Jump to content

Not quite sure

Tapkid
 Share

Recommended Posts

Tapkid

Tapkid

Posted
Posted

I have had problems with two sites that I connect to via ftp. I have not written the websites myself, I only log in to update stuff. Weird code has shown up in the .html files and I got warnings from the host of one of the websites that spam had been going out from our domain. I also had my account with World of Warcraft hacked the other day so it feel like there is something lurking on my computer somewhere. Been running scans on my computer, but haven't found anything. I use Avast anti-virus, Malwarebytes and since two days ago I also have ESET and spybot Search and Destroy installed just to check but don't usually run two antivirus programs.

When I bring up my running processes I have csrss.exe, winlogon.exe, nvxdsynd.exe and nvvsvc.exe running without a user and the command line field is also blank. They dont respont to right clicks to let me check where they run from. If I click "show processes from all users", there are suddenly two csrss.exe there, they respond and both run from /systems32 as I have understood that they should. The user-field also changes to SYSTEM. The csrss.exe process that shows up first runs at about 20.000kb memory and that doesnt change when I show all processes.

My system (Win7) absolutely refuses to let me run dds as admin. The option is not there in the right click menu, running it when holding left crtl + left shift doesn seem to do anything. The .scr file does have the "shield" on it on my desktop, but no option to run as admin. The .com file has no "shield" and same thing. Will post the log that it gave me, but if there is something I can do to run them as admin I'll do that and repost new log.

Would be very grateful for any kind of help here just to ease my mind about this whole thing.

The sticky tells me to post the attach.txt, and the attach.txt says "unless specifically instructed, do not post this log" So not quite sure what to do here, posting only the dds.txt for now I guess..

Edit: The third process is wrote is called: nvxdsync.exe, not synd

Best Regards

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.17.2

Run by Jens at 20:14:11 on 2013-03-09

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.46.1053.18.4091.1948 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Net iD\iid.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Windows\system32\taskhost.exe

C:\Users\Jens\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

D:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Lexmark : {D2C5E510-BE6D-42CC-9F61-E4F939078474} -

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [spotify Web Helper] "C:\Users\Jens\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xportera till Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

TCP: NameServer = 83.255.245.11 193.150.193.150

TCP: Interfaces\{FA010EE8-FC2A-4129-9B1C-126A1CA26E14} : DHCPNameServer = 83.255.245.11 193.150.193.150

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"

x64-Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"

x64-Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE

x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

x64-Run: [Net iD] "C:\Program Files\Net iD\iid.exe"

x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\fdy1ovwl.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Jens\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll

FF - plugin: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: D:\Program Files (x86)\Mozilla Firefox\plugins\npiidplg.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-4 65408]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-4 177672]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-4-24 1025880]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-1-25 377992]

R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-1-10 213416]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-1-25 33472]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-1-25 80888]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-3-4 45248]

R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-11-29 20968]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-12-21 1333424]

R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-1-10 139768]

R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2012-6-12 301760]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-3-6 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]

R3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2011-6-18 12032]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]

R3 VKbms;Virtual HID Minidriver;C:\Windows\System32\drivers\VKbms.sys [2011-6-18 13312]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\Windows\System32\drivers\ewusbmdm.sys [2010-10-26 116864]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-22 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-22 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-10-16 50176]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-26 1255736]

.

=============== Created Last 30 ================

.

2013-03-09 18:15:04 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2013-03-09 11:38:43 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2137A7A7-5B4A-4648-AF13-CC3E818793E4}\mpengine.dll

2013-03-06 19:18:47 -------- d-----w- C:\Windows\22B3AE667A374118BADB3680C15CA366.TMP

2013-03-06 19:13:23 -------- d-----w- C:\Users\Jens\AppData\Local\ESET

2013-03-06 17:27:28 -------- d-----w- C:\Program Files\ESET

2013-03-06 11:38:06 -------- d-----w- C:\ProgramData\SecTaskMan

2013-03-06 11:38:04 -------- d-----w- C:\Program Files (x86)\Security Task Manager

2013-03-06 08:20:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-03-06 08:20:44 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2013-03-05 20:01:59 -------- d-----w- C:\Program Files\Enigma Software Group

2013-03-05 17:58:09 -------- d-----w- C:\Program Files (x86)\Absolute Key Logger Removal Tool

2013-03-05 17:57:18 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-04 09:42:22 177672 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-03-04 09:42:21 65408 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-03-04 08:48:54 -------- d-----w- C:\Users\Jens\AppData\Local\Macromedia

2013-02-28 09:30:56 -------- d-----w- C:\Users\Jens\AppData\Local\{0C5DE6D7-DD8A-42FF-A2A7-49CEA6A97EFA}

2013-02-28 08:34:37 -------- d-----w- C:\Users\Jens\AppData\Local\Eclipse

2013-02-27 20:53:58 -------- d-----w- C:\java

2013-02-27 20:37:09 963488 ----a-w- C:\Windows\System32\deployJava1.dll

2013-02-27 20:37:09 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-02-27 20:36:59 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-02-27 02:02:59 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-02-26 09:57:41 -------- d-----w- C:\Users\Jens\AppData\Roaming\Awesomium

2013-02-26 09:53:28 -------- d-----w- C:\Windows\Entropia Universe

2013-02-26 09:53:28 -------- d-----w- C:\Program Files (x86)\Entropia Universe

2013-02-23 16:32:53 -------- d-----w- C:\Users\Jens\AppData\Local\{CECB600D-A2AF-4F18-A950-CA046726EEC8}

2013-02-18 14:10:59 -------- d-----w- C:\Users\Jens\AppData\Local\{3E73B557-6C6C-446C-BADD-695176CF4319}

2013-02-17 08:31:26 -------- d-----w- C:\Users\Jens\AppData\Local\{05FCD185-3193-4AF9-8E13-F659EADD6FEA}

2013-02-15 18:58:12 106088 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-13 10:35:31 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 10:35:31 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 10:33:59 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2013-02-13 09:03:33 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-13 09:03:32 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-13 09:03:31 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-13 09:03:23 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-13 09:03:19 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-13 09:03:18 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 09:03:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 09:03:18 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 09:03:18 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 09:03:17 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 09:03:14 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-13 09:03:13 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-08 14:28:28 -------- d-----w- C:\Users\Jens\AppData\Roaming\Indicium Technologies

2013-02-08 14:28:09 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2013-02-08 14:26:40 -------- d-----w- C:\Users\Jens\AppData\Roaming\EveHQ

2013-02-08 14:26:40 -------- d-----w- C:\Program Files (x86)\EveHQ

2013-02-08 13:51:49 -------- d-----w- C:\Program Files (x86)\EVEMon

2013-02-07 20:19:32 -------- d-----w- C:\ProgramData\CCP

2013-02-07 19:55:18 -------- d-----w- C:\Users\Jens\AppData\Local\CCP

.

==================== Find3M ====================

.

2013-03-05 17:57:15 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-05 17:57:15 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-04 08:48:25 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-04 08:48:25 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-03 17:57:21 66 ----a-w- C:\Users\Jens\AppData\Roaming\isfree4_0.tmp

2013-02-28 08:36:33 71064 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-02-28 08:36:33 1025880 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-02-28 08:36:32 80888 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2013-02-28 08:36:07 41664 ----a-w- C:\Windows\avastSS.scr

2013-01-17 00:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-01-10 08:25:22 139768 ----a-w- C:\Windows\System32\drivers\epfwwfpr.sys

2013-01-10 08:25:20 213416 ----a-w- C:\Windows\System32\drivers\eamonm.sys

2013-01-10 08:25:20 150616 ----a-w- C:\Windows\System32\drivers\ehdrv.sys

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-29 08:40:27 6382008 ----a-w- C:\Windows\System32\nvcpl.dll

2012-12-29 08:40:27 3455416 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-12-29 08:40:09 884152 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-12-29 08:40:09 63928 ----a-w- C:\Windows\System32\nvshext.dll

2012-12-29 08:40:09 118712 ----a-w- C:\Windows\System32\nvmctray.dll

2012-12-29 01:54:24 550328 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-14 15:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 20:14:24,05 ===============</orphaned></orphaned></orphaned></orphaned>

Can't seem to find an edit button for my topic, that's why I'm posting like this instead. Managed to run hijackthis as admin, and posting the log here in case that helps somehow.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:05:41, on 2013-03-10

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16464)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Users\Jens\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

D:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Users\Jens\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Net iD] "C:\Program Files (x86)\Net iD\iid.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Jens\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Lokal tjänst')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Lokal tjänst')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Nätverkstjänst')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Nätverkstjänst')

O4 - HKUS\S-1-5-21-2866623726-3497870083-104101559-1012\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-2866623726-3497870083-104101559-1012\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11144 bytes

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted

Hy there and sorry for the delay.

It is normal that you can not run .scr and .com files with right-click "run as admin" :)

if you still need help, please

Download OTL to your Desktop.

  • Double click on the icon to run it.
  • Under the Custom.jpg box paste this in


activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
services.exe
user32.dll
/md5stop
CREATERESTOREPOINT

  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

Link to post
Share on other sites
Tapkid

Tapkid

Posted
  • Author
Posted

Sorry for a slow response, was out of town for the weekend. Posting logs below.

Also, I can not log in to this website using Internet Explorer. Switched to Chrome and no problemo.

Had to post two replies, got an error message saying post was too long.

OTL logfile created on: 2013-03-18 10:25:14 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jens\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 60,02% Memory free

7,99 Gb Paging File | 6,26 Gb Available in Paging File | 78,33% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 698,63 Gb Total Space | 623,10 Gb Free Space | 89,19% Space Free | Partition Type: NTFS

Drive D: | 698,63 Gb Total Space | 406,79 Gb Free Space | 58,23% Space Free | Partition Type: NTFS

Computer Name: MONSTRET | User Name: Jens | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-03-18 10:23:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jens\Desktop\OTL.exe

PRC - [2013-02-28 09:36:01 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program\Alwil Software\Avast5\AvastUI.exe

PRC - [2013-02-28 09:36:01 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program\Alwil Software\Avast5\AvastSvc.exe

PRC - [2012-12-29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012-12-29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012-12-21 13:08:56 | 001,333,424 | ---- | M] (ESET) -- C:\Program\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

PRC - [2012-12-04 14:54:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012-10-29 19:10:42 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Jens\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2011-04-14 10:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe

PRC - [2011-03-21 10:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

PRC - [2010-11-20 13:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

PRC - [2010-09-12 17:52:46 | 002,969,496 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

PRC - [2010-04-27 13:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2007-12-19 10:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

========== Modules (No Company Name) ==========

MOD - [2011-06-24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011-06-24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011-04-14 10:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe

MOD - [2011-03-21 10:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

MOD - [2010-09-12 17:52:46 | 002,969,496 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

MOD - [2010-04-27 13:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

========== Services (SafeList) ==========

SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013-02-28 09:36:01 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2013-01-03 21:45:05 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012-12-29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012-12-29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012-12-21 13:08:56 | 001,333,424 | ---- | M] (ESET) [Auto | Running] -- C:\Program\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)

SRV - [2012-12-04 14:54:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012-06-12 10:57:46 | 000,301,760 | ---- | M] () [Auto | Running] -- C:\Program\Macrium\Reflect\ReflectService.exe -- (ReflectService.exe)

SRV - [2012-04-21 02:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2011-03-28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2010-12-10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV:64bit: - [2013-02-28 09:36:34 | 000,177,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013-02-28 09:36:34 | 000,068,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2013-02-28 09:36:33 | 001,025,880 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013-02-28 09:36:33 | 000,377,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2013-02-28 09:36:33 | 000,071,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013-02-28 09:36:33 | 000,065,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013-02-28 09:36:32 | 000,080,888 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013-02-28 09:36:31 | 000,033,472 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2013-01-10 09:25:22 | 000,139,768 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)

DRV:64bit: - [2013-01-10 09:25:20 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)

DRV:64bit: - [2013-01-10 09:25:20 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)

DRV:64bit: - [2012-08-23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012-08-23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010-09-30 23:16:34 | 000,013,312 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)

DRV:64bit: - [2010-08-24 07:45:17 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)

DRV:64bit: - [2010-05-11 12:00:40 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)

DRV:64bit: - [2010-04-19 16:04:44 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dadder.sys -- (DAdderFltr)

DRV:64bit: - [2009-11-23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)

DRV:64bit: - [2009-11-23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)

DRV:64bit: - [2009-10-16 01:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2009-09-14 19:05:10 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2009-08-21 09:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)

DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009-05-18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009-03-01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009-01-20 07:49:48 | 000,195,584 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)

DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Jens\Desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 FD 6E DB 00 9E CA 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {5724FCFC-37B0-48C4-813B-0F8097BE85EB}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{5724FCFC-37B0-48C4-813B-0F8097BE85EB}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Jens\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll File not found

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jens\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2013-03-06 18:27:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013-03-04 10:42:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012-05-04 08:16:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2013-02-22 12:12:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-03-06 18:27:40 | 000,000,000 | ---D | M]

[2010-11-13 11:03:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jens\AppData\Roaming\mozilla\Extensions

[2013-03-04 09:47:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jens\AppData\Roaming\mozilla\Firefox\Profiles\fdy1ovwl.default\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Net iD (Enabled) = D:\Program Files (x86)\Mozilla Firefox\plugins\npiidplg.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: RayV Plugin (Enabled) = C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Jens\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: S\u00F6k p\u00E5 Google = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: avast! WebRep = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

CHR - Extension: avast! WebRep = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1482_0\

CHR - Extension: Gmail = C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013-03-06 09:55:23 | 000,446,020 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.123fporn.info

O1 - Hosts: 15316 more lines...

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll File not found

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Net iD] C:\Program Files\Net iD\iid.exe (SecMaker AB)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()

O4 - HKLM..\Run: [Net iD] C:\Program Files (x86)\Net iD\iid.exe (SecMaker AB)

O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Jens\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)

O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)

O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.17.2)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.255.245.11 193.150.193.150

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA010EE8-FC2A-4129-9B1C-126A1CA26E14}: DhcpNameServer = 83.255.245.11 193.150.193.150

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found

O29 - HKLM SecurityProviders - (credssp.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2013-03-05 21:02:18 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{0fa937f4-111d-11e2-a4e6-6cf04900448f}\Shell - "" = AutoRun

O33 - MountPoints2\{0fa937f4-111d-11e2-a4e6-6cf04900448f}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{0fa93804-111d-11e2-a4e6-6cf04900448f}\Shell - "" = AutoRun

O33 - MountPoints2\{0fa93804-111d-11e2-a4e6-6cf04900448f}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{5188c0b9-e0d6-11df-8f2e-6cf04900448f}\Shell - "" = AutoRun

O33 - MountPoints2\{5188c0cd-e0d6-11df-8f2e-6cf04900448f}\Shell - "" = AutoRun

O33 - MountPoints2\{6ec7b4ef-fe29-11df-a7db-6cf04900448f}\Shell - "" = AutoRun

O33 - MountPoints2\{a89250d8-e6d1-11e1-8c57-6cf04900448f}\Shell - "" = AutoRun

O33 - MountPoints2\{a89250d8-e6d1-11e1-8c57-6cf04900448f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{b3715e0b-c375-11e0-b0b9-6cf04900448f}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Jens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - D:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: Wowhead_Client - hkey= - key= - File not found

MsConfig:64bit - State: "services" - Reg Error: Key error.

MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013-03-18 10:23:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jens\Desktop\OTL.exe

[2013-03-14 12:59:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2013-03-09 19:49:58 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Jens\Desktop\dds.scr

[2013-03-09 19:15:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%

[2013-03-09 18:50:14 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Jens\Desktop\dds.com

[2013-03-07 22:12:39 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jens\Desktop\tdsskiller.exe

[2013-03-07 10:54:15 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jens\Desktop\HijackThis.exe

[2013-03-06 20:13:23 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Local\ESET

[2013-03-06 18:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET

[2013-03-06 18:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET

[2013-03-06 18:27:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2013-03-06 12:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan

[2013-03-06 12:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager

[2013-03-06 12:38:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager

[2013-03-06 09:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2013-03-06 09:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2013-03-06 09:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2013-03-05 21:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2013-03-05 20:57:07 | 000,726,464 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Jens\Desktop\SpyHunter-Installer.exe

[2013-03-05 18:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Absolute Key Logger Removal Tool

[2013-03-04 09:48:54 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Local\Macromedia

[2013-02-28 10:30:56 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Local\{0C5DE6D7-DD8A-42FF-A2A7-49CEA6A97EFA}

[2013-02-28 09:34:37 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Local\Eclipse

[2013-02-27 21:53:58 | 000,000,000 | ---D | C] -- C:\java

[2013-02-27 21:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2013-02-26 12:02:48 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Roaming\FileZilla

[2013-02-26 12:02:44 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

[2013-02-26 12:02:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client

[2013-02-26 10:57:41 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Roaming\Awesomium

[2013-02-26 10:53:30 | 000,000,000 | ---D | C] -- C:\Users\Jens\Documents\Entropia Universe

[2013-02-26 10:53:28 | 000,000,000 | ---D | C] -- C:\Windows\Entropia Universe

[2013-02-26 10:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Entropia Universe

[2013-02-26 10:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Entropia Universe

[2013-02-26 10:04:43 | 000,000,000 | ---D | C] -- C:\Users\Jens\Desktop\Poker

[2013-02-26 10:03:55 | 000,000,000 | ---D | C] -- C:\Users\Jens\Desktop\Kjelvis

[2013-02-26 10:02:51 | 000,000,000 | ---D | C] -- C:\Users\Jens\Desktop\Dune II Stuff

[2013-02-23 17:32:53 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Local\{CECB600D-A2AF-4F18-A950-CA046726EEC8}

[2013-02-19 11:38:22 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon

[2013-02-18 15:10:59 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Local\{3E73B557-6C6C-446C-BADD-695176CF4319}

[2013-02-17 09:31:26 | 000,000,000 | ---D | C] -- C:\Users\Jens\AppData\Local\{05FCD185-3193-4AF9-8E13-F659EADD6FEA}

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Jens\AppData\Roaming\*.tmp files -> C:\Users\Jens\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-03-18 10:23:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jens\Desktop\OTL.exe

[2013-03-18 10:21:40 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013-03-18 10:21:40 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013-03-18 10:14:42 | 000,000,986 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013-03-18 10:13:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013-03-18 10:13:38 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys

[2013-03-16 09:46:00 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013-03-13 09:49:51 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013-03-09 22:28:28 | 000,000,831 | ---- | M] () -- C:\Users\Jens\Desktop\dds - genväg.lnk

[2013-03-09 19:49:58 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Jens\Desktop\dds.scr

[2013-03-09 18:50:14 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Jens\Desktop\dds.com

[2013-03-08 12:01:26 | 000,597,667 | ---- | M] () -- C:\Users\Jens\Desktop\adwcleaner.exe

[2013-03-08 11:58:43 | 000,881,950 | ---- | M] () -- C:\Users\Jens\Desktop\SecurityCheck.exe

[2013-03-07 22:30:45 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2013-03-07 22:30:10 | 000,002,483 | ---- | M] () -- C:\Users\Public\Desktop\Reflect.lnk

[2013-03-07 22:12:41 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jens\Desktop\tdsskiller.exe

[2013-03-07 10:54:15 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jens\Desktop\HijackThis.exe

[2013-03-06 12:37:45 | 002,365,840 | ---- | M] () -- C:\Users\Jens\Desktop\SecurityTaskManager_Setup.exe

[2013-03-06 09:55:23 | 000,446,020 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013-03-06 09:20:48 | 000,001,258 | ---- | M] () -- C:\Users\Jens\Desktop\Spybot - Search & Destroy.lnk

[2013-03-05 21:02:18 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

[2013-03-05 20:57:07 | 000,726,464 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Jens\Desktop\SpyHunter-Installer.exe

[2013-03-04 13:31:12 | 002,297,344 | ---- | M] () -- C:\Users\Jens\Desktop\EUROVISION_UTSKICK_v3LINKS.pdf

[2013-03-04 10:42:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2013-02-28 09:36:34 | 000,177,672 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2013-02-28 09:36:34 | 000,068,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2013-02-28 09:36:33 | 001,025,880 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2013-02-28 09:36:33 | 000,377,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2013-02-28 09:36:33 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2013-02-28 09:36:33 | 000,065,408 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2013-02-28 09:36:32 | 000,080,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2013-02-28 09:36:31 | 000,033,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2013-02-28 09:36:07 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2013-02-28 09:35:43 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2013-02-28 09:33:25 | 000,000,609 | ---- | M] () -- C:\Users\Jens\Desktop\eclipse - genväg.lnk

[2013-02-27 11:45:10 | 009,596,177 | ---- | M] () -- C:\Users\Jens\Desktop\4790888_GoodStuffGoldC_Korr1waggaweaaga.pdf

[2013-02-26 12:02:45 | 000,002,000 | ---- | M] () -- C:\Users\Jens\Desktop\FileZilla Client.lnk

[2013-02-26 10:53:50 | 000,002,112 | ---- | M] () -- C:\Users\Public\Desktop\Entropia Universe.lnk

[2013-02-23 17:48:18 | 000,697,404 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2013-02-23 17:48:18 | 000,687,212 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013-02-23 17:48:18 | 000,155,500 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2013-02-23 17:48:18 | 000,136,206 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013-02-23 17:48:17 | 001,675,720 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013-02-22 12:12:45 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2013-02-17 15:30:30 | 000,342,081 | ---- | M] () -- C:\Users\Jens\Desktop\Eve_PI_Diagrams_v1_4.pdf

[2013-02-17 10:41:08 | 000,003,112 | ---- | M] () -- C:\Users\Jens\Documents\Marg Jita Scam.xml

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Jens\AppData\Roaming\*.tmp files -> C:\Users\Jens\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-03-09 22:28:28 | 000,000,831 | ---- | C] () -- C:\Users\Jens\Desktop\dds - genväg.lnk

[2013-03-08 12:01:26 | 000,597,667 | ---- | C] () -- C:\Users\Jens\Desktop\adwcleaner.exe

[2013-03-08 11:58:42 | 000,881,950 | ---- | C] () -- C:\Users\Jens\Desktop\SecurityCheck.exe

[2013-03-06 12:37:44 | 002,365,840 | ---- | C] () -- C:\Users\Jens\Desktop\SecurityTaskManager_Setup.exe

[2013-03-06 09:20:48 | 000,001,258 | ---- | C] () -- C:\Users\Jens\Desktop\Spybot - Search & Destroy.lnk

[2013-03-05 21:02:18 | 000,000,000 | ---- | C] () -- C:\autoexec.bat

[2013-03-04 13:31:12 | 002,297,344 | ---- | C] () -- C:\Users\Jens\Desktop\EUROVISION_UTSKICK_v3LINKS.pdf

[2013-03-04 10:42:22 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2013-03-04 10:42:21 | 000,065,408 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2013-02-28 09:33:25 | 000,000,609 | ---- | C] () -- C:\Users\Jens\Desktop\eclipse - genväg.lnk

[2013-02-27 19:02:28 | 009,596,177 | ---- | C] () -- C:\Users\Jens\Desktop\4790888_GoodStuffGoldC_Korr1waggaweaaga.pdf

[2013-02-26 12:02:45 | 000,002,000 | ---- | C] () -- C:\Users\Jens\Desktop\FileZilla Client.lnk

[2013-02-26 10:53:28 | 000,002,112 | ---- | C] () -- C:\Users\Public\Desktop\Entropia Universe.lnk

[2013-02-17 15:30:26 | 000,342,081 | ---- | C] () -- C:\Users\Jens\Desktop\Eve_PI_Diagrams_v1_4.pdf

[2013-02-17 10:41:08 | 000,003,112 | ---- | C] () -- C:\Users\Jens\Documents\Marg Jita Scam.xml

[2012-12-04 14:48:27 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012-12-04 14:48:26 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012-08-05 15:25:38 | 000,000,027 | ---- | C] () -- C:\Program Files\plugins.dat

[2012-05-25 18:43:40 | 000,007,600 | ---- | C] () -- C:\Users\Jens\AppData\Local\Resmon.ResmonCfg

[2011-09-28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011-05-12 12:58:58 | 000,000,126 | ---- | C] () -- C:\Users\Jens\.java.policy

[2010-09-12 18:44:17 | 000,000,092 | ---- | C] () -- C:\Users\Jens\AppData\Local\fusioncache.dat

[2010-08-21 12:14:43 | 000,000,031 | ---- | C] () -- C:\Program Files\plugins-04041e-fe8.dat

[2010-02-09 19:09:59 | 000,067,560 | ---- | C] () -- C:\Users\Jens\AppData\Roaming\icarus-dxdiag.xml

========== ZeroAccess Check ==========

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012-07-24 17:46:51 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\.minecraft

[2011-05-01 09:06:16 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\Articulate

[2013-02-26 10:57:41 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\Awesomium

[2013-03-14 21:34:50 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\Dropbox

[2013-01-03 08:54:44 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\Dune Dynasty

[2013-01-03 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\dunelegacy

[2013-02-08 15:31:21 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\EveHQ

[2013-02-19 11:38:22 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\EVEMon

[2013-03-04 22:20:43 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\FileZilla

[2012-12-05 13:58:51 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\Firefly Studios

[2012-09-08 19:03:55 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\HandBrake

[2012-05-03 15:20:13 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\iid

[2013-02-08 15:28:28 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\Indicium Technologies

[2012-03-20 12:43:59 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\MinMaxGames

[2013-01-30 15:43:20 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\PacificPoker

[2013-01-28 13:51:03 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\Party

[2013-03-08 08:15:44 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\RayV

[2011-06-18 14:36:36 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\Razer

[2012-05-05 15:57:58 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\RotMG.Production

[2011-03-31 14:16:58 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\runic games

[2013-02-28 21:56:49 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\Spotify

[2010-04-03 14:54:27 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\Stardock

[2012-05-11 14:47:35 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\Tropico 3

[2010-08-24 07:46:25 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\TrueCrypt

[2010-10-22 13:04:23 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\Windows Live Writer

[2011-07-12 16:15:47 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Roaming\WordFinder Software

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >

[2010-12-02 20:53:14 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2012-07-24 08:32:01 | 000,000,000 | -HSD | M] -- C:\Boot

[2009-07-14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2013-01-03 08:42:54 | 000,000,000 | ---D | M] -- C:\dosgames

[2013-01-03 08:44:30 | 000,000,000 | ---D | M] -- C:\DUNE2

[2013-01-03 14:49:30 | 000,000,000 | ---D | M] -- C:\Games

[2013-02-25 12:22:12 | 000,000,000 | ---D | M] -- C:\GOG Games

[2013-02-28 10:27:57 | 000,000,000 | ---D | M] -- C:\java

[2010-01-25 22:08:36 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2012-03-19 09:31:25 | 000,000,000 | ---D | M] -- C:\NVIDIA

[2010-08-03 22:08:50 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2010-01-25 21:49:58 | 000,000,000 | -HSD | M] -- C:\Program

[2013-03-07 13:19:32 | 000,000,000 | R--D | M] -- C:\Program Files

[2013-03-08 08:18:13 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2013-03-08 08:18:13 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2013-01-28 13:49:35 | 000,000,000 | ---D | M] -- C:\Programs

[2010-01-25 21:49:58 | 000,000,000 | -HSD | M] -- C:\Recovery

[2013-03-18 10:27:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2013-02-06 12:08:39 | 000,000,000 | ---D | M] -- C:\temp

[2013-02-06 12:08:46 | 000,000,000 | R--D | M] -- C:\Users

[2013-03-08 08:15:16 | 000,000,000 | ---D | M] -- C:\Windows

[2012-09-24 22:18:52 | 000,000,000 | ---D | M] -- C:\World of Warcraft

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %windir%\installer\*. /5 >

[2013-03-14 13:00:32 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

[2013-03-14 13:02:46 | 000,000,000 | ---D | M] -- C:\Windows\installer\{91120000-002F-0000-0000-0000000FF1CE}

< %localappdata%\*. /5 >

[2013-03-18 10:35:47 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Local\PMB Files

[2013-03-18 10:24:59 | 000,000,000 | ---D | M] -- C:\Users\Jens\AppData\Local\Temp

< MD5 for: SERVICES.EXE >

[2009-07-14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe

[2009-07-14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: USER32.DLL >

[2010-11-20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010-11-20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010-11-20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010-11-20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 58 bytes -> C:\Users\Jens\Desktop\mello utskick v2.pdf:com.dropbox.attributes

@Alternate Data Stream - 58 bytes -> C:\Users\Jens\Desktop\Mammahelg.pdf:com.dropbox.attributes

< End of report >

Link to post
Share on other sites
Tapkid

Tapkid

Posted
  • Author
Posted

OTL Extras logfile created on: 2013-03-18 10:25:14 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jens\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

4,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 60,02% Memory free

7,99 Gb Paging File | 6,26 Gb Available in Paging File | 78,33% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 698,63 Gb Total Space | 623,10 Gb Free Space | 89,19% Space Free | Partition Type: NTFS

Drive D: | 698,63 Gb Total Space | 406,79 Gb Free Space | 58,23% Space Free | Partition Type: NTFS

Computer Name: MONSTRET | User Name: Jens | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.reg [@ = regfile] -- regedit.exe "%1"

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- "D:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)

piffile [open] -- "%1" %*

regfile [open] -- regedit.exe "%1"

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V"

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htafile [open] -- "%1" %*

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

jsfile [edit] -- "D:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)

piffile [open] -- "%1" %*

regfile [open] -- regedit.exe "%1"

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V"

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{051EA183-2857-46E2-B761-3C5FA1758CAC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0E4C65A5-1B47-4C01-A1B3-4A9A631A2FE6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1B793CF1-2A06-4B82-BEF9-8518206B62E3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{21510E90-6C13-47F2-A773-85BC24C12250}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{23676CBB-40CB-4F34-90D2-0336F17B9940}" = lport=2869 | protocol=6 | dir=in | app=system |

"{241DB03A-B23D-4B5C-9CAC-907EF72977E0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

"{2D5EFD65-47E6-47B4-8581-F756513EE9D5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{2D6E5BDB-ED67-400E-A5D8-254A49305FEC}" = lport=58194 | protocol=17 | dir=in | name=pando media booster |

"{35C1CE76-CD2D-4C0E-BAD3-6E35A9EC9233}" = lport=10243 | protocol=6 | dir=in | app=system |

"{45002C39-2B54-4C06-A258-C9F8BD648BDB}" = lport=58194 | protocol=6 | dir=in | name=pando media booster |

"{4FDD2EA0-8B33-4897-9B48-B49D2034DE34}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5937AD4C-98AF-4EA2-9F82-4A3EEC9D6E2F}" = rport=445 | protocol=6 | dir=out | app=system |

"{61F5BEE0-9D25-41B5-AD26-721783648D69}" = rport=138 | protocol=17 | dir=out | app=system |

"{658F8EA0-035F-48B8-81C8-E18ADD11C12B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{6E15155E-723E-480C-ADBB-761F76697599}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{70B1F405-5C14-4497-8E5C-79EADB9ABB1D}" = lport=58194 | protocol=6 | dir=in | name=pando media booster |

"{71BF614C-DD06-4298-86FA-55451DBB69D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{82834AD5-3FBC-4ED5-8054-460DC6975525}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{8A2C3C3E-B7C7-4AB5-9391-FF740B77CFD7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{8D7F82C7-0F4F-4F60-955E-DFCF81E63ED5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{97C15C2F-39BA-425D-868D-7F9B3064523B}" = lport=139 | protocol=6 | dir=in | app=system |

"{9D6CE9B6-4E1B-421E-A9EA-DFF1FEC8AB49}" = lport=58194 | protocol=17 | dir=in | name=pando media booster |

"{ABE76F1D-E394-475D-9D41-CE0BCC16E73D}" = lport=445 | protocol=6 | dir=in | app=system |

"{D252A857-F36D-4633-B3FC-940BA33DC688}" = rport=137 | protocol=17 | dir=out | app=system |

"{D365A5CA-0687-43AC-8BDC-E7E9B13AA22B}" = lport=137 | protocol=17 | dir=in | app=system |

"{E57E25EF-9989-4A16-8299-9CD6D3B23A6E}" = lport=138 | protocol=17 | dir=in | app=system |

"{E9DFB3F0-B8EC-45C1-B5FA-39D66C7BB5D8}" = rport=10243 | protocol=6 | dir=out | app=system |

"{EB78FB61-4BEB-4FB4-8EB3-29CF0F67C6D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{EE60AC31-B6B6-4093-B45D-0D1ABEE1F892}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{EF058BD7-3E2C-43F5-80BC-799FAE5C1D4F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{F05BC40A-0399-4D5A-AB6A-AB11CBF3FD55}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F1CD09BB-9B02-4565-B69D-A5DC7140F56B}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0029F96E-E7C7-47BB-B175-92E57BDB9AFC}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\serious sam 2\bin\seriouseditor2.exe |

"{007284C5-89AE-4CB2-9006-278C4FE1B096}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |

"{0164305E-9850-47AA-8AFD-A1F315D111ED}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |

"{03D7705D-2AC2-4E11-B894-5355E11146EF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{065A3FB7-72BF-44ED-8623-899CD77B3580}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |

"{083C66A9-4B1A-42EC-90B8-1B7736D4C300}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |

"{086F0009-BAD6-4F58-81FD-7515481E7131}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{0A0F7D2D-EA15-48D3-A55E-B9E488C01722}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{0AE71E19-525E-4251-A43C-7204E019686D}" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\wow-3.2.0-engb-downloader.exe |

"{0B147A77-0EC8-4DB0-AF16-FA26B7C4F246}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |

"{0DB85A16-103E-4E7E-9A62-A1D36E91A85B}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |

"{0EA1423B-21AA-4F19-ACD0-F937A49AA6C9}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |

"{0F5A6F03-4B59-462F-8911-6DB3458B2DA0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{107FD664-12D0-4397-9223-58D461B89590}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |

"{12A5DD14-0A39-47FE-AAAD-B94E3C6028EC}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe |

"{16D72F47-1651-46EA-AD0F-3C4A1A0F6095}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{176A9B33-3D11-4A4A-9376-D5318751F7D0}" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\launcher.patch.exe |

"{19C04550-3D6D-4393-88E6-A3340DDFE222}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{19FB01B1-B593-4C40-98DD-71575F914C79}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{1DA52A4F-A706-4BC4-BA22-AA4EB6D533B2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{1DD8A4BB-76DF-4912-AC93-90EC2D5B3FAC}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |

"{1E30A215-F321-47AF-A50D-EECCE44B4BF0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{1E49D012-CC52-48F6-8096-2F9201953F9F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{1E8B5B65-5DA3-4482-B97C-99F7AD285063}" = protocol=17 | dir=in | app=d:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe |

"{230429B0-41D0-4879-B787-767D1DF2C0CB}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\serious sam 2\bin\seriouseditor2.exe |

"{2622BF3C-32EB-4DC5-9493-2A4EF7170616}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{27EDE955-07E1-4500-9EA5-4CAE46A6327D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe |

"{2984E5A6-217E-4318-9AEF-2BFAB7A16743}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{2ADC3DB2-96D8-4109-9456-CCB6D2A68BB5}" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\starcraft ii.exe |

"{2D194036-2C04-4318-B2B0-350441763FEC}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |

"{2D66CF36-1848-47AA-B0A1-03FCC67D0B4B}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe |

"{2E7BFC00-1281-4402-9FEC-30A73C6387F0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe |

"{2FEC4AC5-33AB-41BA-8AE8-95C543DDBFDF}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\moon breakers\mb.exe |

"{305A6A2B-DDEF-417A-9A60-C558335305A5}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |

"{33398548-0118-4BF7-9CBF-620E05F50897}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{34B9A5AB-750D-4E3E-8DC7-02CD0C88D49B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |

"{387DD35E-50D6-4673-AC21-71D46F536CC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{39038341-0364-4C96-A0BD-EEBE5835838D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |

"{3AC39B15-CD23-4A11-822B-02BDDFB16D50}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |

"{3B0D3AD0-D2F6-4004-8997-046DBAC70253}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |

"{3C1B7475-1064-4942-B837-E5B13EF51E6B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{3CD59C67-4B9E-4ABE-A30A-90A411E58563}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{3DF9BA09-94F9-4DE5-97AE-8303B24675EB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe |

"{402A9BCD-7BC5-45F2-A118-421F9FE6769D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{420B44EF-299F-4333-954F-D06C25107351}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4668A70F-3392-468A-8F87-3F2AF67CB793}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe |

"{478B04B1-14A8-4949-A696-F6BC0CCF30FB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |

"{4B69BFCD-14CE-4D37-8B3A-A2104FDC58FE}" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\launcher.patch.exe |

"{4C46AC7A-B82D-45B3-9D90-D0762C4252C9}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{4E1A84FA-FAB0-491A-8F73-F700E9013333}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |

"{4E278C64-BE13-4433-8B53-C4639725E2EE}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{53D5473A-BDAC-4C50-83D8-4DA29748AAF1}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\titan quest\titan quest.exe |

"{545CF211-A98D-42AF-ABF7-0974284043A2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |

"{54EFAF02-D819-4F7F-9AD6-15570136167C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{56BF532A-E962-452D-9FCD-2F1F99D65811}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{5D1C1534-25B9-4F80-9FEB-D334AD7F20E3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{5F31EF28-63F8-4D9D-AC4A-46B78EC78C22}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{6108E09F-AAF7-48B8-9C84-06C435F633D6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{61A50931-D9C1-4D40-9B5B-4635AB2CFDE4}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |

"{6244C02C-5864-460E-85DE-AC2A59918BB4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |

"{627AB53D-F8AC-4FAC-89B0-6A58596CF3BF}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |

"{63809F9A-8ECC-472F-9901-53F9DF09DB9A}" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\launcher.patch.exe |

"{67837864-2F3A-4F5A-87F3-CF08F26EE387}" = protocol=6 | dir=out | app=system |

"{6D322F81-947A-4CCB-83E8-4431024FD449}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |

"{6EF901F3-3F55-4C0D-99D1-A626C1FA5467}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird.exe |

"{70133E18-521F-46EA-B48A-C93E1721C257}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction armageddon\rf4_launcher.exe |

"{74238F79-F022-42AC-9105-D702774D5C69}" = protocol=17 | dir=in | app=d:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |

"{7C50158D-1FF2-4652-B2D0-6DEBF2FC0E39}" = protocol=6 | dir=in | app=d:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |

"{80E5D001-F2A4-494F-A6AC-2B0C1290A03E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon_dx11.exe |

"{86778C33-04C0-48A2-A24B-7439626FAD32}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{8693C9AE-BA07-4C89-8203-869750D67119}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\torchlight ii\torchlight2.exe |

"{888E1EE1-AF33-4A19-9875-CD8AC02A01E4}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |

"{889AB524-0EC7-4350-B1F8-05253BAA386F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{8AD4BA5A-22E7-4BF3-B23A-E84C23EF5C76}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction armageddon\rf4_launcher.exe |

"{8C167C08-6BF4-46C2-A83B-17D9217D5421}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |

"{8C537EE4-7CCE-45E9-96AD-DB4D5133A4AA}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |

"{8C6828A4-B6E4-44CF-98FF-420656D3C0C3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |

"{8D4737AB-5234-45BC-BDC1-2FCFE0ACE09D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{8E491C17-158E-4384-8AF0-E539E655451B}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{8E715C4E-82F7-4AFA-A2AD-65780445F721}" = protocol=17 | dir=in | app=d:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire.exe |

"{923EE124-B14F-4317-A0D2-D30AFC3E79DA}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |

"{92F74059-8317-462E-9A8F-4C08FB677EBE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{93A8440A-1381-4F39-BFF0-9FD9B0AABA6E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |

"{93D997FB-7F16-4FBB-A456-40CECA022834}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe |

"{93E92165-1C27-4AD5-B7AB-56EE0C04C8C7}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe |

"{967B429D-AFF3-41C4-93C7-988EF7158EAF}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{9957085D-12EE-4A00-AC16-820B713B022A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{99749A81-E753-49D6-A96F-89DA2B598C94}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{99D44E94-191C-4588-8451-E3D16D96DF8E}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{9A084C0A-0DF3-457D-A7B7-80B9F62F283E}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\game_launcher.exe |

"{9E7A1525-4E6F-46B8-BEA8-3B392E9EA46B}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |

"{9E8C62DF-9CF9-4E88-99CE-9693B6746070}" = protocol=6 | dir=in | app=d:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe |

"{A1E1F4D3-F3AB-4872-B22C-22D5CD901CD4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{A36D3000-F8D0-4653-80FE-8211E4C5DFC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A40DC8CF-478D-4885-83C5-9529F50FBBF6}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\serious sam 2\bin\sam2.exe |

"{A790DCC5-FE25-4F3A-A709-070D85029653}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe |

"{A91BA635-C210-44DA-99DE-D50732DE1D36}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe |

"{AA025F3F-A839-4B63-A213-A3036F4778EF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{ABDBF4D9-9FC7-49D5-8875-29783CB80CB3}" = protocol=6 | dir=in | app=d:\program files\ventrilo\ventrilo.exe |

"{AFC85FC2-7F77-4253-9874-BBD786A1E83B}" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\launcher.patch.exe |

"{B0113140-A663-4A98-8053-A70D87C75A34}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\ftl faster than light\ftlgame.exe |

"{B16CE0D7-1C85-44C8-B23D-DD02191B0172}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |

"{B1E7DDFC-B96B-4593-B7C0-C864E764F44E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |

"{B2F31CFF-8D58-4B06-A0C0-E096E5CB6A04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B535249A-BDC2-4830-B4FA-1EC7AE151F22}" = protocol=6 | dir=in | app=c:\users\jens\appdata\roaming\dropbox\bin\dropbox.exe |

"{B6ED06D8-D2E5-4B5B-94CC-D7D181307918}" = protocol=17 | dir=in | app=d:\program files\ventrilo\ventrilo.exe |

"{B832BC08-298C-4D45-9A84-895C60492163}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{B8A9C288-140D-4096-8EBB-8FBE12D4753B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe |

"{B961FCBC-43EC-495C-8F26-911670D7A928}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{B97B09BA-82EC-43DE-8607-F3846AEF3BB5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe |

"{BBFBBCEA-2DC8-433E-8DEB-647E8AE98DDC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |

"{BDA77031-8B5C-400C-BADD-1CB0FAF131A8}" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\wow-3.2.0-engb-downloader.exe |

"{BDF7168F-EB00-4FF3-95A4-FDF61ED1E77C}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |

"{BF833475-9168-4B67-9DFE-D71E962A7DAF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C01AAF19-3015-411F-90C3-FEEDD9805A84}" = protocol=6 | dir=in | app=d:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire.exe |

"{C089F9D0-AB99-4F69-88EF-0B95C1246C07}" = protocol=17 | dir=in | app=c:\users\jens\appdata\roaming\dropbox\bin\dropbox.exe |

"{C50F7386-A56D-4A42-9BC3-A492DEB6114E}" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\starcraft ii.exe |

"{C64C9CEF-4A4A-4601-BBF3-75543C433203}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe |

"{C717BAF4-7CF1-493D-8246-B3BBD5423F46}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{CA504723-652A-46EE-9A38-E27F01B26606}" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\starcraft ii public test.exe |

"{D0EF990C-ACF7-4C15-AD59-0C430AC859A5}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe |

"{D381BC0D-3CF4-41FB-8618-A6D1D374C092}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe |

"{D3880CD0-B8FF-41B2-9B5E-34E1C7B0D9A4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |

"{D3E6FE59-7287-4829-B115-8DAD196E5581}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\red faction armageddon\redfactionarmageddon.exe |

"{D9895472-01A6-4E0D-9A09-304BB285EAD0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |

"{DCA26479-72DC-4A3E-B64C-8510E551D17E}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |

"{DF6FC8BF-9F24-4A49-B1E4-88BAB03AAFE4}" = protocol=17 | dir=in | app=d:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |

"{E0942F21-C373-490D-8A1C-2A05E5F5D1EE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |

"{E2AE9DBC-3A04-4113-8AAE-54E50F650005}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{E4C2B1D3-284D-43E3-B599-047091C2D023}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |

"{E823B0E9-C667-4BC8-8C46-FDCC5F8B9B55}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe |

"{EA92E0B8-9C28-49BB-BED1-FE040B3B2E4F}" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\starcraft ii public test.exe |

"{ED31386F-381D-4131-B023-EC8184482787}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{EFF5F992-82B0-4DA6-90D6-B246E599070D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F62BD06A-B012-4AE0-B2B3-252F9433F715}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |

"{FB2F444C-0953-48CA-972A-F85CFD29A8C9}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\moon breakers\mb.exe |

"{FC169701-78C2-4F2E-9FA3-ACB6F199BD50}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{FD58BE1F-58C0-46B6-8BAB-0059DB0AB76B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{FF9B9B20-A139-49AD-ADC2-054FB667187D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{FFA411BE-49B6-4CE4-99AC-8FD47B20FFE4}" = protocol=6 | dir=in | app=d:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe |

"TCP Query User{08404681-F987-423C-9B60-A62AA75E0837}C:\users\jens\desktop\downloader_diablo2_lord_of_destruction_engb.exe" = protocol=6 | dir=in | app=c:\users\jens\desktop\downloader_diablo2_lord_of_destruction_engb.exe |

"TCP Query User{0B9245D6-AAC3-4118-AC71-346DAE82C0F8}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"TCP Query User{0D4870BA-D236-469E-8E72-EA701FB3014C}D:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe |

"TCP Query User{0DEE7704-7861-41ED-BDAD-DA3FAF342717}D:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |

"TCP Query User{1206F7E4-0495-4220-A0DB-DBE0364F6DC7}C:\users\jens\desktop\diablo-iii-setup-engb.exe" = protocol=6 | dir=in | app=c:\users\jens\desktop\diablo-iii-setup-engb.exe |

"TCP Query User{167AE816-A52A-448A-B423-1F1C367282EE}D:\program files (x86)\steam\steamapps\tapkid\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\tapkid\team fortress 2\hl2.exe |

"TCP Query User{1C7F3ACB-8EEE-4120-AA37-0BFBEE77F62F}C:\program files (x86)\world of warcraft public test\launcherb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcherb.exe |

"TCP Query User{2277BCDD-34A0-438C-87E8-5D718F3C7C6D}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"TCP Query User{23773E33-9023-43DD-B406-29B0FDBD7F85}D:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ccp\eve\bin\exefile.exe |

"TCP Query User{247129AA-2D36-447F-BACA-F8E98F68902E}C:\program files (x86)\entropia universe\bin32\entropia.exe" = protocol=6 | dir=in | app=c:\program files (x86)\entropia universe\bin32\entropia.exe |

"TCP Query User{29E12B40-A3E7-43DA-844B-6BD0D34FF92B}D:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |

"TCP Query User{30B25D4A-9195-44C3-B66F-1CC830C4D1EC}D:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |

"TCP Query User{317ADF61-1185-4F89-8805-4F66DD993B1B}D:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\program files (x86)\diablo iii\diablo iii.exe |

"TCP Query User{338EA1BC-1A2B-4A62-A41A-25BE9DCBB389}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |

"TCP Query User{354942C7-D618-4544-999D-814AB5D361A8}D:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\blizzard downloader.exe |

"TCP Query User{355919EB-938D-4C76-8B96-6896D54FB6E4}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |

"TCP Query User{35AAD180-B502-41E7-B7EC-7BAE6DF5F799}D:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=d:\program files (x86)\world of warcraft\launcher.patch.exe |

"TCP Query User{360BE0A8-2AB6-4FEA-8B3D-A6B51DD7A5B4}D:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |

"TCP Query User{50A52A5C-5B8E-4A13-BC8D-5B5A4A614FB6}D:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |

"TCP Query User{51F649EE-5504-460E-A861-D5A204D6792A}D:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |

"TCP Query User{53CAD800-DD08-41CB-95C9-48C3C7A1FC86}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"TCP Query User{5DE48075-C8EC-40A5-BD8A-109B5DAAA2FE}D:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |

"TCP Query User{61172DB4-A0CE-4CBB-8DAA-A5233B4CE701}C:\users\jens\desktop\ptr-installer-en_gb.exe" = protocol=6 | dir=in | app=c:\users\jens\desktop\ptr-installer-en_gb.exe |

"TCP Query User{6766DEF4-76BF-4A73-88AF-E5DFAA8890F4}D:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\launcher.exe |

"TCP Query User{68A121DC-CF16-4822-A857-28443B81F788}D:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |

"TCP Query User{6C454C4E-567D-4391-8EEF-2383FF8AFAA3}D:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |

"TCP Query User{6D097BE8-F5FD-4853-B035-E2E131073D50}D:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=d:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe |

"TCP Query User{6ED3C45F-DF60-4AC7-B967-7E20C5C58785}D:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=d:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe |

"TCP Query User{6F245454-046D-4D3E-8B56-D9B425092287}D:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\blizzard downloader.exe |

"TCP Query User{700C648A-2C3E-4737-A725-C5E3489FCE18}D:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\program files (x86)\world of warcraft\launcher.exe |

"TCP Query User{74C017AD-9684-4F47-A200-2BE07485F55A}D:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |

"TCP Query User{77572A07-A6B1-429D-8EA2-A2DA317FEDC5}D:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=d:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |

"TCP Query User{7853330A-0D9A-4E4B-B15B-C41F76B08D21}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |

"TCP Query User{82338D22-F749-41F1-8A53-69CA8879E464}D:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |

"TCP Query User{83971A5A-BC54-441F-8AC3-A312D5EF4FE2}D:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"TCP Query User{87FC843D-9FA6-41E0-8A56-66257384E55F}D:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |

"TCP Query User{8DBECE5E-B883-46E8-B30F-FC343241ECED}D:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |

"TCP Query User{9004AEAF-6CCB-4FD2-8739-D8E63F6D6C92}C:\users\jens\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jens\appdata\roaming\spotify\spotify.exe |

"TCP Query User{902780AE-17E1-489F-AA6E-818835391086}C:\program files (x86)\world of warcraft public test\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\backgrounddownloader.exe |

"TCP Query User{98B29D17-BDE0-4882-BDA3-2CA098896285}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe |

"TCP Query User{9A860D39-4301-4C39-8078-0B502ECC0F1C}D:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |

"TCP Query User{A1D162BE-0915-4BA0-B3EE-6588B78877D6}D:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |

"TCP Query User{A65A3BF5-64E8-40F5-B6F8-86C1D96F8D8F}D:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=d:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe |

"TCP Query User{A6885E57-0DC3-47D4-A018-2B4CDB55FEC1}D:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe |

"TCP Query User{A74BBCE4-5BFA-442B-8642-594190A3DA7D}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |

"TCP Query User{A92AB823-924F-4694-8259-9D127B754750}D:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"TCP Query User{AA8CF588-9B28-4867-87FF-416BB3B50F2D}C:\users\jens\desktop\downloader_diablo2_engb.exe" = protocol=6 | dir=in | app=c:\users\jens\desktop\downloader_diablo2_engb.exe |

"TCP Query User{AE87EE13-2276-4562-91C0-7ACDD9315B7C}D:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe |

"TCP Query User{AEE1075A-DE57-461D-BC72-CBD4A24071A3}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"TCP Query User{B645AC7C-027D-40B3-B67F-3228972B3430}D:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |

"TCP Query User{B8B52AEF-7041-4FBB-9B11-6556744A86F3}C:\java\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\java\eclipse\eclipse.exe |

"TCP Query User{BEB05079-1F42-43BD-A5C5-9CFED17D8FF2}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"TCP Query User{BED0B1F0-675E-40E9-8C17-3156934B9E56}D:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |

"TCP Query User{D4E19AAD-4D1D-4F8F-91D9-5E2041DF1053}D:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\backgrounddownloader.exe |

"TCP Query User{D4F2D7EE-C14D-4C43-B918-5B5B6B26EBC4}D:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |

"TCP Query User{D51F3C97-1DD4-41E9-B50D-C4717A669AD4}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |

"TCP Query User{D55E045D-B691-48C6-B82F-159DD7DEE638}C:\users\jens\desktop\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=c:\users\jens\desktop\starcraft_2_eu_en-gb.exe |

"TCP Query User{DAC1ECCC-47B2-44F7-BD63-B10E2D35D671}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |

"TCP Query User{DB094B90-2687-451E-8262-80BB44A609F6}D:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-engb-bkgnd-downloader.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-engb-bkgnd-downloader.exe |

"TCP Query User{DBB5F983-FD16-4133-BE84-250BA3CA96B9}D:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\launcher.exe |

"TCP Query User{DDBA4F91-B0B7-4625-91C5-1DD9D529697B}D:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe |

"TCP Query User{E07502A9-62E8-47D0-88A8-7A4B84CC6910}D:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |

"TCP Query User{E7F9E490-36A7-4905-8291-44B9A954358E}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |

"TCP Query User{E937B2D6-83E6-4557-9FCD-E0B952513AEE}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{F0C74E50-1B19-416C-9FF4-556C59ABA2C7}C:\gog games\heroes of might and magic 4 complete\heroes4.exe" = protocol=6 | dir=in | app=c:\gog games\heroes of might and magic 4 complete\heroes4.exe |

"TCP Query User{F319EF96-DE3D-4448-B3FA-2B1CBBB12C94}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |

"TCP Query User{F5DF7F40-BEA2-47FD-9951-617C4C945157}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"TCP Query User{F6B48F9F-C988-466C-87C3-FE45F1C11248}D:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |

"TCP Query User{F9630E03-F316-47B1-A32E-39C26450DE57}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"TCP Query User{F9E6894F-87F4-415E-8739-67035640709F}D:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe" = protocol=6 | dir=in | app=d:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe |

"TCP Query User{FB454C11-1658-4AFD-8112-769EC880C4DF}D:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe |

"UDP Query User{02B58679-B8B3-4310-ABBB-4F0CA35223F0}D:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |

"UDP Query User{02D337D3-EF15-486B-90B8-4899D89B21DF}C:\users\jens\desktop\diablo-iii-setup-engb.exe" = protocol=17 | dir=in | app=c:\users\jens\desktop\diablo-iii-setup-engb.exe |

"UDP Query User{0FBF84BE-75B0-4990-933E-F844947A9987}D:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base19679\sc2.exe |

"UDP Query User{13BA800A-732E-4F66-84AD-982A7063126F}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |

"UDP Query User{14C11D82-DEE7-41D5-81C5-1FA8DC14F9FF}D:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe |

"UDP Query User{220A618B-AB9C-43B4-A2D2-D942B307C563}D:\program files (x86)\steam\steamapps\tapkid\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\tapkid\team fortress 2\hl2.exe |

"UDP Query User{2472223A-C3A3-457D-B35B-CA5650AEAA64}C:\program files (x86)\entropia universe\bin32\entropia.exe" = protocol=17 | dir=in | app=c:\program files (x86)\entropia universe\bin32\entropia.exe |

"UDP Query User{250F3FC1-28D3-42ED-A2B2-012DF7982984}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |

"UDP Query User{312EB495-9947-4489-B50E-A780C6B878BC}C:\program files (x86)\world of warcraft public test\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\backgrounddownloader.exe |

"UDP Query User{33AFA548-7EED-4D3D-9582-5BD6DD1661D7}D:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\backgrounddownloader.exe |

"UDP Query User{35D566FD-B2E4-44A5-982A-DC6FDA9E1B77}D:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-engb-bkgnd-downloader.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-engb-bkgnd-downloader.exe |

"UDP Query User{38AB593D-0B40-4C2B-9A4B-CF6D20D5D5C0}C:\users\jens\desktop\ptr-installer-en_gb.exe" = protocol=17 | dir=in | app=c:\users\jens\desktop\ptr-installer-en_gb.exe |

"UDP Query User{3ACAB4E3-3E7E-4FCE-89F1-92C91069BFAB}C:\program files (x86)\world of warcraft public test\launcherb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcherb.exe |

"UDP Query User{3C432F9E-2229-4139-BE19-780869F70E33}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe |

"UDP Query User{403B9DC9-A99A-44AB-B873-DCAA78B381E9}D:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\launcher.exe |

"UDP Query User{41BE44D2-E57A-45AD-91FE-97AB5E36FF39}D:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\blizzard downloader.exe |

"UDP Query User{42D9C513-6ADE-41BA-B8A2-5917D5351405}D:\program files (x86)\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=d:\program files (x86)\world of warcraft\launcher.patch.exe |

"UDP Query User{445810AF-EC56-438A-98BB-462A969004A8}C:\users\jens\desktop\downloader_diablo2_lord_of_destruction_engb.exe" = protocol=17 | dir=in | app=c:\users\jens\desktop\downloader_diablo2_lord_of_destruction_engb.exe |

"UDP Query User{4F2DAABA-77AC-44AF-A051-69A0C0AD6E49}D:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base16939\sc2.exe |

"UDP Query User{4F8B9AE3-196C-45D7-9BD2-28ED1D7F4E01}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"UDP Query User{50AAF835-C712-46C9-B5D5-D249F38D734B}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |

"UDP Query User{52A537F6-9D7E-4439-A04C-840EEA6EF630}D:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |

"UDP Query User{57302119-5CED-4B7F-A9A8-B87520A7FAB2}D:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe |

"UDP Query User{578EC43E-753E-4BDD-88A4-EB2D53823671}D:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe |

"UDP Query User{5DFB392D-81B7-4A49-A8A6-3AA73681C76F}D:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\program files (x86)\world of warcraft\launcher.exe |

"UDP Query User{622CBE6D-0DDC-4FE4-AC7B-7BA920A323E7}D:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |

"UDP Query User{634D74B7-4F13-4944-AD6D-61012A5240C7}D:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe |

"UDP Query User{64360993-5097-4A4D-8E0B-DB47C7681665}D:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |

"UDP Query User{646DFC67-232A-4545-9BFF-1730DB21A3FE}D:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=d:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe |

"UDP Query User{652D2D6D-87B3-4D70-8620-D8AE6062B353}D:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe |

"UDP Query User{6D4E54AA-B986-48E0-BAF4-D82EE898C7E4}D:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=d:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe |

"UDP Query User{6D5A6229-7449-4A10-A137-51D2581DA921}D:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"UDP Query User{6DF5CE34-9ACB-46D0-93D8-5AF8A6166764}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |

"UDP Query User{6FF6B892-EAA2-40C6-BB59-7B587221C8FD}D:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |

"UDP Query User{731056E1-7FAE-42FD-BA2F-2A84FDE84C37}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"UDP Query User{7706622B-73F4-45B6-A0B2-296CB2619F0C}D:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe |

"UDP Query User{90488AAE-5244-44D0-967C-03D31D413F87}C:\users\jens\desktop\downloader_diablo2_engb.exe" = protocol=17 | dir=in | app=c:\users\jens\desktop\downloader_diablo2_engb.exe |

"UDP Query User{909EA55B-E6EF-4A3C-8795-A594E18D89E4}D:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe |

"UDP Query User{914D1CD4-A7B0-42E6-A559-9D6171A2C602}D:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ccp\eve\bin\exefile.exe |

"UDP Query User{92F0975C-C650-494C-B856-7DBE181A174C}D:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\launcher.exe |

"UDP Query User{953D2BAA-81CC-4488-B677-D21B6764E00B}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |

"UDP Query User{9F0C426B-9863-454E-BC40-F6FEAEC6E252}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{A0B30A9E-107D-4CA8-8AB3-99C3DD818137}D:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe |

"UDP Query User{A210FF42-E51A-417D-8340-A5B9476D05FD}C:\java\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\java\eclipse\eclipse.exe |

"UDP Query User{A6F42DEF-E1DA-4809-A48A-11AB9DA041D5}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |

"UDP Query User{AA3993BD-B37C-4699-8E55-BF430CF3593D}D:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=d:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe |

"UDP Query User{ABF27195-729B-409A-967F-6194BF3C9FF2}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |

"UDP Query User{AD070D73-BD68-4B01-B9F1-F443464338BB}D:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |

"UDP Query User{AD52F8BC-E239-4A9D-BF65-5B717D7EB998}D:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base17326\sc2.exe |

"UDP Query User{ADFB0A7F-C14A-408C-A343-76CE38BC81CB}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |

"UDP Query User{AF58099E-D58D-4777-9DF2-56B4180005EE}C:\users\jens\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jens\appdata\roaming\spotify\spotify.exe |

"UDP Query User{B99DB014-4676-4272-91E6-A459041B7219}C:\gog games\heroes of might and magic 4 complete\heroes4.exe" = protocol=17 | dir=in | app=c:\gog games\heroes of might and magic 4 complete\heroes4.exe |

"UDP Query User{BA682333-9A45-4B60-A41B-6C46A0A645F8}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"UDP Query User{C1AF97AE-3570-4FE3-BEDE-1C1F62F55794}D:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-engb-downloader.exe |

"UDP Query User{C1FFB0A0-7A1F-4914-BA4F-90741FF4E4F2}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |

"UDP Query User{C657E68B-4791-4838-AF62-993BF8A09181}D:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

"UDP Query User{CB1B163D-709E-4610-AE2A-3CAC52F16993}D:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |

"UDP Query User{CB2CED27-114E-417E-927E-106C99FD2B91}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"UDP Query User{CE231BA4-EBF8-4147-9184-7D253800DF16}D:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-engb-downloader.exe |

"UDP Query User{D16F40D1-6B45-4ABC-86E4-509740AF6B22}D:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\blizzard downloader.exe |

"UDP Query User{DA3F0158-6B04-4976-835A-6352570C4EFC}D:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |

"UDP Query User{DB983F7F-0EF6-49D6-A88B-D94774126A68}C:\users\jens\desktop\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=c:\users\jens\desktop\starcraft_2_eu_en-gb.exe |

"UDP Query User{DD6B4076-1AAB-4C0E-BC9B-A4ADFED7D245}D:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe |

"UDP Query User{E13D994F-F7F6-4DF4-B46F-764A79975E67}D:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-engb-downloader.exe |

"UDP Query User{E8263BD4-6EF8-4D71-B18C-DD52E2A6A14C}D:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |

"UDP Query User{EAB785D3-67BA-4E59-A61A-14B54708CB3D}D:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |

"UDP Query User{EE1051B0-33D1-48A3-ADC1-637A0AA5C5CD}C:\program files (x86)\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rayv\rayv\rayv.exe |

"UDP Query User{F0ACD801-D864-497F-B9C7-9B64F6EED6CF}D:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\program files (x86)\diablo iii\diablo iii.exe |

"UDP Query User{F50C71EC-046B-4672-8654-9CB7FF4BF53D}D:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=d:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |

"UDP Query User{F5EEC2CD-3310-4051-979A-75CBE2B21AB0}D:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe" = protocol=17 | dir=in | app=d:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-engb-downloader.exe |

"UDP Query User{FEA4F367-6BC7-447D-AC46-EE2E4838366F}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{64A3A4F4-B792-11D6-A78A-00B0D0170150}" = Java SE Development Kit 7 Update 15 (64-bit)

"{6D8CEB72-EF89-3670-8133-966AF0CCDA86}" = Microsoft .NET Framework 4 Extended SVE Language Pack

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{79BF734B-84AF-4A1E-AA87-D97148BAA442}" = ESET NOD32 Antivirus

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8424B163-D1E0-48B7-88A2-C7A61767B3D7}" = Microsoft SQL Server Compact 4.0 x64 ENU

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-041D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Swedish) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96CC6DCC-8EBA-3F85-899B-933F599C4142}" = Microsoft .NET Framework 4 Client Profile SVE Language Pack

"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client

"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision drivrutin 310.90

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIAs kontrollpanel 310.90

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafikdrivrutin 310.90

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision drivrutin för styrenhet 310.90

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX systemprogramvara 9.12.1031

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA-uppdatering 1.11.3

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{F2C5AEF1-6055-4978-8924-EF5FFA4BEE40}" = Macrium Reflect Free Edition

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{fa451eea-8a73-486b-9ea0-9628c2c2c3ad}.sdb" = alien_crossfire

"{fe81cd48-2ed2-4e7d-886c-b65767350095}.sdb" = alpha_centauri

"CPUID HWMonitor_is1" = CPUID HWMonitor 1.16

"CutePDF Writer Installation" = CutePDF Writer 2.8

"doPDF 6 printer_is1" = doPDF 6.2 printer

"iid" = Net iD 5.6.2

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile SVE Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - SVE

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended SVE Language Pack" = Microsoft .NET Framework 4 Extended Language Pack - SVE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0613D880-939E-4C9D-AD7C-A10DF7D7D5E9}" = EveHQ

"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8

"{08A247F5-E34F-4D17-8731-0906DF56947E}" = Windows Live Sync

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0FEDB460-562A-4A93-B92D-02DA249F9618}" = Articulate Studio '09 Pro

"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{3E5131E9-1241-4E43-8036-E870C0DEDD97}" = Articulate Studio '09 Pro

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{54F8DACC-E782-4840-980A-D76EFEA23DBD}" = Articulate Studio '09 Pro

"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager

"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources

"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger

"{7094AA7A-7143-4335-8E71-EEFFE403180B}_is1" = CnCNet 0.9.8.4

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery

"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0016-041D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Swedish) 2007

"{90120000-0016-041D-0000-0000000FF1CE}_HOMESTUDENTR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-041D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Swedish) 2007

"{90120000-0018-041D-0000-0000000FF1CE}_HOMESTUDENTR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-041D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Swedish) 2007

"{90120000-001B-041D-0000-0000000FF1CE}_HOMESTUDENTR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2007

"{90120000-001F-040B-0000-0000000FF1CE}_HOMESTUDENTR_{C3B4672B-3FE7-4D6F-AFF3-80D290C1131E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2007

"{90120000-001F-041D-0000-0000000FF1CE}_HOMESTUDENTR_{4A960AFC-E28F-4233-953F-1903BE859B79}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-041D-1000-0000000FF1CE}_HOMESTUDENTR_{18651597-9190-4C03-902A-6F8F58A91A3E}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-041D-0000-0000000FF1CE}" = Microsoft Office Proofing (Swedish) 2007

"{90120000-006E-041D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Swedish) 2007

"{90120000-006E-041D-0000-0000000FF1CE}_HOMESTUDENTR_{18651597-9190-4C03-902A-6F8F58A91A3E}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-041D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Swedish) 2007

"{90120000-00A1-041D-0000-0000000FF1CE}_HOMESTUDENTR_{6DB23E19-BC1C-4C62-8158-391F65D84457}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90A4041D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Webbkomponenter

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A392A7FE-2216-4F7B-AF2F-24F1533DB860}" = Quake Live Internet Explorer Plugin

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Anslutningsbara komponenter

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1053-7B44-A95000000001}" = Adobe Reader 9.5.4 - Svenska

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark

"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI

"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse

"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder Mouse

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"888poker" = 888poker

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 12.0

"avast" = avast! Free Antivirus

"Beneath a Steel Sky_is1" = Beneath a Steel Sky

"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI

"Comical_is1" = Comical 0.8

"CrystalDiskInfo_is1" = CrystalDiskInfo 5.0.0

"Diablo III" = Diablo III

"Dune Legacy" = Dune Legacy

"EA Download Manager" = EA Download Manager

"Entropia Universe" = Entropia Universe

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"EVE" = EVE Online (remove only)

"EVEMon" = EVEMon

"Fragile Allegiance_is1" = Fragile Allegiance

"GOGPACKHOMM4COMPLETE_is1" = Heroes of Might and Magic 4 Complete

"GOGPACKMAX_is1" = MAX 1 and 2

"GOGPACKSIDMEIERSALPHACENTAURI_is1" = Sid Meier's Alpha Centauri

"GOGPACKSIMCITY2000_is1" = SimCity 2000 Special Edition

"GOGPACKTHEMEHOSPITAL_is1" = Theme Hospital

"GOM Player" = GOM Player

"GomTVStreamer" = GOMTV Streamer

"Google Chrome" = Google Chrome

"HandBrake" = HandBrake 0.9.8

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Huawei Modems" = Huawei modem

"iid" = Net iD 5.6.2 (32-bit Edition)

"Impulse" = Impulse

"isfree_is1" = iSpring Free 4.1

"Magic Carpet_is1" = Magic Carpet

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"OpenAL" = OpenAL

"PartyPoker" = PartyPoker

"PokerStars.eu" = PokerStars.eu

"PunkBusterSvc" = PunkBuster Services

"Security Task Manager" = Security Task Manager 1.8g

"StarCraft II" = StarCraft II

"Steam App 113400" = APB Reloaded

"Steam App 200710" = Torchlight II

"Steam App 204340" = Serious Sam 2

"Steam App 20540" = Company of Heroes: Tales of Valor

"Steam App 208030" = Moon Breakers

"Steam App 212680" = FTL: Faster Than Light

"Steam App 43110" = Metro 2033

"Steam App 4540" = Titan Quest

"Steam App 4560" = Company of Heroes

"Steam App 4570" = Warhammer 40,000: Dawn of War - Game of the Year Edition

"Steam App 50620" = Darksiders

"Steam App 55110" = Red Faction: Armageddon

"Steam App 55150" = Warhammer 40,000 Space Marine

"Steam App 55230" = Saints Row: The Third

"Steam App 9340" = Company of Heroes: Opposing Fronts

"TrueCrypt" = TrueCrypt

"Tyrian 2000_is1" = Tyrian 2000

"WinLiveSuite" = Windows Live Essentials

"VLC media player" = VLC media player 2.0.2

"WordFinder" = WordFinder

"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"101a9f93b8f0bb6f" = Curse Client

"Dropbox" = Dropbox

"FileZilla Client" = FileZilla Client 3.6.0.2

"SOE-Free Realms" = Free Realms

"Spotify" = Spotify

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 2013-03-07 08:21:56 | Computer Name = Monstret | Source = Application Hang | ID = 1002

Description = Programmet taskman.exe, version 1.8.6.0, avslutades eftersom det slutade

att samverka med Windows. Ytterligare information kan finnas i problemhistoriken

på kontrollpanelen för Åtgärdscentret och lösningar. Process-ID: 3dc Starttid: 01ce1b2dc357d783

Avslutningstid:

0 Programsökväg: C:\Program Files (x86)\Security Task Manager\taskman.exe Rapport-ID:

Error - 2013-03-07 17:27:51 | Computer Name = Monstret | Source = MsiInstaller | ID = 1002

Description =

Error - 2013-03-07 19:41:50 | Computer Name = Monstret | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

Error - 2013-03-09 09:36:45 | Computer Name = Monstret | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

Error - 2013-03-10 06:39:31 | Computer Name = Monstret | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

Error - 2013-03-11 15:19:03 | Computer Name = Monstret | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

Error - 2013-03-12 12:15:44 | Computer Name = Monstret | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

Error - 2013-03-13 05:54:57 | Computer Name = Monstret | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

Error - 2013-03-14 07:09:58 | Computer Name = Monstret | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

Error - 2013-03-15 08:29:41 | Computer Name = Monstret | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

Error - 2013-03-15 19:39:31 | Computer Name = Monstret | Source = SideBySide | ID = 16842815

Description = Det gick inte att skapa aktiveringskontext för c:\program files (x86)\spybot

- search & destroy\DelZip179.dll. Det finns ett fel i manifest- eller principfilen

c:\program files (x86)\spybot - search & destroy\DelZip179.dll på rad 8. Värdet

* i attributet language i elementet assemblyIdentity är felaktigt.

[ OSession Events ]

Error - 2011-03-07 05:13:35 | Computer Name = Monstret | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2

seconds with 0 seconds of active time. This session ended with a crash.

Error - 2011-04-29 15:25:17 | Computer Name = Monstret | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3

seconds with 0 seconds of active time. This session ended with a crash.

Error - 2011-05-17 12:53:59 | Computer Name = Monstret | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2

seconds with 0 seconds of active time. This session ended with a crash.

Error - 2011-05-24 06:01:16 | Computer Name = Monstret | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4

seconds with 0 seconds of active time. This session ended with a crash.

Error - 2011-12-07 04:39:44 | Computer Name = Monstret | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21

seconds with 0 seconds of active time. This session ended with a crash.

Error - 2012-06-14 16:53:28 | Computer Name = Monstret | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 41085

seconds with 780 seconds of active time. This session ended with a crash.

Error - 2012-06-21 17:48:04 | Computer Name = Monstret | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 40583

seconds with 600 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 2013-03-07 16:59:34 | Computer Name = Monstret | Source = Service Control Manager | ID = 7001

Description = Tjänsten Network List Service är beroende av tjänsten Network Location

Awareness. Den sistnämnda kunde inte starta på grund av följande fel: %%1068

Error - 2013-03-07 16:59:34 | Computer Name = Monstret | Source = Service Control Manager | ID = 7001

Description = Tjänsten Network List Service är beroende av tjänsten Network Location

Awareness. Den sistnämnda kunde inte starta på grund av följande fel: %%1068

Error - 2013-03-07 16:59:34 | Computer Name = Monstret | Source = Service Control Manager | ID = 7001

Description = Tjänsten Network List Service är beroende av tjänsten Network Location

Awareness. Den sistnämnda kunde inte starta på grund av följande fel: %%1068

Error - 2013-03-07 16:59:34 | Computer Name = Monstret | Source = Service Control Manager | ID = 7001

Description = Tjänsten Network List Service är beroende av tjänsten Network Location

Awareness. Den sistnämnda kunde inte starta på grund av följande fel: %%1068

Error - 2013-03-07 16:59:34 | Computer Name = Monstret | Source = Service Control Manager | ID = 7001

Description = Tjänsten Network List Service är beroende av tjänsten Network Location

Awareness. Den sistnämnda kunde inte starta på grund av följande fel: %%1068

Error - 2013-03-07 16:59:34 | Computer Name = Monstret | Source = Service Control Manager | ID = 7001

Description = Tjänsten Network List Service är beroende av tjänsten Network Location

Awareness. Den sistnämnda kunde inte starta på grund av följande fel: %%1068

Error - 2013-03-07 17:00:39 | Computer Name = Monstret | Source = DCOM | ID = 10005

Description =

Error - 2013-03-07 17:00:39 | Computer Name = Monstret | Source = DCOM | ID = 10005

Description =

Error - 2013-03-07 17:00:39 | Computer Name = Monstret | Source = Service Control Manager | ID = 7001

Description = Tjänsten Network List Service är beroende av tjänsten Network Location

Awareness. Den sistnämnda kunde inte starta på grund av följande fel: %%1068

Error - 2013-03-09 17:26:09 | Computer Name = Monstret | Source = Service Control Manager | ID = 7011

Description = En timeout (30000 ms) inträffade vid väntan på transaktionssvar från

tjänsten ShellHWDetection.

< End of report >

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

I see more than one Anti Virus Programm installed. In your case ESET and AVAST

Having 2 AVs may sound great but they can cause conflicts with each other, can lead to system slow-downs, instability, crashes and will provide less protection, not more.

So I highly recommend to uninstall one of them via Start > Control Panel > Add / Remove Programs and let me know which one you have removed.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes interfere our fixes

Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

Download ComboFix from this location:

Link 1

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Link to post
Share on other sites
Tapkid

Tapkid

Posted
  • Author
Posted

Thank you so much for your help, I am very greatful.

I have noticed that since I'm running a Swedish version of Win 7 a lot of the stuff in the logs is in Swedish, hope that doesn't cause problems for you.

Ok, did this:

* Uninstalled ESET

* Disabled TeaTimer

* Ran ComboFix, posting log below:

ComboFix 13-03-17.01 - Jens 2013-03-18 13:30:17.1.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.46.1053.18.4091.1852 [GMT 1:00]

Körs från: c:\users\Jens\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jens\AppData\Roaming\isfree4_0.tmp

c:\windows\SysWow64\ccrpTmr6.dll

c:\windows\SysWow64\URTTemp

c:\windows\SysWow64\URTTemp\regtlib.exe

.

.

(((((((((((((((((((((((( Filer skapade från 2013-02-18 till 2013-03-18 ))))))))))))))))))))))))))))))

.

.

2013-03-15 13:03 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E34839F0-53E1-45F8-B237-B29A287224E5}\mpengine.dll

2013-03-14 11:59 . 2013-03-14 11:59 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2013-03-09 18:15 . 2013-03-09 18:15 -------- d-sh--w- c:\windows\system32\%APPDATA%

2013-03-06 19:18 . 2013-03-06 19:19 -------- d-----w- c:\windows\22B3AE667A374118BADB3680C15CA366.TMP

2013-03-06 19:13 . 2013-03-06 19:13 -------- d-----w- c:\users\Jens\AppData\Local\ESET

2013-03-06 11:38 . 2013-03-07 12:26 -------- d-----w- c:\programdata\SecTaskMan

2013-03-06 11:38 . 2013-03-07 12:17 -------- d-----w- c:\program files (x86)\Security Task Manager

2013-03-06 08:20 . 2013-03-06 08:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-03-06 08:20 . 2013-03-06 08:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2013-03-05 20:01 . 2013-03-05 20:01 -------- d-----w- c:\program files\Enigma Software Group

2013-03-05 17:58 . 2013-03-08 07:15 -------- d-----w- c:\program files (x86)\Absolute Key Logger Removal Tool

2013-03-05 17:57 . 2013-03-05 17:57 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-04 09:42 . 2013-02-28 08:36 177672 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-03-04 09:42 . 2013-02-28 08:36 65408 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-03-04 08:48 . 2013-03-04 08:48 -------- d-----w- c:\users\Jens\AppData\Local\Macromedia

2013-02-28 08:34 . 2013-03-02 21:16 -------- d-----w- c:\users\Jens\AppData\Local\Eclipse

2013-02-27 20:53 . 2013-02-28 09:27 -------- d-----w- C:\java

2013-02-27 20:37 . 2013-02-27 20:36 310688 ----a-w- c:\windows\system32\javaws.exe

2013-02-27 20:37 . 2013-02-27 20:36 963488 ----a-w- c:\windows\system32\deployJava1.dll

2013-02-27 20:37 . 2013-02-27 20:36 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-02-27 20:36 . 2013-02-27 20:36 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-02-27 20:36 . 2013-02-27 20:36 188832 ----a-w- c:\windows\system32\javaw.exe

2013-02-27 20:36 . 2013-02-27 20:36 188320 ----a-w- c:\windows\system32\java.exe

2013-02-27 20:35 . 2013-02-27 20:36 -------- d-----w- c:\program files\Java

2013-02-27 02:02 . 2013-01-13 20:22 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2013-02-26 11:02 . 2013-03-04 21:20 -------- d-----w- c:\users\Jens\AppData\Roaming\FileZilla

2013-02-26 11:02 . 2013-02-26 11:02 -------- d-----w- c:\program files (x86)\FileZilla FTP Client

2013-02-26 09:57 . 2013-02-26 09:57 -------- d-----w- c:\users\Jens\AppData\Roaming\Awesomium

2013-02-26 09:53 . 2013-02-26 09:53 -------- d-----w- c:\users\Public\entropia universe

2013-02-26 09:53 . 2013-02-26 09:53 -------- d-----w- c:\program files (x86)\Entropia Universe

2013-02-26 09:53 . 2013-02-26 09:53 -------- d-----w- c:\windows\Entropia Universe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-18 09:16 . 2012-04-02 06:44 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-18 09:16 . 2011-05-17 14:56 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-14 12:02 . 2010-01-25 21:15 72013344 ----a-w- c:\windows\system32\MRT.exe

2013-03-05 17:57 . 2012-05-22 09:58 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-03-05 17:57 . 2010-05-02 06:24 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-02-28 08:36 . 2010-01-25 21:02 68992 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-02-28 08:36 . 2012-05-23 06:11 71064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-02-28 08:36 . 2011-04-24 18:45 1025880 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-02-28 08:36 . 2010-01-25 21:02 377992 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-02-28 08:36 . 2010-01-25 21:02 80888 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-02-28 08:36 . 2010-01-25 21:02 33472 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-02-28 08:36 . 2010-07-30 19:24 41664 ----a-w- c:\windows\avastSS.scr

2013-02-28 08:35 . 2011-01-26 08:31 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-02-12 05:45 . 2013-03-14 08:19 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-14 08:19 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-14 08:19 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-14 08:19 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-14 08:19 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-14 08:19 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-01-17 00:28 . 2010-01-06 11:43 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-05 05:53 . 2013-02-13 09:03 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-05 05:00 . 2013-02-13 09:03 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00 . 2013-02-13 09:03 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46 . 2013-02-13 09:03 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-01-04 04:51 . 2013-02-13 09:03 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-01-04 04:43 . 2013-02-13 09:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-01-04 03:26 . 2013-02-13 09:03 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-01-04 02:47 . 2013-02-13 09:03 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-01-04 02:47 . 2013-02-13 09:03 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-01-04 02:47 . 2013-02-13 09:03 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-01-04 02:47 . 2013-02-13 09:03 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-01-03 06:00 . 2013-02-13 09:03 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-03 06:00 . 2013-02-13 09:03 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-12-29 10:34 . 2013-02-06 11:08 61368 ----a-w- c:\windows\system32\OpenCL.dll

2012-12-29 10:34 . 2013-02-06 11:08 53176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-12-29 10:34 . 2013-02-06 11:06 7565240 ----a-w- c:\windows\system32\nvopencl.dll

2012-12-29 10:34 . 2013-02-06 11:06 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-12-29 10:34 . 2013-02-06 11:06 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-12-29 10:34 . 2013-02-06 11:06 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-12-29 10:34 . 2013-02-06 11:06 9389888 ----a-w- c:\windows\system32\nvcuda.dll

2012-12-29 10:34 . 2013-02-06 11:06 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-12-29 10:34 . 2013-02-06 11:06 2904504 ----a-w- c:\windows\system32\nvcuvid.dll

2012-12-29 10:34 . 2013-02-06 11:06 2824656 ----a-w- c:\windows\system32\nvapi64.dll

2012-12-29 10:34 . 2013-02-06 11:06 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-12-29 10:34 . 2013-02-06 11:06 26931128 ----a-w- c:\windows\system32\nvoglv64.dll

2012-12-29 10:34 . 2013-02-06 11:06 25256376 ----a-w- c:\windows\system32\nvcompiler.dll

2012-12-29 10:34 . 2013-02-06 11:06 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-12-29 10:34 . 2013-02-06 11:06 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-12-29 10:34 . 2013-02-06 11:06 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-12-29 10:34 . 2013-02-06 11:06 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-12-29 10:34 . 2013-02-06 11:06 1813432 ----a-w- c:\windows\system32\nvdispco64.dll

2012-12-29 10:34 . 2013-02-06 11:06 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-12-29 10:34 . 2013-02-06 11:06 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-12-29 10:34 . 2013-02-06 11:06 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-12-29 10:34 . 2013-02-06 11:06 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-12-29 10:34 . 2013-02-06 11:06 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-12-29 08:40 . 2013-02-06 11:08 6382008 ----a-w- c:\windows\system32\nvcpl.dll

2012-12-29 08:40 . 2013-02-06 11:08 3455416 ----a-w- c:\windows\system32\nvsvc64.dll

2012-12-29 08:40 . 2013-02-06 11:08 884152 ----a-w- c:\windows\system32\nvvsvc.exe

2012-12-29 08:40 . 2013-02-06 11:08 63928 ----a-w- c:\windows\system32\nvshext.dll

2012-12-29 08:40 . 2013-02-06 11:08 118712 ----a-w- c:\windows\system32\nvmctray.dll

2012-12-29 01:54 . 2012-12-29 01:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Jens\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Jens\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Jens\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-09-12 2969496]

"Spotify Web Helper"="c:\users\Jens\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-29 1199576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-02-28 4767304]

"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"iTunesHelper"="d:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Net iD"="c:\program files (x86)\Net iD\iid.exe" [2012-03-07 100160]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 aswVmm;aswVmm; [x]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\DRIVERS\ewusbmdm.sys [2009-09-14 116864]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2009-10-16 50176]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-26 1255736]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S0 aswRvrt;aswRvrt; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-02-28 80888]

S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-05-11 20968]

S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2012-06-12 301760]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]

S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-04-19 12032]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]

S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-09-30 13312]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-13 08:47 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe

.

Innehåll i mappen 'Schemalagda aktiviteter':

.

2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 06:15]

.

2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 06:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-02-28 08:35 133840 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Jens\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Jens\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Jens\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]

"Net iD"="c:\program files\Net iD\iid.exe" [2012-03-07 110912]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Extra genomsökning -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: E&xportera till Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 83.255.245.11 193.150.193.150

FF - ProfilePath - c:\users\Jens\AppData\Roaming\Mozilla\Firefox\Profiles\fdy1ovwl.default\

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

SafeBoot-64822384.sys

.

.

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_USERS\S-1-5-21-2866623726-3497870083-104101559-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2866623726-3497870083-104101559-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-2866623726-3497870083-104101559-1003\Software\SecuROM\License information*]

"datasecu"=hex:49,71,d9,04,ed,cc,a7,fb,6a,57,31,72,07,da,f7,cc,7c,21,b3,f3,21,

22,01,6e,a8,b2,91,02,56,e3,da,b0,96,26,72,73,80,d9,2d,1c,cf,8c,56,28,1f,ee,\

"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,

bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]

"v5Licence0"="15-P368-X5P2-S9DH-E2UD-H1XR-HBM67GS"

"Activated"="Y"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Sluttid: 2013-03-18 13:39:39

ComboFix-quarantined-files.txt 2013-03-18 12:39

.

Före genomsökningen: 668 895 268 864 byte ledigt

Efter genomsökningen: 669 022 679 040 byte ledigt

.

- - End Of File - - 0FB5C6757A3F1634FA8DF0413EA818E1

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted

Double click on the OTL icon to run it.

Copy/paste the entire contents of the codebox below into the Custom.jpg Box:

:otl
MsConfig:64bit - StartUpFolder: C:^Users^Jens^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk
:commands
[emptytemp]

  • Please close all other programs now.
  • Then click the Run Fix button at the top.
  • OTL may ask to reboot the machine. Please do so if asked.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Please post the log in your next reply.

Download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

    [*]Then click Finish.[*]If an update is found, it will download and install the latest version.[*]Once the program has loaded, select Perform Quick scan, then click Scan.[*]When the scan is complete, click OK, then Show Results to view the results.[*]Be sure that everything is checked, and click Remove Selected.[*]When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

Link to post
Share on other sites
Tapkid

Tapkid

Posted
  • Author
Posted

<p>OTL Log:</p>

<p> </p>

<p> </p>

<p> </p>

<div>All processes killed</div>

<div>========== OTL ==========</div>

<div>========== COMMANDS ==========</div>

<div> </div>

<div>[EMPTYTEMP]</div>

<div> </div>

<div>User: All Users</div>

<div> </div>

<div>User: Default</div>

<div>->Temp folder emptied: 0 bytes</div>

<div>->Temporary Internet Files folder emptied: 67 bytes</div>

<div>->Flash cache emptied: 57616 bytes</div>

<div> </div>

<div>User: Default User</div>

<div>->Temp folder emptied: 0 bytes</div>

<div>->Temporary Internet Files folder emptied: 0 bytes</div>

<div>->Flash cache emptied: 0 bytes</div>

<div> </div>

<div>User: Jens</div>

<div>->Temp folder emptied: 1532 bytes</div>

<div>->Temporary Internet Files folder emptied: 15102284 bytes</div>

<div>->Java cache emptied: 1771 bytes</div>

<div>->FireFox cache emptied: 42304746 bytes</div>

<div>->Google Chrome cache emptied: 181976212 bytes</div>

<div>->Flash cache emptied: 58359 bytes</div>

<div> </div>

<div>User: Public</div>

<div>->Temp folder emptied: 0 bytes</div>

<div> </div>

<div>User: UpdatusUser</div>

<div>->Temp folder emptied: 0 bytes</div>

<div>->Temporary Internet Files folder emptied: 67 bytes</div>

<div>->Flash cache emptied: 41620 bytes</div>

<div> </div>

<div>%systemdrive% .tmp files removed: 0 bytes</div>

<div>%systemroot% .tmp files removed: 1725904 bytes</div>

<div>%systemroot%\System32 .tmp files removed: 0 bytes</div>

<div>%systemroot%\System32 (64bit) .tmp files removed: 0 bytes</div>

<div>%systemroot%\System32\drivers .tmp files removed: 0 bytes</div>

<div>Windows Temp folder emptied: 221739688 bytes</div>

<div>%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67796 bytes</div>

<div>%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes</div>

<div>RecycleBin emptied: 0 bytes</div>

<div> </div>

<div>Total Files Cleaned = 442,00 mb</div>

<div> </div>

<div> </div>

<div>OTL by OldTimer - Version 3.2.69.0 log created on 03192013_101752</div>

<div> </div>

<div>Files\Folders moved on Reboot...</div>

<div>C:\Users\Jens\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.</div>

<div>File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.</div>

<div> </div>

<div>PendingFileRenameOperations files...</div>

<div> </div>

<div>Registry entries deleted on Reboot...</div>

<div> </div>

Link to post
Share on other sites
Tapkid

Tapkid

Posted
  • Author
Posted

<p>MBAM Log:</p>

<p> </p>

<p> </p>

<div>Malwarebytes Anti-Malware 1.70.0.1100</div>

<div>www.malwarebytes.org</div>

<div> </div>

<div>Databasversion: v2013.03.19.04</div>

<div> </div>

<div>Windows 7 Service Pack 1 x64 NTFS</div>

<div>Internet Explorer 9.0.8112.16421</div>

<div>Jens :: MONSTRET [administratör]</div>

<div> </div>

<div>2013-03-19 10:24:16</div>

<div>mbam-log-2013-03-19 (10-24-16).txt</div>

<div> </div>

<div>Skanningstyp: Snabbskanning</div>

<div>Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM</div>

<div>Inaktiverade skanningsalternativ: P2P</div>

<div>Antal skannade objekt: 239775</div>

<div>Förfluten tid: 2 minut(er), 43 sekund(er)</div>

<div> </div>

<div>Upptäckta minnesprocesser: 0</div>

<div>(Inga skadliga poster hittades)</div>

<div> </div>

<div>Upptäckta minnesmoduler: 0</div>

<div>(Inga skadliga poster hittades)</div>

<div> </div>

<div>Upptäckta registernycklar: 0</div>

<div>(Inga skadliga poster hittades)</div>

<div> </div>

<div>Upptäckta registervärden: 0</div>

<div>(Inga skadliga poster hittades)</div>

<div> </div>

<div>Upptäckta registerdataposter: 0</div>

<div>(Inga skadliga poster hittades)</div>

<div> </div>

<div>Upptäckta mappar: 0</div>

<div>(Inga skadliga poster hittades)</div>

<div> </div>

<div>Upptäckta filer: 0</div>

<div>(Inga skadliga poster hittades)</div>

<div> </div>

<div>(klar)</div>

<div> </div>

Link to post
Share on other sites
Tapkid

Tapkid

Posted
  • Author
Posted

If you haven't found anything suspicious with these scans I'm cool with closing the thread.

I still have no idéa how my Wow account got hacked or how the F they accessed my sites, but as long as this computer is clean that is step 1 and I thank you for that.

Thanks for the help and have a great day :)

Link to post
Share on other sites
Larusso

Larusso

Posted
Posted

You are welcome.

Unless you have any open issues, you are good to go. Please follow these last few steps.

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present): Java 7 Update 15 (64-bit)

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

There is a newer version of Adobe Acrobat Reader available.

  • Please go to this link Adobe Acrobat Reader Download Link
  • Untick Free McAfee® Security Scan Plus if you do not wish to include this in the installation.
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

Please press the windows.jpg + R Key and Copy/Paste the following single-line command into the Run box and click OK

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

Please download delfix to your Desktop.

  • Close all running programms.
  • Doubleclick on the delfix.exe
  • Make sure that all options are checked.
  • Click Start.

This tool will delete most of the tools we have used for the cleanup procedure. If something remaints, simply delete it.

Now that you appear to be free from malware lets help you stay that way!

It is vital that you keep your system up to date

  • Please enable Automatic Updates to keep your system up to date.
  • Windows Updates
    • Win XP: Start --> Control Panel and double- click on Automatic Updates.
    • Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates

    [*] Software Updates

    Your installed Software also can have vulnerabilities that malware can use to infect your system.

    To keep your installed Software up to date I recommend File Hippo.

Anti Virus Software

  • Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.

Additional Protection
  • Malwarebytes Anti Malware
    The freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features.
  • WinPatrol
    WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Safer Browsing

Use an alternate browser

Other browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer.

Note: If you use Firefox you may want to have a look on this Add Ons.

Computer Maintenance

Clean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).

Thinking while surfing

There is no software which will protect your system from yourself.

I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet.

If you have any questions kindly ask.

Please respond to this thread one more time so we can mark this thread as resolved.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.