Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

alureon.gen!U [Solved]

Started by Darkman66 , Jan 25 2010 09:37 AM

  • This topic is locked This topic is locked

#16
Darkman66
Posted 27 January 2010 - 10:41 AM

Darkman66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Do you know how long time the rooter.exe would normally take, before it is finished scaning all files?
  • 0

Advertisements

#17
Rorschach112
Posted 27 January 2010 - 12:08 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
shouldn't take long

skip that step then
  • 0

#18
Darkman66
Posted 27 January 2010 - 02:24 PM

Darkman66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The Rooter.exe just crashes - so i skipped that part...

Heres the ckscanner log:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe dreamweaver cs3\configuration\content\reference\html\keygen.html
c:\program files\adobe\adobe dreamweaver cs3\configuration\content\reference\php\crackf.html
c:\program files\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs4\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files\genie-soft\gbmpro8\keygen\gconfig.xml.genc
c:\users\joakim krassman\favorites\crackdb.org - trepcad 4.2.1 trepcad 4.2.1 no torrents!.url
scanner sequence 3.FA.11
----- EOF -----

and here is the other:

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-X92GV-V7DCV-P4K27
Windows Product Key Hash: aU2z1/fnhnLHmhBm699qYZT2E6s=
Windows Product ID: 00426-OEM-8992662-00400
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010100.0.0.001
ID: {25645D9F-9739-47DD-8414-898038800E68}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7600.win7_rtm.090713-1255
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6001.18152

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 108 Invalid VLK
Microsoft Office Enterprise 2007 - 108 Invalid VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{25645D9F-9739-47DD-8414-898038800E68}</UGUID><Version>1.9.0011.0</Version><OS>6.1.7600.2.00010100.0.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-P4K27</PKey><PID>00426-OEM-8992662-00400</PID><PIDType>2</PIDType><SID>S-1-5-21-1873777020-1959098436-2068944172</SID><SYSTEM><Manufacturer>MICRO-STAR INTERNATIONAL CO.,LTD</Manufacturer><Model>MS-7380</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>V1.3</Version><SMBIOSVersion major="2" minor="5"/><Date>20081119000000.000000+000</Date></BIOS><HWID>77F43C07018400F8</HWID><UserLCID>041D</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Västeuropa, normaltid(GMT+01:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>QA09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>108</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>108</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>94436407C3F2586</Val><Hash>Nh+O7p+E5Ha5+8Lxn9JfFULj9GM=</Hash><Pid>89388-707-9845457-65872</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="108"/><App Id="16" Version="12" Result="108"/><App Id="18" Version="12" Result="108"/><App Id="19" Version="12" Result="108"/><App Id="1A" Version="12" Result="108"/><App Id="1B" Version="12" Result="108"/><App Id="44" Version="12" Result="108"/><App Id="A1" Version="12" Result="108"/><App Id="BA" Version="12" Result="108"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Programlicenstjänstens version: 6.1.7600.16385

Namn: Windows® 7, Ultimate edition
Beskrivning: Windows Operating System - Windows® 7, OEM_SLP channel
Aktiverings-ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Program-ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Utökat produkt-ID: 00426-00178-926-600400-02-1053-7600.0000-2972009
Installations-ID: 010221052902576960283824181796383606260033291562908452
URL till processorcertifikatet: http://go.microsoft....k/?LinkID=88338
URL till datorcertifikatet: http://go.microsoft....k/?LinkID=88339
URL till användningslicensen: http://go.microsoft....k/?LinkID=88341
URL till produktnyckelcertifikat: http://go.microsoft....k/?LinkID=88340
Ofullständig produktnyckel: P4K27
Licenstillstånd: Licensierad
Återstående antal Windows-omaktiveringar: 4
Betrodd tid: 2010-01-27 20:37:49

HWID Data-->
HWID Hash Current: NgAAAAEABAABAAIAAgABAAAAAQABAAEAeqgADxzTOk9IJEIgCIVK/DSgRrDOyMxBev2Ue0bK

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 111908 APIC1948
FACP 111908 FACP1948
HPET 111908 OEMHPET0
MCFG 111908 OEMMCFG
OEMB 111908 OEMB1948
SLIC DELL QA09
  • 0

#19
Darkman66
Posted 27 January 2010 - 02:30 PM

Darkman66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I managed to get rooter.exe to run, in compability mode (XP SP3) :)

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 23 Stepping 6, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !
.
Internet Explorer 8.0.7600.16385
Mozilla Firefox 3.5.7 (sv-SE)
.
C:\ [Fixed-NTFS] .. ( Total:279 Go - Free:107 Go )
D:\ [Fixed-NTFS] .. ( Total:189 Go - Free:7 Go )
E:\ [Fixed-NTFS] .. ( Total:76 Go - Free:28 Go )
F:\ [CD_Rom]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
L:\ [Removable]
.
Scan : 21:29.31
Path : C:\Users\Joakim Krassman\Desktop\Rooter.exe
User : Joakim Krassman ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (320)
______ C:\Windows\system32\csrss.exe (416)
______ C:\Windows\system32\wininit.exe (476)
______ C:\Windows\system32\csrss.exe (496)
______ C:\Windows\system32\services.exe (544)
______ C:\Windows\system32\lsass.exe (560)
______ C:\Windows\system32\lsm.exe (568)
______ C:\Windows\system32\winlogon.exe (640)
______ C:\Windows\system32\svchost.exe (736)
______ C:\Windows\system32\nvvsvc.exe (796)
______ C:\Windows\system32\svchost.exe (840)
______ C:\Windows\System32\svchost.exe (904)
______ C:\Windows\System32\svchost.exe (992)
______ C:\Windows\system32\svchost.exe (1052)
______ C:\Windows\system32\svchost.exe (1200)
______ C:\Windows\system32\nvvsvc.exe (1308)
______ C:\Program Files\WTouch\WTouchService.exe (1340)
______ C:\Windows\SYSTEM32\WISPTIS.EXE (1420)
______ C:\Windows\system32\svchost.exe (1540)
______ C:\Windows\System32\spoolsv.exe (1684)
______ C:\Windows\system32\svchost.exe (1716)
______ C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (1800)
______ C:\Windows\system32\svchost.exe (1828)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1848)
______ C:\Windows\system32\ASTSRV.EXE (1888)
Locked avp.exe (1932)
______ C:\Program Files\Bonjour\mDNSResponder.exe (2040)
______ C:\Windows\system32\svchost.exe (380)
______ C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe (1040)
______ C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe (1776)
______ c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (2096)
______ C:\Program Files\Microsoft SQL Server\MSSQL10.HOBBIT\MSSQL\Binn\sqlservr.exe (2240)
______ C:\Windows\SYSTEM32\WISPTIS.EXE (2676)
______ C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (2700)
______ C:\Program Files\WTouch\WTouchUser.exe (2748)
______ C:\Windows\system32\taskeng.exe (3048)
______ C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (3124)
______ C:\Windows\system32\taskhost.exe (3212)
______ C:\Program Files\CyberLink\Shared files\RichVideo.exe (3280)
______ C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (3368)
______ C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (3416)
______ C:\Windows\system32\svchost.exe (3456)
______ C:\Windows\system32\Pen_Tablet.exe (3484)
______ C:\Windows\system32\svchost.exe (3556)
______ C:\Windows\system32\Dwm.exe (3736)
______ C:\Windows\system32\WTablet\Pen_TabletUser.exe (3744)
______ C:\Windows\Explorer.EXE (3760)
______ C:\Windows\system32\Pen_Tablet.exe (3792)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (4012)
______ C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (4068)
______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2884)
______ C:\Windows\system32\SearchIndexer.exe (2236)
______ C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (3588)
______ C:\Program Files\Brownie\BrStsWnd.exe (4224)
______ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (4236)
______ C:\Program Files\Winamp\winampa.exe (4260)
______ C:\Program Files\Brownie\Brnipmon.exe (4356)
______ C:\Program Files\iTunes\iTunesHelper.exe (4364)
Locked avp.exe (4380)
______ C:\Program Files\Windows Sidebar\sidebar.exe (4392)
______ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (4468)
______ C:\Windows\system32\svchost.exe (4476)
______ C:\Program Files\Personal\bin\Personal.exe (4596)
______ C:\Windows\system32\WUDFHost.exe (4724)
______ C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe (5060)
______ C:\Program Files\Microsoft SQL Server\MSSQL10.HOBBIT\MSSQL\Binn\fdlauncher.exe (5124)
______ C:\Program Files\Microsoft SQL Server\MSSQL10.HOBBIT\MSSQL\Binn\fdhost.exe (5160)
______ C:\Windows\system32\conhost.exe (5168)
______ C:\Program Files\Windows Media Player\wmpnetwk.exe (5760)
______ C:\Program Files\iPod\bin\iPodService.exe (6080)
______ C:\Windows\System32\svchost.exe (2468)
______ C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (5728)
______ C:\Windows\system32\wuauclt.exe (1664)
______ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (5300)
______ C:\Windows\system32\taskhost.exe (3548)
______ C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (1820)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3168)
Locked audiodg.exe (3040)
______ C:\Program Files\Internet Explorer\iexplore.exe (1432)
______ C:\Program Files\Internet Explorer\iexplore.exe (4968)
______ c:\windows\system32\inetsrv\w3wp.exe (3360)
______ C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe (2196)
______ C:\Program Files\Internet Explorer\iexplore.exe (2932)
______ C:\Windows\system32\svchost.exe (1460)
______ C:\Windows\system32\SearchProtocolHost.exe (2348)
______ C:\Windows\system32\SearchFilterHost.exe (3264)
______ C:\Windows\system32\wermgr.exe (4612)
______ C:\Users\Joakim Krassman\Desktop\Rooter.exe (4888)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:82335020544)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 21:30.25
.
C:\Rooter$\Rooter_2.txt - (27/01/2010 | 21:30.25)
  • 0

#20
Rorschach112
Posted 27 January 2010 - 04:04 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

:Services

:Reg

:Files
c:\program files\adobe\adobe dreamweaver cs3\configuration\content\reference\html\keygen.html
c:\program files\adobe\adobe dreamweaver cs3\configuration\content\reference\php\crackf.html
c:\program files\genie-soft\gbmpro8\keygen
c:\users\joakim krassman\favorites\crackdb.org - trepcad 4.2.1 trepcad 4.2.1 no torrents!.url

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#21
Darkman66
Posted 27 January 2010 - 04:46 PM

Darkman66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL logfile created on: 2010-01-27 23:42:33 - Run 2
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\Joakim Krassman\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 279,46 Gb Total Space | 107,32 Gb Free Space | 38,40% Space Free | Partition Type: NTFS
Drive D: | 189,92 Gb Total Space | 6,90 Gb Free Space | 3,63% Space Free | Partition Type: NTFS
Drive E: | 76,68 Gb Total Space | 28,73 Gb Free Space | 37,47% Space Free | Partition Type: NTFS
Drive F: | 34,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 3,83 Gb Total Space | 3,65 Gb Free Space | 95,39% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOCKE
Current User Name: Joakim Krassman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-01-27 23:38:03 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Joakim Krassman\Desktop\OTL.exe
PRC - [2010-01-25 07:54:05 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2010-01-06 11:21:47 | 00,939,920 | ---- | M] (Technology Nexus AB) -- C:\Program Files\Personal\bin\Personal.exe
PRC - [2009-11-23 15:53:58 | 04,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009-11-23 15:53:58 | 00,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009-11-23 15:53:56 | 04,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009-11-23 15:53:56 | 01,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009-11-20 20:33:00 | 00,122,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009-11-20 19:17:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009-11-12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009-11-12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009-08-24 23:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
PRC - [2009-08-17 21:54:54 | 12,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009-08-03 06:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-07-14 02:17:29 | 00,673,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009-07-14 02:14:50 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009-07-14 02:14:46 | 00,334,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009-07-14 02:14:42 | 00,181,760 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009-07-14 02:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 02:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009-07-14 02:14:15 | 00,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009-07-01 17:37:06 | 00,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009-06-05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009-03-30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009-03-30 15:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
PRC - [2009-03-30 02:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2009-03-05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008-11-25 21:59:30 | 00,247,152 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2008-10-25 10:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008-07-30 18:04:06 | 00,678,960 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Shadow for ReadyNAS\Shadow.exe
PRC - [2008-07-10 10:49:38 | 40,999,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.HOBBIT\MSSQL\Binn\sqlservr.exe
PRC - [2008-07-10 02:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008-07-10 01:22:36 | 00,218,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
PRC - [2008-07-10 01:15:32 | 00,068,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.HOBBIT\MSSQL\Binn\fdhost.exe
PRC - [2008-07-10 01:15:32 | 00,031,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.HOBBIT\MSSQL\Binn\fdlauncher.exe
PRC - [2008-07-07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008-05-19 11:13:20 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE
PRC - [2008-01-08 08:28:02 | 00,864,256 | ---- | M] (brother) -- C:\Program Files\Brownie\BrStsWnd.exe
PRC - [2007-12-06 20:03:41 | 00,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2007-12-03 14:21:24 | 00,869,672 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2007-07-20 18:32:16 | 00,217,088 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brownie\Brnipmon.exe
PRC - [2006-11-03 12:27:28 | 12,693,504 | ---- | M] ( ) -- C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\wirelesscm.exe
PRC - [2006-01-12 20:52:32 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (SafeList) ==========

MOD - [2010-01-27 23:38:03 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Joakim Krassman\Desktop\OTL.exe
MOD - [2009-07-14 02:16:16 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009-07-14 02:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 02:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 02:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 02:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 02:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 02:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 02:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 02:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 02:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 02:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-01-25 07:54:05 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010-01-14 19:05:02 | 00,000,000 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\TVersityMediaServer.log -- (TVersityMediaServer)
SRV - [2009-11-23 15:53:58 | 00,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009-11-23 15:53:56 | 04,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009-11-20 20:33:00 | 00,122,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009-11-20 19:17:00 | 00,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009-11-12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009-10-01 18:53:34 | 00,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-09-09 11:13:26 | 00,055,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2009-08-24 23:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe -- (NAV)
SRV - [2009-07-14 02:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 02:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 02:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 02:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 02:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 02:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 02:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) PNRP (Peer Name Resolution Protocol)
SRV - [2009-07-14 02:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 02:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 02:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 02:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009-07-14 02:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 02:15:31 | 00,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) Tjänsten Windows Process Activation (WAS)
SRV - [2009-07-14 02:15:31 | 00,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009-07-14 02:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-07-14 02:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 02:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 02:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 02:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009-07-14 02:14:53 | 00,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009-07-14 02:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 02:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009-06-05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009-03-30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009-03-30 02:25:26 | 43,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009-03-30 02:23:32 | 00,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009-03-30 02:23:24 | 00,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2009-03-13 21:07:19 | 00,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008-11-25 21:59:30 | 00,247,152 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2008-11-04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008-10-25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008-07-10 10:49:38 | 40,999,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.HOBBIT\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2008-07-10 10:49:34 | 00,369,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.HOBBIT\MSSQL\Binn\SQLAGENT.EXE -- (SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER)
SRV - [2008-07-10 10:49:34 | 00,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008-07-10 02:49:44 | 00,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008-07-10 01:22:36 | 00,218,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe -- (MsDtsServer100)
SRV - [2008-07-10 01:15:32 | 00,031,256 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.HOBBIT\MSSQL\Binn\fdlauncher.exe -- (MSSQLFDLauncher) SQL Full-text Filter Daemon Launcher (MSSQLSERVER)
SRV - [2008-07-07 09:42:02 | 00,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008-05-19 11:13:20 | 00,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\ASTSRV.EXE -- (ASTSRV)
SRV - [2007-12-13 19:10:56 | 00,447,784 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007-12-06 20:03:41 | 00,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
SRV - [2007-12-03 14:21:24 | 00,869,672 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006-08-25 19:54:12 | 00,360,532 | ---- | M] (Atheros) [Auto | Stopped] -- C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe -- (ACS)
SRV - [2005-11-14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://127.0.0.1/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "http://127.0.0.1/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2010-01-27 21:45:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-16 15:54:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-16 15:54:43 | 00,000,000 | ---D | M]

[2009-12-31 14:31:51 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\mozilla\Extensions
[2009-12-31 14:31:51 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Joakim Krassman\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010-01-27 14:57:34 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\mozilla\Firefox\Profiles\tetc9dck.default\extensions
[2009-11-06 14:04:40 | 00,000,000 | ---D | M] (Web Developer) -- C:\Users\Joakim Krassman\AppData\Roaming\mozilla\Firefox\Profiles\tetc9dck.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009-11-10 17:18:03 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\mozilla\Firefox\Profiles\tetc9dck.default\extensions\[email protected]
[2009-05-15 10:56:40 | 00,002,399 | ---- | M] () -- C:\Users\Joakim Krassman\AppData\Roaming\Mozilla\FireFox\Profiles\tetc9dck.default\searchplugins\daemon-search.xml
[2010-01-27 14:57:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010-01-27 12:30:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009-12-25 10:29:38 | 00,001,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2009-12-25 10:29:38 | 00,002,670 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2009-12-25 10:29:38 | 00,000,948 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2009-12-25 10:29:38 | 00,001,174 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2009-12-25 10:29:38 | 00,000,647 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2010-01-27 23:38:41 | 00,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\4.0.295.0\npchrome_frame.dll (@COMPANY_FULLNAME@)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Shadow] C:\Program Files\NewTech Infosystems\NTI Shadow for ReadyNAS\Shadow.exe (NewTech Infosystems, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Joakim Krassman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat ()
O4 - Startup: C:\Users\Joakim Krassman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll File not found
O9 - Extra 'Tools' menuitem : Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler Trillix\iebt.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Tillförlitliga platser)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Tillförlitliga platser)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Tillförlitliga platser)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} http://louk.solidwor...elsStandard.cab (Reg Error: Key error.)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefi...er_4.0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.ms...ine/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} file:///C:/Program%20Files/OpenCube/Visual%20Infinite%20Menus/comdlg32.cab (Microsoft Common Dialog Control, version 6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\4.0.295.0\npchrome_frame.dll (@COMPANY_FULLNAME@)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Bakgrunder\_MG_6380.jpg
O24 - Desktop BackupWallPaper: C:\Bakgrunder\_MG_6380.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005-09-25 22:57:08 | 00,000,045 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010-01-27 23:37:58 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\Joakim Krassman\Desktop\OTL.exe
[2010-01-27 21:45:15 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010-01-27 21:45:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010-01-27 21:45:09 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010-01-27 21:44:58 | 00,501,888 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1100000.088\ccHPx86.sys
[2010-01-27 21:44:58 | 00,338,480 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1100000.088\symtdiv.sys
[2010-01-27 21:44:58 | 00,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1100000.088\SymDS.sys
[2010-01-27 21:44:58 | 00,325,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1100000.088\srtsp.sys
[2010-01-27 21:44:58 | 00,169,008 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1100000.088\SymEFA.sys
[2010-01-27 21:44:58 | 00,114,736 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1100000.088\Ironx86.sys
[2010-01-27 21:44:58 | 00,043,696 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1100000.088\srtspx.sys
[2010-01-27 21:44:48 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2010-01-27 21:44:48 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1100000.088
[2010-01-27 21:44:46 | 00,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2010-01-27 21:44:45 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010-01-27 21:44:41 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010-01-27 21:44:41 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010-01-27 21:37:29 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010-01-27 21:32:06 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010-01-27 21:32:05 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010-01-27 21:25:02 | 00,000,000 | ---D | C] -- C:\Rooter$
[2010-01-27 20:37:53 | 00,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010-01-27 16:32:10 | 00,000,000 | ---D | C] -- C:\_OTM
[2010-01-27 12:29:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010-01-26 19:44:36 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Roaming\MyPhoneExplorer
[2010-01-26 19:44:34 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Roaming\Desktopicon
[2010-01-26 19:44:25 | 00,000,000 | ---D | C] -- C:\Program Files\MyPhoneExplorer
[2010-01-26 16:17:46 | 00,000,000 | ---D | C] -- C:\Program Files\Genie-Soft
[2010-01-26 15:02:56 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010-01-26 15:02:55 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Local\temp
[2010-01-26 14:50:17 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010-01-26 14:50:17 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010-01-26 14:50:17 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010-01-26 14:50:11 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-01-26 14:50:10 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010-01-26 14:50:01 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010-01-26 14:49:40 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010-01-26 14:44:47 | 00,000,000 | ---D | C] -- C:\_OTL
[2010-01-25 17:14:58 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Desktop\OTL
[2010-01-25 11:50:12 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Desktop\Irene
[2010-01-23 21:59:18 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010-01-23 19:05:16 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Desktop\Beijer
[2010-01-23 18:37:47 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Desktop\Photoshop hörnan
[2010-01-23 18:37:20 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Desktop\Henke
[2010-01-23 17:35:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010-01-23 17:35:55 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-01-22 21:41:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Memeo
[2010-01-22 21:36:14 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Local\Altaro
[2010-01-22 21:35:56 | 00,000,000 | ---D | C] -- C:\ProgramData\OopsBackup
[2010-01-22 16:51:51 | 00,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2010-01-21 21:50:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate
[2010-01-20 20:24:41 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Roaming\Genie-Soft
[2010-01-20 20:24:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Genie-Soft
[2010-01-15 23:11:40 | 00,076,392 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010-01-15 23:01:59 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Roaming\BOXEE
[2010-01-14 19:03:28 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2010-01-14 16:50:50 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\AppData\Roaming\Python-Eggs
[2010-01-14 16:50:49 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\.moovida
[2010-01-14 16:41:08 | 00,000,000 | ---D | C] -- C:\Users\Joakim Krassman\Documents\My Playlists
[2010-01-14 16:37:26 | 00,000,000 | ---D | C] -- C:\MS-7380 v1.30
[2010-01-14 16:36:08 | 00,000,000 | ---D | C] -- C:\Program Files\MSI
[2010-01-14 16:35:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Team MediaPortal
[1 C:\Users\Joakim Krassman\Desktop\*.tmp files -> C:\Users\Joakim Krassman\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010-01-27 23:45:33 | 00,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-01-27 23:45:33 | 00,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-01-27 23:40:54 | 00,000,444 | ---- | M] () -- C:\Windows\Brownie.ini
[2010-01-27 23:40:41 | 00,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-01-27 23:40:28 | 00,000,350 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010-01-27 23:40:28 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-01-27 23:40:20 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-01-27 23:40:20 | 00,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err
[2010-01-27 23:40:16 | 24,152,59648 | -HS- | M] () -- C:\hiberfil.sys
[2010-01-27 23:39:11 | 09,175,040 | -HS- | M] () -- C:\Users\Joakim Krassman\ntuser.dat
[2010-01-27 23:38:41 | 00,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010-01-27 23:38:03 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Joakim Krassman\Desktop\OTL.exe
[2010-01-27 22:59:08 | 00,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-01-27 21:59:44 | 01,092,722 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1100000.088\Cat.DB
[2010-01-27 21:53:14 | 00,000,178 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.nav
[2010-01-27 21:45:09 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010-01-27 21:45:09 | 00,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010-01-27 21:45:09 | 00,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010-01-27 21:45:02 | 00,002,406 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010-01-27 15:24:15 | 00,002,024 | -H-- | M] () -- C:\Users\Joakim Krassman\Documents\Default.rdp
[2010-01-27 14:42:00 | 05,556,667 | ---- | M] () -- C:\Users\Joakim Krassman\Desktop\Metro Holland.pdf
[2010-01-27 12:39:48 | 03,598,135 | -H-- | M] () -- C:\Users\Joakim Krassman\AppData\Local\IconCache.db
[2010-01-27 12:23:40 | 00,000,218 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2010-01-27 12:15:05 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010-01-26 19:44:34 | 00,002,071 | ---- | M] () -- C:\Users\Joakim Krassman\Desktop\MyPhoneExplorer.lnk
[2010-01-26 17:02:37 | 00,153,107 | ---- | M] () -- C:\Users\Joakim Krassman\Desktop\Därför är killar emot män i tjejfilmerFIXAD.docx
[2010-01-26 15:00:00 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010-01-26 11:46:18 | 00,933,964 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
[2010-01-26 11:46:18 | 00,806,848 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-01-26 11:46:18 | 00,231,756 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
[2010-01-26 11:46:17 | 02,157,564 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-01-26 11:46:17 | 00,175,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-01-25 22:36:17 | 01,985,037 | ---- | M] () -- C:\Users\Joakim Krassman\Desktop\BlobSaveRestore.zip
[2010-01-25 22:17:38 | 00,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010-01-25 22:08:17 | 00,000,047 | ---- | M] () -- C:\Users\Joakim Krassman\Documents\rrrr.dsn
[2010-01-25 13:29:54 | 03,890,758 | ---- | M] () -- C:\Users\Joakim Krassman\Desktop\Texter.xlsx
[2010-01-24 20:30:59 | 00,014,373 | ---- | M] () -- C:\Users\Joakim Krassman\Desktop\Därför är killar emot män i tjejfilmer.docx
[2010-01-24 19:07:54 | 00,013,722 | ---- | M] () -- C:\Users\Joakim Krassman\Desktop\Twilight.docx
[2010-01-23 21:46:29 | 00,157,143 | ---- | M] () -- C:\Users\Joakim Krassman\Desktop\IMG_4210.jpg
[2010-01-23 19:54:24 | 02,969,600 | ---- | M] () -- C:\Users\Joakim Krassman\Documents\Database2.accdb
[2010-01-23 19:52:16 | 05,787,648 | ---- | M] () -- C:\Users\Joakim Krassman\Documents\Projects.accdb
[2010-01-23 19:28:00 | 00,327,680 | ---- | M] () -- C:\Users\Joakim Krassman\Documents\Database1.accdb
[2010-01-23 18:19:22 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010-01-22 16:17:24 | 00,000,042 | -HS- | M] () -- C:\Users\Joakim Krassman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat
[2010-01-20 23:06:05 | 60,410,6597 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010-01-17 21:44:49 | 00,000,219 | ---- | M] () -- C:\Windows\System32\lsprst7.tgz
[2010-01-17 21:44:49 | 00,000,087 | ---- | M] () -- C:\Windows\System32\ssprs.tgz
[2010-01-17 21:44:49 | 00,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2010-01-14 18:13:46 | 00,161,816 | ---- | M] () -- C:\Users\Joakim Krassman\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-01-14 17:00:18 | 02,515,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Joakim Krassman\Desktop\*.tmp files -> C:\Users\Joakim Krassman\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-01-27 21:45:18 | 01,092,722 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\Cat.DB
[2010-01-27 21:45:15 | 00,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010-01-27 21:45:15 | 00,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010-01-27 21:45:02 | 00,002,406 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2010-01-27 21:44:52 | 00,003,375 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\SymEFA.inf
[2010-01-27 21:44:52 | 00,002,793 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\SymDS.inf
[2010-01-27 21:44:52 | 00,001,756 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\ccHPx86.inf
[2010-01-27 21:44:52 | 00,001,475 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\SymNetV.inf
[2010-01-27 21:44:52 | 00,001,447 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\SymNet.inf
[2010-01-27 21:44:52 | 00,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\srtspx.inf
[2010-01-27 21:44:52 | 00,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\srtsp.inf
[2010-01-27 21:44:52 | 00,000,743 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\Iron.inf
[2010-01-27 21:44:48 | 00,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\symnetv.cat
[2010-01-27 21:44:48 | 00,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\srtsp.cat
[2010-01-27 21:44:48 | 00,007,431 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\SymEFA.cat
[2010-01-27 21:44:48 | 00,007,429 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\srtspx.cat
[2010-01-27 21:44:48 | 00,007,425 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\SymDS.cat
[2010-01-27 21:44:48 | 00,007,424 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\iron.cat
[2010-01-27 21:44:48 | 00,007,396 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\cchpx86.cat
[2010-01-27 21:44:48 | 00,007,355 | R--- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\SymNet.cat
[2010-01-27 21:44:48 | 00,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1100000.088\isolate.ini
[2010-01-27 14:42:00 | 05,556,667 | ---- | C] () -- C:\Users\Joakim Krassman\Desktop\Metro Holland.pdf
[2010-01-26 19:44:34 | 00,002,071 | ---- | C] () -- C:\Users\Joakim Krassman\Desktop\MyPhoneExplorer.lnk
[2010-01-26 14:50:17 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010-01-26 14:50:17 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010-01-26 14:50:17 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010-01-26 14:50:17 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010-01-26 14:50:17 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010-01-25 22:36:17 | 01,985,037 | ---- | C] () -- C:\Users\Joakim Krassman\Desktop\BlobSaveRestore.zip
[2010-01-25 22:08:15 | 00,000,047 | ---- | C] () -- C:\Users\Joakim Krassman\Documents\rrrr.dsn
[2010-01-25 21:16:55 | 00,153,107 | ---- | C] () -- C:\Users\Joakim Krassman\Desktop\Därför är killar emot män i tjejfilmerFIXAD.docx
[2010-01-25 13:29:29 | 03,890,758 | ---- | C] () -- C:\Users\Joakim Krassman\Desktop\Texter.xlsx
[2010-01-25 07:54:08 | 00,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-01-25 07:54:08 | 00,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-01-24 19:25:32 | 00,014,373 | ---- | C] () -- C:\Users\Joakim Krassman\Desktop\Därför är killar emot män i tjejfilmer.docx
[2010-01-24 19:07:54 | 00,013,722 | ---- | C] () -- C:\Users\Joakim Krassman\Desktop\Twilight.docx
[2010-01-23 21:46:28 | 00,157,143 | ---- | C] () -- C:\Users\Joakim Krassman\Desktop\IMG_4210.jpg
[2010-01-23 19:52:16 | 02,969,600 | ---- | C] () -- C:\Users\Joakim Krassman\Documents\Database2.accdb
[2010-01-23 19:49:57 | 05,787,648 | ---- | C] () -- C:\Users\Joakim Krassman\Documents\Projects.accdb
[2010-01-23 19:26:32 | 00,327,680 | ---- | C] () -- C:\Users\Joakim Krassman\Documents\Database1.accdb
[2010-01-23 17:37:10 | 00,000,350 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010-01-22 16:17:24 | 00,000,042 | -HS- | C] () -- C:\Users\Joakim Krassman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\kill.bat
[2010-01-15 23:11:40 | 00,007,133 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010-01-14 19:07:18 | 00,000,218 | ---- | C] () -- C:\Windows\System32\tversity.cookies
[2010-01-14 19:03:28 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010-01-14 19:03:28 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010-01-05 14:51:36 | 00,000,722 | R--- | C] () -- C:\Windows\cm108.ini
[2010-01-05 14:51:25 | 00,002,584 | R--- | C] () -- C:\Windows\Cm108.ini.cfg
[2010-01-03 11:36:25 | 00,000,088 | ---- | C] () -- C:\Windows\GraphEdt.INI
[2010-01-03 00:43:04 | 00,000,000 | ---- | C] () -- C:\Windows\PhotoNow.INI
[2010-01-01 19:40:13 | 00,014,848 | ---- | C] () -- C:\Users\Joakim Krassman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-15 15:01:49 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009-10-12 17:38:12 | 00,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009-10-12 17:38:02 | 00,009,853 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2009-10-12 17:38:02 | 00,000,146 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2009-10-12 17:38:02 | 00,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2009-10-12 17:38:02 | 00,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2009-10-12 14:31:17 | 00,000,444 | ---- | C] () -- C:\Windows\Brownie.ini
[2009-08-25 22:09:03 | 00,005,990 | ---- | C] () -- C:\Users\Joakim Krassman\AppData\Roaming\ReplayMusicLog.log
[2009-08-20 21:56:50 | 00,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009-08-20 21:56:50 | 00,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009-08-20 21:56:50 | 00,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009-08-20 21:56:49 | 00,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2009-07-31 18:59:18 | 00,000,040 | ---- | C] () -- C:\Windows\iltwain.ini
[2009-07-28 18:21:40 | 00,000,023 | ---- | C] () -- C:\Windows\SWFDecompiler.INI
[2009-07-14 00:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-07-11 13:22:21 | 00,237,568 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll
[2009-07-11 13:22:21 | 00,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini
[2009-04-13 20:11:19 | 00,110,592 | ---- | C] () -- C:\Windows\System32\suppdll.dll
[2009-04-13 20:11:19 | 00,035,363 | ---- | C] () -- C:\Windows\System32\windrvNT.sys
[2009-04-13 20:10:15 | 00,000,343 | ---- | C] () -- C:\Windows\start.ini
[2009-04-13 20:10:09 | 00,000,110 | ---- | C] () -- C:\Windows\kundkort.ini
[2009-03-27 14:34:31 | 00,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009-03-27 14:34:31 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009-03-15 23:46:19 | 00,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009-03-13 21:07:19 | 00,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2009-02-24 19:01:25 | 00,000,103 | ---- | C] () -- C:\Windows\BOP.ini
[2009-02-22 17:41:29 | 00,777,728 | ---- | C] () -- C:\Windows\System32\SSLSVC.DLL
[2009-02-22 17:41:29 | 00,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2009-02-22 17:41:29 | 00,040,960 | ---- | C] () -- C:\Windows\System32\cfmsg.dll
[2009-02-22 17:41:29 | 00,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2009-02-22 17:41:28 | 00,114,688 | ---- | C] () -- C:\Windows\System32\lang_cfml.dll
[2009-02-22 17:41:28 | 00,028,672 | ---- | C] () -- C:\Windows\System32\xml_datagrove.dll
[2009-02-22 14:10:48 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008-10-12 20:26:36 | 00,000,081 | ---- | C] () -- C:\Windows\ODA.INI
[2008-10-07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008-02-01 08:18:14 | 00,009,216 | ---- | C] () -- C:\Windows\System32\drivers\FlashSys.sys
[2007-05-09 19:35:54 | 00,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2002-08-31 06:00:00 | 00,001,786 | ---- | C] () -- C:\Windows\System32\msisl$.dll

========== LOP Check ==========

[2009-03-18 14:07:15 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Abvent
[2009-10-24 11:25:31 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Abvent_Artlantis2
[2009-10-24 11:28:04 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Agency9
[2009-10-24 11:28:04 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Alien Skin
[2010-01-02 15:41:15 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\ALLCapture
[2009-10-24 11:28:04 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Ambient Design
[2009-10-24 11:28:04 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Any Video Converter
[2010-01-02 18:29:58 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Blueberry
[2009-10-24 11:28:15 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Borland
[2010-01-15 23:01:59 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\BOXEE
[2009-10-24 11:28:15 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\ContentGuard
[2009-02-21 09:21:42 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\DAEMON Tools
[2009-10-24 11:28:20 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\DAEMON Tools Lite
[2009-10-24 11:28:21 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\DAEMON Tools Pro
[2010-01-26 19:44:34 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Desktopicon
[2009-10-24 11:28:21 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\e
[2009-03-13 21:07:27 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\EDrawings
[2009-10-24 11:28:21 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\FileMaker
[2009-10-24 11:28:21 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Filter Forge
[2009-10-24 11:28:21 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\fltk.org
[2010-01-21 21:08:00 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Genie-Soft
[2009-10-24 11:28:21 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\GlobalSCAPE
[2009-10-24 11:28:22 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Graphisoft
[2009-10-24 11:28:23 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\HDRsoft
[2009-10-24 11:28:23 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Home Designer Suite 8.0
[2009-10-24 11:28:23 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Imagenomic
[2009-11-26 20:51:22 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\IsolatedStorage
[2009-10-24 11:28:23 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Ivacy
[2009-10-24 11:28:23 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Kerio
[2009-10-24 11:28:23 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\LogSys
[2009-12-13 17:19:02 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Microsys
[2010-01-26 19:44:36 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\MyPhoneExplorer
[2009-12-31 09:11:26 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Netviewer
[2009-10-24 11:28:41 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\OneSwarm
[2009-10-24 11:28:41 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Participatory Culture Foundation
[2009-10-24 11:28:42 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Personal
[2009-11-06 17:10:06 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\PNGGauntlet
[2009-09-15 21:07:56 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\proDAD
[2010-01-17 12:55:12 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Python-Eggs
[2009-10-24 11:28:42 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\SPCS
[2010-01-24 00:31:58 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Spotify
[2009-10-24 11:28:42 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Systweak
[2009-12-31 14:31:50 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Thunderbird
[2009-10-24 11:28:42 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Ulead Systems
[2010-01-27 21:46:34 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\uTorrent
[2010-01-04 18:10:13 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\WTouch
[2010-01-17 12:37:42 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\XBMC
[2009-10-24 11:28:44 | 00,000,000 | ---D | M] -- C:\Users\Joakim Krassman\AppData\Roaming\Zoner
[2010-01-15 15:05:29 | 00,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8FF81EB0
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:DCD39382
< End of report >
  • 0

#22
Rorschach112
Posted 27 January 2010 - 04:58 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.



Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#23
Darkman66
Posted 28 January 2010 - 09:32 AM

Darkman66

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks dude, There are not enough words for the great support you gave me!

It saved me a lot of time, instead of reinstalling the system on new formated disks!

You can close this issue!

Best regards, Joakim
  • 0

#24
Rorschach112
Posted 28 January 2010 - 04:40 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP