Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

GEMA Trojan

  • 03-06-2012 3:05pm
    #1
    random_guy
    Registered Users, Registered Users 2 Posts: 213 ✭✭


    Greetings to all,

    I have a small issue that hopefully you can help me with.
    Earlier I get a call from a friend of mine asking if I know anything about computers and if I’m being honest I don’t. She was after getting a popup that took over her screen and didn’t give her any way around it. You can see what it looks like in the image. GEMA are, I think, the musical copyright people in Gemany. (They block most of the youtube videos)

    Anyway I remember seeing things like this from before so I was fairly sure it was a virus/trojan of some form and the internet seems to agree with me. The only problem is that any of the info on it is in German and my Deutsch is not at a level that I can understand it so basically I have no idea how to help her get rid of it.

    From the information she gave me in her call, if she restarts the computer this screen comes up automatically so she can’t get a look at the Task Manager to see what’s running, or get access to her antivirus etc.
    Some other info that I know, her antivirus is Avast and unfortunately only some of her stuff is backed up.

    I'm aware there is a thread with the different steps to go through but I'm not so sure how to carry those out as the screen is somewhat locked.

    So the fine people of the boards Computer & Technology Forum, is it possible that I may ask for some advice in how to get rid of this nasty bit of work and in return you get that warm fuzzy feeling inside from helping people.

    Thanks in advance.


Comments

  • #2
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • #3
    random_guy
    Registered Users, Registered Users 2 Posts: 213 ✭✭random_guy


    OTL.txt


    OTL logfile created on: 6/3/2012 8:24:32 PM - Run 1
    OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Lisa\Downloads
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

    2.96 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.38% Memory free
    5.92 Gb Paging File | 4.90 Gb Available in Paging File | 82.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 240.54 Gb Total Space | 81.64 Gb Free Space | 33.94% Space Free | Partition Type: NTFS
    Drive D: | 42.45 Gb Total Space | 42.31 Gb Free Space | 99.67% Space Free | Partition Type: NTFS

    Computer Name: LISA-DATOR | User Name: Lisa | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/03 20:22:16 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Downloads\OTL.exe
    PRC - [2012/05/13 19:13:16 | 000,932,528 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2012/03/07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2012/02/15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2011/07/24 20:34:23 | 001,087,896 | ---- | M] (Technology Nexus AB) -- C:\Program Files\Personal\bin\Personal.exe
    PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/12/06 18:01:06 | 000,597,752 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/01/14 00:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
    PRC - [2009/10/30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
    PRC - [2009/09/08 01:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    PRC - [2009/09/07 12:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    PRC - [2009/08/23 06:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
    PRC - [2009/08/11 17:09:52 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    PRC - [2009/08/11 17:09:52 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2009/08/06 09:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    PRC - [2009/07/14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
    PRC - [2009/07/14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
    PRC - [2009/05/20 10:58:04 | 000,650,920 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/13 19:13:16 | 000,932,528 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    MOD - [2010/03/21 20:19:50 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2009/05/20 10:58:04 | 000,650,920 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
    MOD - [2009/05/13 10:51:26 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
    MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/03/07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/12/06 18:01:06 | 000,597,752 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
    SRV - [2010/11/20 14:19:33 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
    SRV - [2010/05/20 08:58:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
    SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
    SRV - [2010/03/18 14:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
    SRV - [2009/08/13 22:58:10 | 000,044,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
    SRV - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
    SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (alnayj04)
    DRV - [2012/03/07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/03/07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/03/07 02:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
    DRV - [2012/03/07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/03/07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2012/03/07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/12/06 17:39:59 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
    DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 10:42:28 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
    DRV - [2010/03/17 19:35:02 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2009/07/17 05:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/07/14 03:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
    DRV - [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
    DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 01:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
    DRV - [2009/07/10 16:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
    IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_sv
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
    IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
    FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.dn.se/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1426
    FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files\Personal\bin\np_prsnl.dll (Technology Nexus AB)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/16 23:16:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/16 20:53:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/06 13:25:04 | 000,000,000 | ---D | M]

    [2010/03/17 16:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Extensions
    [2012/06/03 13:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\s9hrfx9m.default\extensions
    [2010/12/28 14:30:37 | 000,000,000 | ---D | M] (Softonic-Eng7 Community Toolbar) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\s9hrfx9m.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
    [2010/12/28 14:30:36 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\s9hrfx9m.default\extensions\engine@conduit.com
    [2011/12/02 19:02:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/13 21:08:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/11 21:52:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/30 13:29:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/20 00:45:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/11 13:27:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/12/02 19:02:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2012/03/16 23:16:30 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
    [2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/01/16 03:12:42 | 000,001,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
    [2010/01/16 03:12:42 | 000,002,670 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
    [2010/01/16 03:12:42 | 000,000,948 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tyda-sv-SE.xml
    [2010/01/16 03:12:42 | 000,001,174 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
    [2010/01/16 03:12:42 | 000,000,951 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-sv-SE.xml

    O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Lisa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
    O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cs8v0k.exe.lnk = C:\Users\Lisa\AppData\Local\Temp\cs8v0k.exe ()
    O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lisa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (PopCapLoader Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29C35C81-9651-46C1-AA51-B78A0DA5B3BE}: DhcpNameServer = 82.209.169.71 82.209.169.72
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD12AA25-068F-43FA-8E04-C803E62254A1}: DhcpNameServer = 192.168.178.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{630c1e63-630c-11df-8b5a-a090e97a44fa}\Shell - "" = AutoRun
    O33 - MountPoints2\{630c1e63-630c-11df-8b5a-a090e97a44fa}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{fe2558a8-31eb-11df-93ef-0c6076fc03f1}\Shell - "" = AutoRun
    O33 - MountPoints2\{fe2558a8-31eb-11df-93ef-0c6076fc03f1}\Shell\AutoRun\command - "" = G:\Setup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/02 17:04:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Silvia
    [2012/05/29 23:03:52 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Friedrichshafen
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/06/03 20:14:15 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/03 20:14:15 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/03 20:08:05 | 000,000,982 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/03 20:06:48 | 000,000,978 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/03 20:06:09 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/06/03 20:06:04 | 2384,936,960 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/03 20:03:07 | 000,000,959 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cs8v0k.exe.lnk
    [2012/05/30 08:35:34 | 000,661,744 | ---- | M] () -- C:\windows\System32\perfh01D.dat
    [2012/05/30 08:35:34 | 000,652,148 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2012/05/30 08:35:34 | 000,141,514 | ---- | M] () -- C:\windows\System32\perfc01D.dat
    [2012/05/30 08:35:34 | 000,121,080 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2012/05/13 13:32:20 | 000,465,000 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/06/03 15:53:05 | 000,000,959 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cs8v0k.exe.lnk
    [2011/02/21 15:34:02 | 000,004,608 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
    [2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
    [2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
    [2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
    [2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
    [2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
    [2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll

    ========== LOP Check ==========

    [2010/03/17 19:44:04 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\DAEMON Tools Lite
    [2011/08/23 16:29:09 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\DC++
    [2012/06/03 20:09:01 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Dropbox
    [2011/05/25 23:52:38 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\EPASWMM
    [2010/04/16 11:51:41 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ESRI
    [2010/03/25 15:46:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FileZilla
    [2010/12/28 14:31:10 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Hothead Games
    [2010/05/12 10:43:58 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Personal
    [2012/06/03 13:54:37 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Spotify
    [2012/05/30 21:22:03 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\uTorrent
    [2011/12/08 10:17:42 | 000,032,518 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4CF61E54

    < End of report >


  • #4
    random_guy
    Registered Users, Registered Users 2 Posts: 213 ✭✭random_guy


    Extras.txt

    OTL Extras logfile created on: 6/3/2012 8:24:32 PM - Run 1
    OTL by OldTimer - Version 3.2.46.0 Folder = C:\Users\Lisa\Downloads
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

    2.96 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.38% Memory free
    5.92 Gb Paging File | 4.90 Gb Available in Paging File | 82.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 240.54 Gb Total Space | 81.64 Gb Free Space | 33.94% Space Free | Partition Type: NTFS
    Drive D: | 42.45 Gb Total Space | 42.31 Gb Free Space | 99.67% Space Free | Partition Type: NTFS

    Computer Name: LISA-DATOR | User Name: Lisa | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02481EDD-770B-4381-A893-2D9D0E357A50}" = lport=139 | protocol=6 | dir=in | app=system |
    "{0719F240-5DF6-4EE0-A09B-7C654D9626E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{1257C9FD-8090-4A90-9AAE-4D17AEED814C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{15D6B548-552C-4BA5-98A7-66767F5C7335}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{1C61993A-C55A-4007-99BE-208BBF80C156}" = rport=138 | protocol=17 | dir=out | app=system |
    "{2A31EAC5-490D-4406-A969-AFFB331FAF8E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{32B46D06-C2B2-4F91-8E3F-197C40889F92}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4097F812-998C-44DF-935C-47480D5FA832}" = lport=445 | protocol=6 | dir=in | app=system |
    "{40BE57E9-BB7D-4AE4-8846-018F421F1F18}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4B010238-D9F2-475B-8969-32B9D3171638}" = rport=445 | protocol=6 | dir=out | app=system |
    "{4EE48009-C9B4-452A-9B99-37E52A252FDB}" = lport=137 | protocol=17 | dir=in | app=system |
    "{51450535-61C4-4A42-8A69-F02710B3B961}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{649DAF64-44A2-4F7A-B7DD-0DF1A909C531}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7B029AE4-2656-4514-9955-9213DCE2F267}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{8704E9B1-054B-4BF0-8938-772E470E90E7}" = rport=139 | protocol=6 | dir=out | app=system |
    "{9BC66B94-DEA5-4015-B3D4-72206D319F7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{B4FF3168-AE0B-4863-918E-0BD14CE2C62C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C318F39D-2125-4C98-B690-AB69A377FC7A}" = lport=138 | protocol=17 | dir=in | app=system |
    "{C70BC6B5-F89B-49CE-A684-DEDC42F25280}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C96BAACB-8551-4163-B1DA-5607D3321455}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CEC4EBDA-B349-4EED-9A8E-22B20FAA95DD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{CF908DB2-C2B2-45F6-8931-27D9A857AE37}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{D03C33CA-C7EA-47EC-A4B7-FA0466F0CD18}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{D58970BD-2882-4168-A10B-28DC44CF4415}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{E43AE9A0-2E48-4C6E-9790-DA36BEB16742}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{E8B4EE6E-5B66-4810-9A36-76193AC98CD1}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F59E3E36-106E-4E30-BD21-99CBF1FF8201}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0CCDDCA8-4530-42B4-B385-294BDF314694}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{0E33FB73-43D5-4265-9167-3FC5E2338567}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{11F564E6-A663-4CF0-ABE2-2C3F60F26EA4}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{1654C18B-AE43-41E6-8C3C-3636D31361F0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{16BC00F3-511F-405E-BDAE-8C868F706463}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
    "{171AAF8A-467E-4E69-8F52-FF34BDA1421B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{245E0B11-F46E-42E6-8C50-423435D5FD7C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{250EFFF3-6924-4458-A3C0-BFD53B26C208}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{2B87C668-D511-4C87-88B1-CAE4FABF0372}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
    "{2EA87EA4-4722-4222-8629-D687EC727C6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{30623C60-493A-4F96-9B5F-30F19F576C3E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{388E6709-1291-4B48-8AA5-BA6F6A365065}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3A9A4039-792A-474A-8016-D79EA3FBBA25}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3E6D64EB-99BB-4A32-BF73-E0627C502E81}" = protocol=6 | dir=in | app=c:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe |
    "{45B519A7-D678-4B15-A0E8-39974B65F4AA}" = protocol=17 | dir=in | app=c:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe |
    "{49526968-2608-4462-B3D5-C49C04C96830}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{49DD3F1B-81B9-4C84-9719-494F4BBF2B68}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{4E2D65CF-34D7-48A3-98D2-D8C99253DBF8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{52E44AC9-8FAF-44B4-AFE2-9E4B4BAB304B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5C5420E5-EE58-4D87-AD77-71EC22BA1474}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{5FCF3D92-83A1-4E5D-8224-45D4686E7D0A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{73F1B9BC-8DA3-4CDB-9B18-76D7DE6F9158}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
    "{7C277FBD-7DEA-48D9-A745-E247BFE888D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{99D670CD-23BD-4F2E-95E5-B62ABD195061}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{A8EB9509-AFA0-439F-831A-C8A3EEDA00F4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{B1507782-8671-400E-BAA8-0B32F6B41B8C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{B58079AA-98EE-4CAA-B4BA-D870CECE3325}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{BD9021BB-FA19-4FE4-A242-5DEB4A093603}" = protocol=6 | dir=out | app=system |
    "{C39ADF99-AF3D-4D41-AEA8-EF85D846E383}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{C9AAA174-0441-4273-80A0-EAE32FE4BC3A}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
    "{D289826D-ACC9-45A2-827D-460CAF4E635F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F0B455BE-F1F9-41B9-8608-4232C8DCEB3E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7ACF636-2FC6-4053-BE62-A3A7096EDDAF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{FA8F67E2-EEED-4C47-B2C1-63D2F4DDD43F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{FC699D26-DC9E-4508-B342-4950A3A4AC4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{04CE7201-E8AF-482F-A192-30F869E7D230}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
    "TCP Query User{0D0DC41E-FAF3-4447-8F94-FC3142A5495D}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
    "TCP Query User{166DB8B7-6E9D-441C-8C52-424685250609}C:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{1D1B989F-1743-4D8F-A2BC-2EA7C977021D}C:\program files\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
    "TCP Query User{2A4F0765-28E4-4107-9B6E-C1A4CC712E73}C:\program files\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files\terraria\terrariaserver.exe |
    "TCP Query User{3C2FE65F-54F0-4744-944A-279E3851B6E5}C:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
    "TCP Query User{4CEAB30A-DD1D-4063-9F72-0C2288F2EF79}C:\users\lisa\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\lisa\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{6278EF3C-DFE4-4FCC-BEC4-60CA11E90E76}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
    "TCP Query User{C762D5E9-A942-4469-B155-267A5001FC3F}C:\users\lisa\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\lisa\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{F67C28EF-94EA-46AA-8E8D-63B84BC4192E}C:\program files\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
    "UDP Query User{0D0F7720-2625-4C2A-9D04-22D83E81F747}C:\program files\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe |
    "UDP Query User{266476D9-D25B-41D1-8CB0-0C14D612FA48}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
    "UDP Query User{410BBFF1-57AD-443E-90CE-34C5590E578C}C:\program files\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files\dc++\dcplusplus.exe |
    "UDP Query User{6A3F1A16-2A81-4385-8FD9-2C3C1267CFD8}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
    "UDP Query User{6C29B6E8-A6CF-4F15-A332-9BC90FBF9866}C:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lisa\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{793251C4-4F80-4955-920A-8275C033A3EE}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
    "UDP Query User{A22B458F-4D57-4C2B-B228-E956BE8BD75A}C:\program files\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files\terraria\terrariaserver.exe |
    "UDP Query User{D73D27AE-F6B8-4152-B0EF-470AD8A433A5}C:\users\lisa\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\lisa\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{E0C77E18-7E5F-49F6-810D-955591C571A6}C:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
    "UDP Query User{EEF6A795-1810-4C82-95D6-4434CA88F409}C:\users\lisa\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\lisa\appdata\roaming\spotify\spotify.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0391CB56-02C4-40FF-A0B0-D902472E7961}" = Cisco AnyConnect VPN Client
    "{05D39184-D7E2-4D62-B8E1-69BFF71F5A1D}" = Windows Live Family Safety
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0E93710D-31E5-477C-8A4B-5032B484BE74}" = Windows Live inloggningsassistenten
    "{12CEE8C7-8983-4FEC-A046-3FB4AE3A691C}" = Windows Live Sync
    "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
    "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
    "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
    "{1A8BAA46-1179-4743-B00E-51B794A018B0}" = Windows Live Writer
    "{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F7A7AF0-CA7E-47CB-97E8-10F74F9684F4}" = Microsoft SQL Server Native Client
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
    "{296D775C-839A-3618-8D5C-E2B588C5CD12}" = Microsoft .NET Framework 4 Extended SVE Language Pack
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{30C4509E-2124-4743-83E8-2EDCBD39D3F7}" = Windows Live Photo Gallery
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
    "{6A98E705-3C0B-44A2-8EDC-5BAC3CA5175F}" = Microsoft SQL Server VSS-skrivare
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{885DE773-CC47-4B94-97A3-C692C9AF1B05}" = Hjälpfiler för installation av Microsoft SQL Server (engelska)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{90A4041D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Webbkomponenter
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BBE7AA1-AFA8-4D76-8FC2-1FDFD9BD3371}" = Windows Live Mail
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D71329D-95A5-4297-8F79-DCDBD156420A}" = Windows Live Essentials
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Anslutningsbara komponenter
    "{AC76BA86-7AD7-1053-7B44-A94000000001}" = Adobe Reader 9.4.6 - Svenska
    "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
    "{C60AAF4C-A72C-36E0-8CA4-41FF753D74F6}" = Microsoft .NET Framework 4 Client Profile SVE Language Pack
    "{CA682456-66A1-404A-A7B1-4BE4BBFC647A}" = EPA SWMM 5.0
    "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
    "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E91A72DC-F320-46CA-8509-6BC406C015E2}" = Cisco AnyConnect VPN Client Start Before Login Components
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F13225E2-6533-4923-A657-083A151E667E}" = Windows Live Messenger
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FF4E9560-6A50-478B-86D5-68D7DEFF10D1}" = Windows Live Movie Maker
    "A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "avast" = avast! Free Antivirus
    "B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
    "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "conduitEngine" = Conduit Engine
    "DAEMON Tools Toolbar" = DAEMON Tools Toolbar
    "DC++" = DC++ 0.782
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPA SWMM 5.0" = EPA SWMM 5.0
    "FileZilla Client" = FileZilla Client 3.3.2.1
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "MatlabR2009b" = MATLAB R2009b
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile SVE Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - SVE
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft .NET Framework 4 Extended SVE Language Pack" = Microsoft .NET Framework 4 Extended Language Pack - SVE
    "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
    "numpy-py2.5" = Python 2.5 numpy-1.0.3
    "Personal" = BankID säkerhetsprogram 4.18.1
    "Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
    "Python 2.5.1" = Python 2.5.1
    "Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
    "Spotify" = Spotify
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.4
    "VobSub" = VobSub v2.23 (Remove Only)
    "Winamp" = Winamp
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "World of Warcraft" = World of Warcraft

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Spotify" = Spotify

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/14/2012 4:06:18 PM | Computer Name = Lisa-Dator | Source = Application Error | ID = 1000
    Description = Felet uppstod i programmet med namn: WLXQuickTimeControlHost.exe,
    version 14.0.8117.416, tidsstämpel 0x4bc95684 , felet uppstod i modulen med namn:
    QuickTime.qts_unloaded, version 0.0.0.0, tidsstämpel 0x4cf4536a Undantagskod: 0xc0000005
    Felförskjutning:
    0x5cfcbb89 Process-ID: 0x1afc Programmets starttid: 0x01cd320d00744595 Sökväg till
    program: C:\Program Files\Windows Live\Photo Gallery\WLXQuickTimeControlHost.exe
    Sökväg
    till modul: QuickTime.qts Rapport-ID: 43d8594a-9e00-11e1-bec7-0c6076fc03f1

    Error - 5/17/2012 4:20:08 PM | Computer Name = Lisa-Dator | Source = SideBySide | ID = 16842785
    Description = Det gick inte att skapa aktiveringskontext för C:\Program Files\Samsung\Samsung
    Support Center\Drv\drv2x64\KStartMem.exe.Manifest. Den beroende sammansättningen
    Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    kunde inte hittas. Använd sxstrace.exe om du vill diagnostisera ytterligare.

    Error - 5/17/2012 4:20:51 PM | Computer Name = Lisa-Dator | Source = SideBySide | ID = 16842785
    Description = Det gick inte att skapa aktiveringskontext för C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest.
    Den
    beroende sammansättningen Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    kunde inte hittas. Använd sxstrace.exe om du vill diagnostisera ytterligare.

    Error - 5/17/2012 4:21:54 PM | Computer Name = Lisa-Dator | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Det gick inte att extrahera tredjepartsrotlista från autouppdaterings-CAB-filen
    vid: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
    Fel: Ett nödvändigt certifikat är inte inom sin giltighetstid när det verifieras
    mot den aktuella systemklockan eller tidsstämpeln i den signerade filen. .

    Error - 5/20/2012 10:32:54 AM | Computer Name = Lisa-Dator | Source = SideBySide | ID = 16842785
    Description = Det gick inte att skapa aktiveringskontext för C:\Program Files\Samsung\Samsung
    Support Center\Drv\drv2x64\KStartMem.exe.Manifest. Den beroende sammansättningen
    Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    kunde inte hittas. Använd sxstrace.exe om du vill diagnostisera ytterligare.

    Error - 5/20/2012 10:33:20 AM | Computer Name = Lisa-Dator | Source = SideBySide | ID = 16842785
    Description = Det gick inte att skapa aktiveringskontext för C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest.
    Den
    beroende sammansättningen Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    kunde inte hittas. Använd sxstrace.exe om du vill diagnostisera ytterligare.

    Error - 5/21/2012 12:56:43 PM | Computer Name = Lisa-Dator | Source = Application Error | ID = 1000
    Description = Felet uppstod i programmet med namn: WLXQuickTimeControlHost.exe,
    version 14.0.8117.416, tidsstämpel 0x4bc95684 , felet uppstod i modulen med namn:
    QuickTime.qts_unloaded, version 0.0.0.0, tidsstämpel 0x4cf4536a Undantagskod: 0xc0000005
    Felförskjutning:
    0x6177bb89 Process-ID: 0x17ec Programmets starttid: 0x01cd3772ac854272 Sökväg till
    program: C:\Program Files\Windows Live\Photo Gallery\WLXQuickTimeControlHost.exe
    Sökväg
    till modul: QuickTime.qts Rapport-ID: f0c4ba34-a365-11e1-bf59-0c6076fc03f1

    Error - 5/21/2012 12:56:54 PM | Computer Name = Lisa-Dator | Source = Application Error | ID = 1000
    Description = Felet uppstod i programmet med namn: WLXQuickTimeControlHost.exe,
    version 14.0.8117.416, tidsstämpel 0x4bc95684 , felet uppstod i modulen med namn:
    QuickTime.qts_unloaded, version 0.0.0.0, tidsstämpel 0x4cf4536a Undantagskod: 0xc0000005
    Felförskjutning:
    0x5f3ebb89 Process-ID: 0xc34 Programmets starttid: 0x01cd3772b5f7b888 Sökväg till
    program: C:\Program Files\Windows Live\Photo Gallery\WLXQuickTimeControlHost.exe
    Sökväg
    till modul: QuickTime.qts Rapport-ID: f77b5bba-a365-11e1-bf59-0c6076fc03f1

    Error - 5/23/2012 2:11:12 PM | Computer Name = Lisa-Dator | Source = SideBySide | ID = 16842785
    Description = Det gick inte att skapa aktiveringskontext för C:\Program Files\Samsung\Samsung
    Support Center\Drv\drv2x64\KStartMem.exe.Manifest. Den beroende sammansättningen
    Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    kunde inte hittas. Använd sxstrace.exe om du vill diagnostisera ytterligare.

    Error - 5/23/2012 2:11:40 PM | Computer Name = Lisa-Dator | Source = SideBySide | ID = 16842785
    Description = Det gick inte att skapa aktiveringskontext för C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest.
    Den
    beroende sammansättningen Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    kunde inte hittas. Använd sxstrace.exe om du vill diagnostisera ytterligare.

    [ Cisco AnyConnect VPN Client Events ]
    Error - 5/21/2012 1:15:00 PM | Computer Name = Lisa-Dator | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5353
    Invoked
    Function: CMainThread::genericNoticeHandler Return Code: -33095647 (0xFE070021) Description:
    ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 5/21/2012 1:15:00 PM | Computer Name = Lisa-Dator | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5315
    Invoked
    Function: CMainThread::processNotice Return Code: -33095647 (0xFE070021) Description:
    ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 5/21/2012 1:15:00 PM | Computer Name = Lisa-Dator | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
    Line:
    5077 Invoked Function: CMainThread::noticeHandler Return Code: -33095647 (0xFE070021)
    Description:
    ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 5/21/2012 1:15:00 PM | Computer Name = Lisa-Dator | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line:
    5003 Invoked Function: internalCallbackHandler Return Code: -33095647 (0xFE070021)
    Description:
    ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 5/30/2012 3:19:11 PM | Computer Name = Lisa-Dator | Source = vpnagent | ID = 67108866
    Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
    Line:
    2480 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 5/30/2012 3:19:11 PM | Computer Name = Lisa-Dator | Source = vpnagent | ID = 67108866
    Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
    2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 5/30/2012 3:19:11 PM | Computer Name = Lisa-Dator | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
    Line:
    7578 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 5/30/2012 3:19:11 PM | Computer Name = Lisa-Dator | Source = vpnagent | ID = 67108866
    Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4128
    Invoked
    Function: CMainThread::applyHostConfigForNoVpn Return Code: -33095647 (0xFE070021)
    Description:
    ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 5/30/2012 3:19:11 PM | Computer Name = Lisa-Dator | Source = vpnagent | ID = 67108866
    Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
    Line:
    2480 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    Error - 5/30/2012 3:19:11 PM | Computer Name = Lisa-Dator | Source = vpnagent | ID = 67108866
    Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
    2188 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
    (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED

    [ System Events ]
    Error - 6/3/2012 12:14:40 PM | Computer Name = Lisa-Dator | Source = Service Control Manager | ID = 7001
    Description = Tjänsten Network List Service är beroende av tjänsten Network Location
    Awareness. Den sistnämnda kunde inte starta på grund av följande fel: %%1068

    Error - 6/3/2012 12:14:40 PM | Computer Name = Lisa-Dator | Source = Service Control Manager | ID = 7001
    Description = Tjänsten Network List Service är beroende av tjänsten Network Location
    Awareness. Den sistnämnda kunde inte starta på grund av följande fel: %%1068

    Error - 6/3/2012 12:14:40 PM | Computer Name = Lisa-Dator | Source = Service Control Manager | ID = 7001
    Description = Tjänsten Network List Service är beroende av tjänsten Network Location
    Awareness. Den sistnämnda kunde inte starta på grund av följande fel: %%1068

    Error - 6/3/2012 12:14:40 PM | Computer Name = Lisa-Dator | Source = Service Control Manager | ID = 7001
    Description = Tjänsten Network List Service är beroende av tjänsten Network Location
    Awareness. Den sistnämnda kunde inte starta på grund av följande fel: %%1068

    Error - 6/3/2012 12:14:40 PM | Computer Name = Lisa-Dator | Source = Service Control Manager | ID = 7001
    Description = Tjänsten Network List Service är beroende av tjänsten Network Location
    Awareness. Den sistnämnda kunde inte starta på grund av följande fel: %%1068

    Error - 6/3/2012 12:17:09 PM | Computer Name = Lisa-Dator | Source = Service Control Manager | ID = 7001
    Description = Tjänsten Network List Service är beroende av tjänsten Network Location
    Awareness. Den sistnämnda kunde inte starta på grund av följande fel: %%1068

    Error - 6/3/2012 2:00:39 PM | Computer Name = Lisa-Dator | Source = Service Control Manager | ID = 7034
    Description = Tjänsten SQL Server VSS Writer avslutades oväntat. Detta har skett
    1 gånger.

    Error - 6/3/2012 2:06:59 PM | Computer Name = Lisa-Dator | Source = Service Control Manager | ID = 7009
    Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Oberon
    Media Game Console service skulle ansluta.

    Error - 6/3/2012 2:06:59 PM | Computer Name = Lisa-Dator | Source = Service Control Manager | ID = 7000
    Description = Tjänsten Oberon Media Game Console service kunde inte startas på grund
    av följande fel: %%1053

    Error - 6/3/2012 2:07:04 PM | Computer Name = Lisa-Dator | Source = Service Control Manager | ID = 7034
    Description = Tjänsten SQL Server VSS Writer avslutades oväntat. Detta har skett
    1 gånger.


    < End of report >


  • #5
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    open OTL paste this in the custom scan/fixes box



    :OTL
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (alnayj04)
    O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cs8v0k.exe.lnk = C:\Users\Lisa\AppData\Local\Temp\cs8v0k.exe ()
    O33 - MountPoints2\{630c1e63-630c-11df-8b5a-a090e97a44fa}\Shell - "" = AutoRun
    O33 - MountPoints2\{630c1e63-630c-11df-8b5a-a090e97a44fa}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
    O33 - MountPoints2\{fe2558a8-31eb-11df-93ef-0c6076fc03f1}\Shell - "" = AutoRun
    O33 - MountPoints2\{fe2558a8-31eb-11df-93ef-0c6076fc03f1}\Shell\AutoRun\command - "" = G:\Setup.exe
    [2012/06/03 20:03:07 | 000,000,959 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cs8v0k.exe.lnk
    [2012/06/03 15:53:05 | 000,000,959 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cs8v0k.exe.lnk

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [ClearallRESTOREPOINTs]
    [Reboot]
    :Files
    ipconfig /flushdns /c
    C:\cs8v0k*. /s


    click Run Fix, post the log it gives you


Advertisement