Polish

"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ

"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI

"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool

"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data

"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update

"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support

"{5FC56CFC-FBD8-7D5C-D16F-025F43F313B5}" = CCC Help Japanese

"{644EF892-C792-F4FE-7D3E-DDACDEE15ACA}" = CCC Help Russian

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources

"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger

"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform

"{6B99E90E-2AC4-4D72-8D88-39030783172B}" = e-kort

"{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings

"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data

"{70991E0A-1108-437E-BA7D-085702C670C0}" =

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center

"{7392AA60-133D-4761-94DB-8FBC9B6CD5EA}" = VAIO Content Metadata Intelligent Network Service Manager

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio

"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78665DD8-307F-B6B9-D0AA-BE9D9DCBACED}" = CCC Help French

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B7A0C2B-89BF-9D93-65D5-CA10361C4A45}" = CCC Help English

"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2

"{7C5FF476-5B4B-E07F-3AD1-D035F19340A2}" = CCC Help Czech

"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Power Management

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{885E16CA-C33E-082A-2A72-DDD9F8C2C20E}" = CCC Help Chinese Traditional

"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery

"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide

"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-041D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Swedish) 2007

"{90120000-0016-041D-0000-0000000FF1CE}_HOMESTUDENTR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Swedish) 2007

"{90120000-0018-041D-0000-0000000FF1CE}_HOMESTUDENTR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-041D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Swedish) 2007

"{90120000-001B-041D-0000-0000000FF1CE}_HOMESTUDENTR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007

"{90120000-001F-040B-0000-0000000FF1CE}_HOMESTUDENTR_{C3B4672B-3FE7-4D6F-AFF3-80D290C1131E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007

"{90120000-001F-041D-0000-0000000FF1CE}_HOMESTUDENTR_{4A960AFC-E28F-4233-953F-1903BE859B79}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-041D-1000-0000000FF1CE}_HOMESTUDENTR_{18651597-9190-4C03-902A-6F8F58A91A3E}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-002C-041D-0000-0000000FF1CE}" = Microsoft Office Proofing (Swedish) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-041D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Swedish) 2007

"{90120000-006E-041D-0000-0000000FF1CE}_HOMESTUDENTR_{18651597-9190-4C03-902A-6F8F58A91A3E}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-041D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Swedish) 2007

"{90120000-00A1-041D-0000-0000000FF1CE}_HOMESTUDENTR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{9118C696-FC94-435B-E4A3-77169E050F77}" = CCC Help Hungarian

"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS

"{91AAC9F5-0BF7-BD73-C00E-F907C00A1612}" = CCC Help Thai

"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library

"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =

"{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform

"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant

"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library

"{9B75981A-E44C-8F1F-87FA-90AF19E0B543}" = CCC Help Korean

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics

"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding

"{A02D29FD-6961-5CED-B8AC-906DDDF4FD61}" = CCC Help Dutch

"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library

"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Settings

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate

"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series

"{A8453E55-43B9-086C-8E81-05BDF7D685E8}" = Catalyst Control Center Graphics Previews Common

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC050677-EAFC-4B57-8F83-8205F65134D2}" = VAIO Content Metadata XML Interface Library

"{AC7327AD-68B6-26B0-1C77-6178BD13C10B}" = CCC Help Italian

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2

"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager

"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager

"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy

"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB

"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0

"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default

"{BA9632CB-2B93-4FD6-905C-BB325CE1C4DD}" = e-kort

"{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager

"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6

"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup

"{C614B5D2-2AE5-5026-350F-C893A2EF690C}" = Catalyst Control Center Graphics Full Existing

"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC

"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service

"{C9E84BA5-FCDD-B150-1EC9-F003F04607EC}" = CCC Help Swedish

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86

"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents

"{D6782EBE-7DEB-6DB6-2F36-1CF4F929541C}" = CCC Help Finnish

"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver

"{DA71EE59-9DF8-E845-942E-1974E620D9AB}" = CCC Help Chinese Standard

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer

"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery

"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F64227CC-EF4C-1122-1A4B-0D7147D537F8}" = ccc-core-static

"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{F8D915D4-0E11-6E92-C51B-88AEA671E9EF}" = Catalyst Control Center Core Implementation

"{FA0813C1-1F93-0F76-08C2-DCE9D844928A}" = CCC Help Greek

"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =

"{FB8E2BF6-5D1D-831E-1DD7-B2817A201FDF}" = CCC Help Danish

"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)

"CanonSolutionMenu" = Canon Utilities Solution Menu

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"Digital Editions" = Adobe Digital Editions

"ESET Online Scanner" = ESET Online Scanner v3

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)

"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1

"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX

"InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX

"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX

"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX

"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)

"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data

"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide

"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX

"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX

"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library

"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)

"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX

"LAME_is1" = LAME v3.99.3 (for Windows)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"MarketingTools" = VAIO Marketing Tools

"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0

"MSC" = McAfee Internet Security

"Personal" = BankID säkerhetsprogram 4.17.0

"splashtop" = VAIO Quick Web Access

"Spotify" = Spotify

"Tablet Driver" = Platta

"uTorrent" = µTorrent

"VAIO Help and Support" =

"VAIO Premium Partners" = VAIO Premium Partners

"VAIO screensaver" = VAIO screensaver

"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{dfc307dd-ab9f-4f7b-844c-a97d6e70cac4}_is1" = FitLive 1.1.15

"Sansa Updater" = Sansa Updater

"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 18/03/2012 06:45:41 | Computer Name = Emma-VAIO | Source = VzCdbSvc | ID = 7

Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error

code = 0x80042019)

Error - 19/03/2012 06:03:04 | Computer Name = Emma-VAIO | Source = VzCdbSvc | ID = 7

Description = Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error

code = 0x80042000)

Error - 19/03/2012 06:03:04 | Computer Name = Emma-VAIO | Source = VzCdbSvc | ID = 7

Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error

code = 0x80042019)

Error - 21/03/2012 06:16:58 | Computer Name = Emma-VAIO | Source = VzCdbSvc | ID = 7

Description = Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error

code = 0x80042000)

Error - 21/03/2012 06:16:58 | Computer Name = Emma-VAIO | Source = VzCdbSvc | ID = 7

Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error

code = 0x80042019)

Error - 22/03/2012 11:11:10 | Computer Name = Emma-VAIO | Source = VzCdbSvc | ID = 7

Description = Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error

code = 0x80042000)

Error - 22/03/2012 11:11:10 | Computer Name = Emma-VAIO | Source = VzCdbSvc | ID = 7

Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error

code = 0x80042019)

Error - 22/03/2012 17:28:14 | Computer Name = Emma-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen

vid: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras

mot den aktuella systemklockan eller tidsstämpeln i den signerade filen. .

Error - 23/03/2012 04:52:38 | Computer Name = Emma-VAIO | Source = VzCdbSvc | ID = 7

Description = Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error

code = 0x80042000)

Error - 23/03/2012 04:52:39 | Computer Name = Emma-VAIO | Source = VzCdbSvc | ID = 7

Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error

code = 0x80042019)

[ Media Center Events ]

Error - 12/06/2010 04:12:12 | Computer Name = Emma-VAIO | Source = MCUpdate | ID = 0

Description = 10:12:11 - Ett fel inträffade under anslutningen till Internet. 10:12:11

- Det gick inte att kontakta servern..

Error - 12/06/2010 04:12:26 | Computer Name = Emma-VAIO | Source = MCUpdate | ID = 0

Description = 10:12:17 - Ett fel inträffade under anslutningen till Internet. 10:12:17

- Det gick inte att kontakta servern..

Error - 03/07/2010 16:48:00 | Computer Name = Emma-VAIO | Source = MCUpdate | ID = 0

Description = 22:48:00 - Ett fel inträffade under anslutningen till Internet. 22:48:00

- Det gick inte att kontakta servern..

Error - 03/07/2010 16:48:13 | Computer Name = Emma-VAIO | Source = MCUpdate | ID = 0

Description = 22:48:05 - Ett fel inträffade under anslutningen till Internet. 22:48:05

- Det gick inte att kontakta servern..

Error - 03/07/2010 17:48:18 | Computer Name = Emma-VAIO | Source = MCUpdate | ID = 0

Description = 23:48:18 - Ett fel inträffade under anslutningen till Internet. 23:48:18

- Det gick inte att kontakta servern..

Error - 03/07/2010 17:48:24 | Computer Name = Emma-VAIO | Source = MCUpdate | ID = 0

Description = 23:48:23 - Ett fel inträffade under anslutningen till Internet. 23:48:23

- Det gick inte att kontakta servern..

Error - 03/07/2010 18:48:29 | Computer Name = Emma-VAIO | Source = MCUpdate | ID = 0

Description = 00:48:29 - Ett fel inträffade under anslutningen till Internet. 00:48:29

- Det gick inte att kontakta servern..

Error - 03/07/2010 18:48:35 | Computer Name = Emma-VAIO | Source = MCUpdate | ID = 0

Description = 00:48:34 - Ett fel inträffade under anslutningen till Internet. 00:48:34

- Det gick inte att kontakta servern..

Error - 10/07/2010 07:32:48 | Computer Name = Emma-VAIO | Source = MCUpdate | ID = 0

Description = 13:32:48 - Ett fel inträffade under anslutningen till Internet. 13:32:48

- Det gick inte att kontakta servern..

Error - 10/07/2010 07:32:59 | Computer Name = Emma-VAIO | Source = MCUpdate | ID = 0

Description = 13:32:53 - Ett fel inträffade under anslutningen till Internet. 13:32:53

- Det gick inte att kontakta servern..

[ OSession Events ]

Error - 12/02/2011 19:03:02 | Computer Name = Emma-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25

seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/03/2011 11:31:14 | Computer Name = Emma-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/08/2011 12:10:13 | Computer Name = Emma-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 05/08/2012 12:53:39 | Computer Name = Emma-VAIO | Source = Service Control Manager | ID = 7001

Description = Tjänsten Computer Browser är beroende av tjänsten Server. Den sistnämnda

kunde inte starta på grund av följande fel: %%1068

Error - 05/08/2012 12:54:24 | Computer Name = Emma-VAIO | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Roxio

Upnp Server 10 skulle ansluta.

Error - 05/08/2012 13:14:24 | Computer Name = Emma-VAIO | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Roxio

Upnp Server 10 skulle ansluta.

Error - 05/08/2012 13:15:03 | Computer Name = Emma-VAIO | Source = Service Control Manager | ID = 7011

Description = En timeout (30000 ms) inträffade vid väntan på transaktionssvar från

tjänsten VcmIAlzMgr.

Error - 05/08/2012 13:17:19 | Computer Name = Emma-VAIO | Source = bowser | ID = 8003

Description =

Error - 06/08/2012 03:12:04 | Computer Name = Emma-VAIO | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Roxio

Upnp Server 10 skulle ansluta.

Error - 06/08/2012 03:55:16 | Computer Name = Emma-VAIO | Source = Service Control Manager | ID = 7030

Description = Tjänsten PEVSystemStart är markerad som en interaktiv tjänst. Systemet

är dock konfigurerat för att inte tillåta interaktiva tjänster. Tjänsten kommer

kanske inte att fungera korrekt.

Error - 06/08/2012 04:03:29 | Computer Name = Emma-VAIO | Source = Service Control Manager | ID = 7030

Description = Tjänsten PEVSystemStart är markerad som en interaktiv tjänst. Systemet

är dock konfigurerat för att inte tillåta interaktiva tjänster. Tjänsten kommer

kanske inte att fungera korrekt.

Error - 06/08/2012 04:31:57 | Computer Name = Emma-VAIO | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Roxio

Upnp Server 10 skulle ansluta.

Error - 06/08/2012 04:32:49 | Computer Name = Emma-VAIO | Source = Service Control Manager | ID = 7011

Description = En timeout (30000 ms) inträffade vid väntan på transaktionssvar från

tjänsten VcmIAlzMgr.

< End of report >

[bengsi]

OTL logfile created on: 06/08/2012 18:25:47 - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Emma\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3.86 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 63.11% Memory free

7.71 Gb Paging File | 5.48 Gb Available in Paging File | 71.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.45 Gb Total Space | 259.64 Gb Free Space | 57.51% Space Free | Partition Type: NTFS

Computer Name: EMMA-VAIO | User Name: Emma | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Emma\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\Emma\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Personal\bin\Personal.exe (Technology Nexus AB)

PRC - C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Sony of America Corporation)

PRC - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

PRC - C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)

PRC - C:\Program Files (x86)\ekort\ekort.exe (Orbiscom Ltd. All rights reserved.)

PRC - C:\Windows\SysWOW64\OBroker.exe ()

PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Users\Emma\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\SysWOW64\OBroker.exe ()

MOD - C:\Program Files (x86)\ekort\EkortRes.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)

SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()

SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()

SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)

SRV:64bit: - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)

SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)

SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)

SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)

SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)

SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV:64bit: - (TabletService) -- C:\Windows\SysNative\Tablet.exe (Wacom Technology, Corp.)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (VAIO Event Service) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe (Sony Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)

SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)

SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)

SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)

SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)

SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)

SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)

SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)

SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)

DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)

DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)

DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)

DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)

DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)

DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)

DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)

DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)

DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)

DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 E9 1E C5 26 73 CD 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{1B75A58B-EF69-4423-930F-4D1373A6B54F}: "URL" =

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ekort@orbiscom: C:\Program Files (x86)\ekort [2011/04/14 13:30:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/29 13:39:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/07/25 18:24:48 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/08/02 00:49:50 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 78.46.61.26 www.google-analytics.com.

O1 - Hosts: 78.46.61.26 ad-emea.doubleclick.net.

O1 - Hosts: 78.46.61.26 www.statcounter.com.

O1 - Hosts: 108.163.215.51 www.google-analytics.com.

O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.

O1 - Hosts: 108.163.215.51 www.statcounter.com.

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120629133947.dll (McAfee, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120629133947.dll (McAfee, Inc.)

O2 - BHO: (e-kort Helper Class) - {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program Files (x86)\ekort\EKortHelper.dll ()

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (e-kort Toolbar) - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program Files (x86)\ekort\EKortToolbar.dll ()

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [e-kort] C:\PROGRA~2\ekort\ekort.exe /dontopenmycards /Autostart File not found

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [browserChoice] "C:\Windows\System32\browserchoice.exe" /run File not found

O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Emma\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

O4 - Startup: C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} http://www.turntool.com/ViewerInstall.exe (TurnTool Scene)

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujidirekt.se/aurigma/ImageUploader5.cab (Image Uploader Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36601CEE-D5D8-49CC-9878-7011DD745294}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D7BD819-48F2-4E64-8CDB-988BAD52DF69}: DhcpNameServer = 195.54.122.199 195.54.122.204

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/06 17:44:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Emma\Desktop\OTL.exe

[2012/08/06 11:00:12 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Local\Mozilla

[2012/08/06 11:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/08/06 10:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/08/06 10:32:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/08/06 10:25:20 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/08/05 21:01:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2012/08/05 21:01:00 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012/08/05 19:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/08/05 19:19:09 | 002,975,336 | ---- | C] (Piriform Ltd) -- C:\Users\Emma\Desktop\ccsetup321_slim.exe

[2012/08/05 18:12:01 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\f-secure

[2012/08/05 18:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure

[2012/08/05 14:25:15 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\TuneUp Software

[2012/08/05 14:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2012/08/05 14:23:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2012/08/05 14:23:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/08/05 13:03:34 | 000,000,000 | R--D | C] -- C:\Users\Emma\Documents\Favorites

[2012/08/03 15:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/08/03 13:58:17 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Emma\Desktop\TFC.exe

[2012/08/03 12:24:48 | 000,000,000 | ---D | C] -- C:\Users\Emma\Desktop\RK_Quarantine

[2012/08/03 11:30:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Emma\Desktop\aswMBR.exe

[2012/08/03 09:49:29 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Emma\Desktop\dds.scr

[2012/08/02 22:00:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/08/02 22:00:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/08/02 22:00:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/08/02 21:55:04 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/02 21:54:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/08/02 21:49:04 | 004,725,168 | R--- | C] (Swearware) -- C:\Users\Emma\Desktop\ComboFix.exe

[2012/08/02 20:06:31 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\Malwarebytes

[2012/08/02 20:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/02 20:06:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/08/02 20:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/02 20:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/08/02 20:03:58 | 000,000,000 | ---D | C] -- C:\Users\Emma\Desktop\rkill-backup

[2012/08/02 00:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\7531CC77000844B0C9AE2DF4F875F002

[2012/07/24 22:47:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/07/24 13:22:36 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Emma\Desktop\TDSSKiller.exe

[2012/07/17 17:18:06 | 000,000,000 | ---D | C] -- C:\Users\Emma\Desktop\BRIGHTON BECKS

[2012/07/13 20:13:29 | 000,000,000 | ---D | C] -- C:\Users\Emma\Documents\Brighton

[2012/07/12 23:39:03 | 000,000,000 | ---D | C] -- C:\Users\Emma\Documents\mythical-creatures-assets-package_2

[2012/07/12 22:05:44 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2012/07/12 22:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe

[2012/07/12 22:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM

[2012/07/12 21:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2012/07/12 21:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2012/07/12 20:50:37 | 000,000,000 | ---D | C] -- C:\Users\Emma\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/07/12 20:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant

[2012/07/12 20:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

========== Files - Modified Within 30 Days ==========

[2012/08/06 18:41:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/06 17:50:00 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/06 17:45:02 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Emma\Desktop\OTL.exe

[2012/08/06 16:38:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/06 14:09:51 | 000,000,824 | ---- | M] () -- C:\Users\Emma\Desktop\hosts

[2012/08/06 10:40:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/06 10:40:11 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/06 10:37:03 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk

[2012/08/06 10:32:17 | 000,001,004 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/06 10:31:37 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/06 09:50:25 | 004,725,168 | R--- | M] (Swearware) -- C:\Users\Emma\Desktop\ComboFix.exe

[2012/08/05 20:23:19 | 001,466,674 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/05 20:23:19 | 000,626,006 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2012/08/05 20:23:19 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/05 20:23:19 | 000,124,128 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2012/08/05 20:23:19 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/05 20:10:01 | 000,003,240 | ---- | M] () -- C:\Users\Emma\Desktop\Attach.zip

[2012/08/05 19:20:46 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/08/05 19:19:25 | 002,975,336 | ---- | M] (Piriform Ltd) -- C:\Users\Emma\Desktop\ccsetup321_slim.exe

[2012/08/05 18:45:55 | 000,000,134 | ---- | M] () -- C:\Users\Emma\Desktop\hosts-perm.bat

[2012/08/05 17:31:21 | 000,003,664 | ---- | M] () -- C:\bootsqm.dat

[2012/08/03 13:58:18 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Emma\Desktop\TFC.exe

[2012/08/03 12:23:10 | 001,552,384 | ---- | M] () -- C:\Users\Emma\Desktop\RogueKiller.exe

[2012/08/03 11:35:23 | 000,000,512 | ---- | M] () -- C:\Users\Emma\Desktop\MBR.dat

[2012/08/03 11:30:53 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Emma\Desktop\aswMBR.exe

[2012/08/03 11:21:38 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Emma\Desktop\TDSSKiller.exe

[2012/08/03 09:49:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Emma\Desktop\dds.scr

[2012/08/02 20:06:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/02 00:49:50 | 000,001,392 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/08/01 15:41:35 | 000,423,053 | ---- | M] () -- C:\Users\Emma\Documents\kvitto lensway.xps

[2012/08/01 09:50:36 | 000,244,774 | ---- | M] () -- C:\test.xml

[2012/07/18 16:58:10 | 035,852,793 | ---- | M] () -- C:\Users\Emma\Documents\OnFire_chapter1.pdf

[2012/07/15 14:02:17 | 005,002,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/14 21:40:44 | 002,640,603 | ---- | M] () -- C:\Users\Emma\Documents\hallelujah.wma

[2012/07/12 20:50:34 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk

========== Files Created - No Company Name ==========

[2012/08/06 14:09:51 | 000,000,824 | ---- | C] () -- C:\Users\Emma\Desktop\hosts

[2012/08/05 20:10:01 | 000,003,240 | ---- | C] () -- C:\Users\Emma\Desktop\Attach.zip

[2012/08/05 19:20:46 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/08/05 18:45:55 | 000,000,134 | ---- | C] () -- C:\Users\Emma\Desktop\hosts-perm.bat

[2012/08/05 17:31:21 | 000,003,664 | ---- | C] () -- C:\bootsqm.dat

[2012/08/03 12:23:08 | 001,552,384 | ---- | C] () -- C:\Users\Emma\Desktop\RogueKiller.exe

[2012/08/03 11:35:23 | 000,000,512 | ---- | C] () -- C:\Users\Emma\Desktop\MBR.dat

[2012/08/02 22:00:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/08/02 22:00:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/08/02 22:00:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/08/02 22:00:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/08/02 22:00:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/08/02 20:06:22 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/01 15:41:34 | 000,423,053 | ---- | C] () -- C:\Users\Emma\Documents\kvitto lensway.xps

[2012/07/18 16:58:08 | 035,852,793 | ---- | C] () -- C:\Users\Emma\Documents\OnFire_chapter1.pdf

[2012/07/14 21:44:15 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk

[2012/07/14 21:43:26 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk

[2012/07/14 21:40:44 | 002,640,603 | ---- | C] () -- C:\Users\Emma\Documents\hallelujah.wma

[2012/07/12 22:02:08 | 000,001,650 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk

[2012/07/12 22:00:51 | 000,001,518 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk

[2012/07/12 21:59:44 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk

[2012/07/12 21:59:07 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk

[2012/07/12 21:53:46 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk

[2012/07/12 21:53:31 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk

[2012/07/12 21:53:06 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk

[2012/07/12 20:50:34 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk

[2012/07/12 20:50:34 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk

[2011/11/23 15:33:54 | 000,000,272 | ---- | C] () -- C:\Users\Emma\AppData\Roaming\.backup.dm

[2011/04/14 13:30:20 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\OBroker.exe

[2010/10/10 23:17:44 | 000,010,752 | ---- | C] () -- C:\Users\Emma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/11 00:11:38 | 000,000,004 | ---- | C] () -- C:\Users\Emma\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2012/06/30 22:28:56 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Audacity

[2010/07/11 19:01:41 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Auslogics

[2012/04/07 13:09:41 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\BitZipper

[2012/01/20 15:02:49 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Canon

[2012/07/12 20:50:37 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/08/05 18:12:01 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\f-secure

[2011/05/31 17:48:51 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Fit3DLive

[2010/10/03 00:03:27 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Opera

[2011/04/08 15:07:08 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Personal

[2011/07/28 22:53:17 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\RenPy

[2012/06/25 17:21:46 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\SanDisk

[2012/07/18 00:01:40 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Spotify

[2012/07/12 22:05:44 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010/09/11 00:12:40 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Template

[2012/08/05 14:25:15 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\TuneUp Software

[2012/08/05 20:06:18 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\uTorrent

[2011/01/10 16:24:43 | 000,000,000 | ---D | M] -- C:\Users\Emma\AppData\Roaming\Windows Live Writer

[2012/08/05 19:14:23 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2012/08/05 17:31:21 | 000,003,664 | ---- | M] () -- C:\bootsqm.dat

[2012/08/06 10:25:03 | 000,021,049 | ---- | M] () -- C:\ComboFix.txt

[2012/08/06 10:31:37 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/06 10:31:40 | 4141,977,600 | -HS- | M] () -- C:\pagefile.sys

[2010/01/13 16:29:30 | 000,000,073 | ---- | M] () -- C:\splash.idx

[2012/08/03 11:24:41 | 000,139,310 | ---- | M] () -- C:\TDSSKiller.2.7.48.0_03.08.2012_11.23.17_log.txt

[2012/08/01 09:50:36 | 000,244,774 | ---- | M] () -- C:\test.xml

[2009/12/15 13:53:48 | 000,003,872 | ---- | M] () -- C:\version

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

[2009/07/14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009/07/14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2009/07/14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009/07/14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2009/06/10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

[2010/04/24 14:29:23 | 000,001,814 | --S- | M] () -- C:\Users\Emma\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >

[2009/07/14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Extras.Txt

[bengsi]

Är det risk med en systemåterställning även om man väljer en punkt som var långt innan infektionen?

[Cecilia]

Hej!

MrO var tvungen att åka iväg på jobb så han bad mig fortsätta att hjälpa dig. Även om jag har försökt läsa in mig på tråden kan jag ha missat något, så säg till om jag föreslår något som redan är gjort.

Om du gör en systemåterställning långt tillbaka i tiden kan du få andra problem, t ex att program som har installerat eller avinstallerats efter den tidpunkten blir till hälften (av)installerade. Men jag förbjuder dig inte. När uppstod problemet med annonserna apropå det? Var det i samband med Security Shield i torsdags eller någon annan gång?

Spara SystemLook på Skrivbordet från:

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

Dubbelklicka på SystemLook-filen för att köra den.

Kopiera alla rader i rutan

:dir
C:\windows\system32\drivers\etc
C:\Windows\SysNative\drivers\etc

och klistra in i det stora textfältet i SýstemLook.

Tryck på knappen Look för att starta sökningen.

När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som SystemLook.txt på Skrivbordet.

Starta Kommandotolken (Start - Alla program - Tillbehör - Kommandotolken) och skriv:

ipconfig /all

tracert ad-emea.doubleclick.net

Kopiera resultaten och klistra in i ditt svar.

[bengsi]

Problemet med annonserna kom efter att jag blivit av med Security Shield. Dvs. första gången jag kunde starta datorn utan att Security Shield visade sig, dök istället annonserna upp när jag gick ut på internet. Med andra ord hade jag inga problem alls innan i torsdags.

[bengsi]

SystemLook 30.07.11 by jpshortstuff

Log created at 19:33 on 06/08/2012 by Emma

Administrator - Elevation successful

========== dir ==========

C:\windows\system32\drivers\etc - Parameters: "(none)"

---Files---

hosts -rahs-- 1392 bytes [02:34 14/07/2009] [22:49 01/08/2012]

hosts.txt --a---- 794 bytes [10:58 03/08/2012] [10:59 03/08/2012]

lmhosts.sam --a---- 3683 bytes [02:35 14/07/2009] [21:00 10/06/2009]

networks --a---- 407 bytes [02:34 14/07/2009] [21:00 10/06/2009]

protocol --a---- 1358 bytes [02:34 14/07/2009] [21:00 10/06/2009]

services --a---- 17463 bytes [02:34 14/07/2009] [21:00 10/06/2009]

---Folders---

None found.

C:\Windows\SysNative\drivers\etc - Unable to find folder.

-= EOF =-

[bengsi]

Microsoft Windows [Version 6.1.7601]

Copyright © 2009 Microsoft Corporation. Med ensamrätt.

C:\Users\Emma>ipconfig /all

IP-konfiguration för Windows

Värddatornamn . . . . . . . . . . : Emma-VAIO

Primärt DNS-suffix. . . . . . . . :

Nodtyp. . . . . . . . . . . . . . : Hybrid

IP-routning aktiverat . . . . . . : Nej

WINS-proxy aktiverat. . . . . . . : Nej

Söklista för DNS-suffix . . . . . : lan

Ethernet-anslutning Anslutning till lokalt nätverk:

Tillstånd . . . . . . . . . . . . : Frånkopplad

Anslutningsspecifika DNS-suffix . : bredbandsbolaget.se

Beskrivning . . . . . . . . . . . : Marvell Yukon 88E8059 PCI-E Gigabit Ether

net Controller

Fysisk adress . . . . . . . . . . : 54-42-49-00-D7-18

DHCP aktiverat. . . . . . . . . . : Ja

Autokonfiguration aktiverat . . . : Ja

Trådlös anslutning Trådlös nätverksanslutning:

Anslutningsspecifika DNS-suffix . : lan

Beskrivning . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter

Fysisk adress . . . . . . . . . . : 2C-81-58-F3-B3-FC

DHCP aktiverat. . . . . . . . . . : Ja

Autokonfiguration aktiverat . . . : Ja

Länklokal IPv6-adress . . . . . . : fe80::e9bf:4450:36d0:3a13%10(Standard)

IPv4-adress . . . . . . . . . . . : 192.168.1.67(Standard)

Nätmask . . . . . . . . . . . . . : 255.255.255.0

Lånet erhölls . . . . . . . . . . : den 6 augusti 2012 10:31:51

Lånet upphör. . . . . . . . . . . : den 6 augusti 2012 20:08:08

Standard-gateway. . . . . . . . . : 192.168.1.1

DHCP-server . . . . . . . . . . . : 192.168.1.1

IAID för DHCPv6 . . . . . . . . . : 184559198

DUID för DHCPv6-klient. . . . . . : 00-01-00-01-13-64-A3-ED-54-42-49-00-D7-18

DNS-servrar . . . . . . . . . . . : 192.168.1.1

NetBIOS över TCP/IP . . . . . . . : Aktiverat

Tunnelanslutning: 6TO4 Adapter:

Tillstånd . . . . . . . . . . . . : Frånkopplad

Anslutningsspecifika DNS-suffix . :

Beskrivning . . . . . . . . . . . : Microsoft 6to4 Adapter

Fysisk adress . . . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP aktiverat. . . . . . . . . . : Nej

Autokonfiguration aktiverat . . . : Ja

Tunnelanslutning: isatap.lan:

Tillstånd . . . . . . . . . . . . : Frånkopplad

Anslutningsspecifika DNS-suffix . : lan

Beskrivning . . . . . . . . . . . : Microsoft ISATAP Adapter

Fysisk adress . . . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP aktiverat. . . . . . . . . . : Nej

Autokonfiguration aktiverat . . . : Ja

Tunnelanslutning: Anslutning till lokalt nätverk* 22:

Anslutningsspecifika DNS-suffix . :

Beskrivning . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Fysisk adress . . . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP aktiverat. . . . . . . . . . : Nej

Autokonfiguration aktiverat . . . : Ja

IPv6-adress . . . . . . . . . . . : 2001:0:5ef5:79fd:24a3:83b:b1ba:e662(Stand

ard)

Länklokal IPv6-adress . . . . . . : fe80::24a3:83b:b1ba:e662%27(Standard)

Standard-gateway. . . . . . . . . : ::

NetBIOS över TCP/IP . . . . . . . : Inaktiverat

Tunnelanslutning: isatap.bredbandsbolaget.se:

Tillstånd . . . . . . . . . . . . : Frånkopplad

Anslutningsspecifika DNS-suffix . :

Beskrivning . . . . . . . . . . . : Microsoft ISATAP Adapter #3

Fysisk adress . . . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP aktiverat. . . . . . . . . . : Nej

Autokonfiguration aktiverat . . . : Ja

C:\Users\Emma>

[bengsi]

Microsoft Windows [Version 6.1.7601]

Copyright © 2009 Microsoft Corporation. Med ensamrätt.

C:\Users\Emma>tracert ad-emea.doubleclick.net

Spårar väg till ad-emea.doubleclick.net. [78.46.61.26]

över högst 30 hopp:

1 351 ms 98 ms 98 ms dsldevice.lan [192.168.1.1]

2 126 ms * * gw2-no200.tbcn.telia.com [90.225.125.1]

3 * * * Begäran gjorde timeout.

4 * * * Begäran gjorde timeout.

5 * * * Begäran gjorde timeout.

6 * * * Begäran gjorde timeout.

7 * * * Begäran gjorde timeout.

8 * * * Begäran gjorde timeout.

9 * * * Begäran gjorde timeout.

10 * * * Begäran gjorde timeout.

11 * * * Begäran gjorde timeout.

12 * * * Begäran gjorde timeout.

13 50 ms 44 ms 45 ms www.google-analytics.com. [78.46.61.26]

Spårning utförd.

C:\Users\Emma>

[bengsi]

Dessutom har det ett antal gånger nu hänt att när jag klickat på en länk som jag VET är säker, att jag har skickats vidare till någon sida som jag varit snabb att klicka bort. Något som heller aldrig brukade hända innan.

[bengsi]

Vet inte om jag har "kommit på" nåt nu, eller bara upprepar något uppenbart, men läste guiden nedan och följde instruktionerna. Nu kräver datorn lösenord för ALLA sidor (inte det som är problem, vet hur jag ordnar tillbaka). Skriver jag in lösenordet en gång kan jag se sidan jag vill till, men sedan kräver datorn lösenord en gång till. När jag då klickar cancel, dyker inte pop up-adsen upp. Har jag kommit något på spåren, eller är det bara ett "symptom"?

This also appears to work in Internet Explorer:

Go to Start, Control Panel, Internet Options, Content tab, click on Enable under Content advisor, click on Approved sites tab, in Allow this website type http://www.google-analytics.com/ga.js and then click never, and apply

Härifrån: http://forums.cnet.com/7723-6122_102-560709/recommended-for-you-popup-ads-in-the-browser/

[Cecilia]

hosts -rahs-- 1392 bytes [02:34 14/07/2009] [22:49 01/08/2012]

hosts.txt --a---- 794 bytes [10:58 03/08/2012] [10:59 03/08/2012]

Det ser ut som att du har skapat en fil "hosts.txt" och det var den som du klistrade in tidigare i tråden medan Windows använder "hosts" utan filändelse.

Ditt förslag i inlägg 91 döljer bara symptomen men gör inte datorn frisk. Utan det är en ändring av hosts-filen som gäller.

Om du inte ser filändelser i Utforskaren/Dator så ändra i Kontrollpanelen - Mappalternativ - Visning och ta bort bocken för "Dölj filnamnstillägg för kända filtyper. För att kunna se den riktiga hosts-filen behöver du också välja "Visa dolda filer..." och ta bort bocken för "Dölj skyddade operativsystemfiler".

Gå till mappen C:\windows\system32\drivers\etc.

Ser du nu både en "hosts" och en "hosts.txt"?

Högerklicka på "hosts" och välj Egenskaper.

På fliken Allmänt tar du bort bockarna för Skrivskydd och Dold innan du klickar på OK.

Byt namn på "hosts" till "hosts.infektion".

Byt namn på "hosts.txt" till "hosts".

Om Windows frågar om du verkligen vill byta filändelse så svara att du vill det.

Likaså kan du få upp frågor från Användarkontrollen (UAC) om du verkligen vill ändra filer och/eller i mapp, och det vill du förstås.

Om ovanstående har gått bra och du nu har en "hosts" igen som är 794 bytes och inte 1392 bytes, så kan du starta om datorn.

Pröva med någon webbläsare.

Om det går bra så är det dags att se till att hosts-filen blir skyddad, men det tar vi då.

[bengsi]

GODE GUD, ja, det funkade! Hade varit inne och ändrat till "se dolda filer" innan, men hade missat punkten med skyddade filsystem. Var lite krångel med att ändra behörighet, men till sist löste det sig. Okej, en sista koll och städning nu?

[Cecilia]

Vad bra att du fick ordning på hosts-filen till slut

Du kan ta bort "hosts.infektion".

Ta fram Egenskaperna för "hosts" och sätt tillbaks bocken för Skrivskydd (inte nödvändig att göra den dold).

I Mappalternativ väljer du att dölja operativsystemfiler och dolda filer, men låt filnamnstilläggen fortsätta att vara synliga för det kan vara bra att se dem vid andra tillfällen också.

Ändra tillbaks det där du skrev i inlägg 91 om du inte redan har gjort det.

Kontrollera en sista gång att antivirusprogrammet och MBAM inte hittar något i datorn.

När vi vet att de inte hittar något ska du få instruktioner för hur du ska avinstallera dessa rensningsprogram du har fått ladda ner.

[bengsi]

McAfee och MBAM hittar ingenting

[Cecilia]

Vad bra!

Nu återstår bara en sista städomgång:

1. Tryck Windows-tangenten + R

Kopiera och klistra in denna rad:

ComboFix /Uninstall

Observera att det är ett mellanrum före /

Klicka på OK.

2. Starta OTL.

Tryck på knappen CleanUp! och DDS m.fl. rensningsprogram kommer att avinstalleras efter en omstart av datorn. Om något sådant program är kvar efter det så fråga hur du ska ta bort det. Ta bort eventuella loggar.

3. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator: http://ceciliasec.wordpress.com/rad/

Det är mycket viktigt att hålla alla småprogram i datorn uppdaterade, gamla versioner av t ex Flash, Java och Adobe Reader innehåller kända säkerhetshål, vilka kan användas av en webbsida för att infektera datorn. Du har åtminstone gamla Java-versioner, vilket kan vara anledningen till att datorn kunde bli infekterad. Jag tycker att Secunias program (länk på min webbsida) är en bra hjälp för att kontrollera hur det står till med säkerhetshål i datorn och ange vad som behöver åtgärdas.

[bengsi]

Det är fortfarande program kvar som heter CCleaner, hosts-perm, TFC, SystemLook_x64, ccsetup321_slim och GMER.

[bengsi]

Och Malwarebytes, men det kanske jag ska ha kvar?

[bengsi]

Och ytterligare en fil vid namn MBR.dat

Allt ligger på skrivbordet.

[Cecilia]

CCleaner avinstallerar du på vanligt sätt i Kontrollpanelen - Program och funktioner.

MBR.dat, hosts-perm, TFC, SystemLook_x64 och GMER är bara att slänga i papperskorgen. Samma sak med ccsetup321_slim som är installationsfilen till CCleaner.

Malwarebytes Anti-Malware (MBAM) är ett program som fungerar bra som en komplettering av antivirusprogrammet, för det har en lite annorlunda specialisering.