[Help wanted] Malware Removal [Closed]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

[Help wanted] Malware Removal [Closed]

#1 Sophonax

Group: Member
Posts: 2
Joined: 22-May 12

Posted 22 May 2012 - 10:15 AM

Hello. :>

I'm currently cleaning up on my mother's computer, and I've found some applications that needed removal.
The computer is running rather slow when starting up as per normal, which is why I was asked to fix it.

Note: At the current time, I am running the latest aswMBR.exe (full scan) and will post the logs once it has been completed.

Babylon Toolbar
Facemoods
Free Windows Registry Repair
RegClean Pro
Windows Searchqu Toolbar
SweetIM for Messenger 3.6 *
SweetIM Toolbar for Internet Explorer 4.2 *
Yontoo Layers Runtime 1.10.01

*: Not possible to remove while running in Safe Mode.

As per requested in sticky thread, I have run the OTL.exe, and these are the logs I've gotten.

While I am technically well experienced with removing malware, spyware, virii, etc, I would like some more information on what you guys would recommend to remove for a clean system.

OTL.txt:

Quote

OTL logfile created on: 22.05.2012 17:57:17 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Stark\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,59% Memory free
4,00 Gb Paging File | 3,17 Gb Available in Paging File | 79,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 135,60 Gb Free Space | 45,49% Space Free | Partition Type: NTFS

Computer Name: STARK-PC | User Name: Stark | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.05.22 17:40:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Stark\Downloads\OTL.exe

========== Modules (No Company Name) ==========

MOD - [2012.05.09 05:04:52 | 000,441,840 | ---- | M] () -- C:\Users\Stark\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
MOD - [2012.05.09 05:04:51 | 003,921,904 | ---- | M] () -- C:\Users\Stark\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
MOD - [2012.05.09 05:03:25 | 000,134,656 | ---- | M] () -- C:\Users\Stark\AppData\Local\Google\Chrome\Application\19.0.1084.46\avutil-51.dll
MOD - [2012.05.09 05:03:24 | 000,250,368 | ---- | M] () -- C:\Users\Stark\AppData\Local\Google\Chrome\Application\19.0.1084.46\avformat-54.dll
MOD - [2012.05.09 05:03:23 | 002,375,680 | ---- | M] () -- C:\Users\Stark\AppData\Local\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.25 19:23:39 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.07 21:02:08 | 000,017,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.28 09:16:16 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 17:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.01.12 11:42:16 | 000,016,376 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVMonitor.sys -- (MonitorFunction)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012.05.22 07:25:30 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.05.16 10:13:17 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2612669
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = no
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 9C AD 7F C9 1C CC 01 [binary data]
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...016179b26722672
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2612669
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stark\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stark\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoo...earchTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Stark\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Stark\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stark\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.127.0_0\npBFHUpdater.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.127.0_0\BFHUpdater.exe
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Stark\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.28_0\
CHR - Extension: Battlefield Heroes = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.127.0_0\
CHR - Extension: Gmail = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-917754677-3972319178-1609893153-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-917754677-3972319178-1609893153-1000..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe (Overwolf)
O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows Searchqu Toolbar" File not found
O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Stark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\Stark\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{410BA0AA-8E7A-43D6-8BDD-327BFC10B13A}: DhcpNameServer = 193.213.112.4 130.67.15.198
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.22 17:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.05.22 17:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Overwolf
[2012.05.22 17:29:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.17 06:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.17 06:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.17 06:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.16 10:00:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hpmonitor
[2012.05.16 10:00:07 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012.05.16 10:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2012.05.16 10:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Window Registry Repair
[2012.05.16 09:59:55 | 000,000,000 | ---D | C] -- C:\Users\Stark\AppData\Roaming\systweak
[2012.05.16 09:59:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegpairSetup
[2012.05.16 09:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012.05.16 09:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Overwolf
[2012.05.11 18:01:01 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.11 18:00:57 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.11 18:00:54 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.11 18:00:53 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.09 19:47:54 | 000,768,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2012.05.09 19:47:50 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2012.04.25 19:11:48 | 000,000,000 | ---D | C] -- C:\Users\Stark\Documents\Battlefield Play4Free

========== Files - Modified Within 30 Days ==========

[2012.05.22 17:36:35 | 001,255,500 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.22 17:36:35 | 000,618,160 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.22 17:36:35 | 000,458,868 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2012.05.22 17:36:35 | 000,107,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.22 17:36:35 | 000,078,274 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2012.05.22 17:33:29 | 000,002,216 | ---- | M] () -- C:\prefs.js
[2012.05.22 17:32:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.22 17:32:01 | 1610,162,176 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.22 17:28:42 | 000,000,917 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2012.05.22 16:55:00 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-917754677-3972319178-1609893153-1007UA.job
[2012.05.22 16:46:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-917754677-3972319178-1609893153-1000UA.job
[2012.05.22 16:31:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-917754677-3972319178-1609893153-1006UA.job
[2012.05.22 16:09:06 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-917754677-3972319178-1609893153-1007Core.job
[2012.05.22 13:10:01 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 13:10:01 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 12:50:37 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-917754677-3972319178-1609893153-1000Core.job
[2012.05.22 07:31:00 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-917754677-3972319178-1609893153-1006Core.job
[2012.05.21 10:39:20 | 000,002,359 | ---- | M] () -- C:\Users\Stark\Desktop\Google Chrome.lnk
[2012.05.16 10:30:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.12 09:17:46 | 000,413,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.11 20:30:42 | 000,282,080 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.05.11 20:30:42 | 000,282,080 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.11 20:30:18 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.05.11 16:51:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.05.09 19:47:54 | 000,768,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2012.05.09 19:47:50 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2012.05.03 06:01:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.05.03 06:01:27 | 001,274,594 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.25 19:23:39 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== Files Created - No Company Name ==========

[2012.05.16 10:30:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.11 16:51:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.05.29 14:03:44 | 000,282,080 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.29 14:03:41 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.28 09:26:58 | 001,274,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012.02.14 10:28:08 | 000,000,000 | ---D | M] -- C:\Users\Lasse\AppData\Roaming\.minecraft
[2012.02.12 17:33:54 | 000,000,000 | ---D | M] -- C:\Users\Lasse\AppData\Roaming\FOG Downloader
[2011.11.08 17:48:22 | 000,000,000 | ---D | M] -- C:\Users\Lasse\AppData\Roaming\LEGO Company
[2011.10.13 17:12:03 | 000,000,000 | ---D | M] -- C:\Users\Lasse\AppData\Roaming\Rovio
[2012.05.16 12:47:04 | 000,000,000 | ---D | M] -- C:\Users\Lasse\AppData\Roaming\Systweak
[2011.10.12 21:27:35 | 000,000,000 | ---D | M] -- C:\Users\Lasse\AppData\Roaming\Unity
[2012.04.02 21:25:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\.minecraft
[2011.11.02 17:42:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\LEGO Company
[2012.05.22 12:52:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Systweak
[2011.12.24 15:16:32 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TeamViewer
[2012.03.18 17:08:27 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Unity
[2011.12.25 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\uTorrent
[2011.11.11 17:19:57 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\.minecraft
[2011.11.09 09:01:18 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\Babylon
[2011.08.14 17:40:43 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\Bandoo
[2011.06.30 10:57:55 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\DAEMON Tools Lite
[2012.05.22 17:28:29 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\IMVU
[2011.08.29 15:09:52 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\IMVUClient
[2011.11.01 14:15:20 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\LEGO Company
[2011.06.21 17:05:46 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\Opera
[2011.05.29 13:55:49 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\Rovio
[2012.05.22 17:36:39 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\systweak
[2011.05.28 02:16:11 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\TeamViewer
[2012.05.16 10:35:19 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\uTorrent
[2009.07.14 07:08:49 | 000,015,254 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Extras.txt

Quote

OTL Extras logfile created on: 22.05.2012 17:43:28 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Stark\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 61,33% Memory free
4,00 Gb Paging File | 3,18 Gb Available in Paging File | 79,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 135,61 Gb Free Space | 45,49% Space Free | Partition Type: NTFS

Computer Name: STARK-PC | User Name: Stark | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0209AD02-BC12-4D56-8799-B6AE55B8FA92}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0EC36564-5195-4FD7-A917-039F20EB3B78}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1B5EDE44-FEE2-46F5-BEFF-763C3CA8473C}" = rport=137 | protocol=17 | dir=out | app=system |
"{1CFECAFA-EC30-4A3A-AC80-F79DFD93EE4A}" = rport=139 | protocol=6 | dir=out | app=system |
"{42AF2660-7894-4CCF-8797-370EADEC739F}" = lport=137 | protocol=17 | dir=in | app=system |
"{4ED374DE-9AC6-42D4-B6B0-9FF6081BAB2E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{514B42F2-2DEF-43B8-A406-D9E1796284F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5B0DA7D2-FCA0-45DF-8659-9EAC8AE5CA8D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5BB1E561-A324-4F10-909A-D99C0ED59782}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64B6DB3D-7D28-4CA0-9306-B615CC82E948}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F503453-A618-4180-805E-F7C15DE7F183}" = lport=2869 | protocol=6 | dir=in | app=system |
"{70401172-D8F7-4CB3-9B52-5940C27070E9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{951F3471-C6C1-4D1F-806F-06D10F70B0D5}" = rport=138 | protocol=17 | dir=out | app=system |
"{9CA13C78-15D1-4EC3-BCA4-7ACAF1E8EB85}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7EEA605-8534-4958-A699-01AB8DC47230}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BBC79E4E-1FFE-416B-9222-5150D078CCF8}" = rport=445 | protocol=6 | dir=out | app=system |
"{BD30A080-E98D-4688-9175-22066829547A}" = lport=445 | protocol=6 | dir=in | app=system |
"{C1E790A5-1B63-40EE-AFF1-3123715FF18B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C894E9B2-C239-4439-8753-32F06D892A3B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D2104381-CD6F-447C-ADED-3B0E6E675037}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EA1C5F0B-C173-46B2-B696-C22908A633DF}" = lport=139 | protocol=6 | dir=in | app=system |
"{F13F0690-C520-461B-88E0-0BC7751AA2EF}" = lport=138 | protocol=17 | dir=in | app=system |
"{FC432127-7D05-42B0-9C7C-704E884A277B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034ADE37-6D4A-4012-AB8E-4F5E6F8A516A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0D7763D8-19B6-442D-91DF-056008963F7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0F25B28F-4C11-408F-AC57-D40D4398A156}" = protocol=6 | dir=in | app=c:\users\lasse\downloads\runes_of_magic_4_0_5_2467_eu_slim.exe |
"{0FB0039E-BCAB-4911-81B7-5BA3C124000F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10CF30DC-A6B9-4E86-8662-A3AA50C4D2EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1234EB9B-14FA-4DAD-BADC-C8BC2DC17A5A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{17045871-6DFB-46BA-A82E-D48FF5C30E97}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{1A33AFA1-E893-4AC4-9B65-02E8F58E3EFD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{2696F35E-7C09-4DFC-9C6D-89012AB0D552}" = protocol=6 | dir=in | app=c:\users\lasse\downloads\runes_of_magic_4_0_5_2467_eu_slim (1).exe |
"{2D2CD8B3-8829-4C3B-AC84-E933E08E8C08}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{31BB41CE-7348-46DF-8F08-7FF9CDEF6ADA}" = protocol=17 | dir=in | app=c:\users\lasse\downloads\runes_of_magic_4_0_5_2467_eu_slim.exe |
"{3265B8E3-F6BC-44DB-85B6-A1D26F1957F0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{351792D4-62DD-4C34-894D-657DA6B36960}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3847976B-3FCE-439B-8453-2D582F57E8D6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3AB0DE60-1E1B-4723-8A5E-84FD722C154C}" = protocol=17 | dir=in | app=c:\users\lasse\downloads\runes_of_magic_4_0_5_2467_eu_slim (1).exe |
"{438918D8-B042-432A-8668-2FB0B8A9DFF4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4F119964-6DB3-4D32-910F-285AC4D276B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5E4936F5-31D4-4041-855C-56AF5D30A977}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{63A144DC-E10E-489A-9EE1-2BBDB1C34337}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{6F8D3D8B-ECE2-4CED-BB12-2BA43E11F7D8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6F933604-0030-4F1D-886F-6D6B67D925A1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6FDA8F0E-73FC-4010-97F3-75E68FF0943A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{7EB5C78A-CFB1-4280-BF12-35E45AE4EDE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8724A3EE-13DF-4F43-9947-8EAD75645052}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{8A7FF558-D684-44B0-A705-FA2EF17697DE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8F905D2D-D955-4C3F-BBAA-B1E4F9B044FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{913A2755-2939-4AC1-9BBE-5D5D5AF5B9A3}" = protocol=6 | dir=in | app=c:\users\stark\downloads\facemoods.exe |
"{9B53299E-C4E8-491E-8C95-FD1969624B1F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A225AE56-16E3-4B16-A955-5A63166C09EB}" = protocol=17 | dir=in | app=c:\users\stark\downloads\facemoods.exe |
"{A294883A-2F00-40A8-BEC4-9AB0105A7FF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A2A2D95C-0C42-4683-97E6-EA693746A390}" = protocol=58 | dir=in | app=system |
"{A5955A06-E819-4C0D-BAC0-01C704C78237}" = protocol=6 | dir=out | app=system |
"{A923D44D-1AC4-42D9-8AD7-883D25235262}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFE39622-C423-48E3-8F5E-CAE20CC489F3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B32EAFB6-FE9C-4783-9AE3-40ABE366258F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4D0112D-9204-4771-A2D7-FC575C2BF309}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{B5B9223E-A9FB-4E62-A1A6-401FDCCF7874}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B856D949-D4FB-4A95-959D-E04E3E70AD07}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C1149452-A03B-41A6-B4AB-40E260A2F279}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{C2830D47-D594-4FD8-BBAE-EE4461C8ABC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C461CE1A-9642-47D5-8ADD-A31D37433A78}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D260E6E1-6C19-4918-A216-81CB677F67E1}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"{D453522C-7610-4020-B809-940314D8DE53}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"{E37C3417-8290-49E8-8ABD-1BFD19364DE1}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{E7635E5B-4CCE-461A-9756-D829FB2C7A4B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EB86414C-8D6B-46C7-B747-923282ACFC92}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{ECBA74B7-1664-4D07-9404-C338CC55CBCB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFE5565A-A10D-4A5C-AB5A-7F45BCCBE905}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"TCP Query User{093237C4-8970-4283-8246-743D18B16C1E}C:\users\lasse\downloads\runes_of_magic_4_0_5_2467_eu_slim.exe" = protocol=6 | dir=in | app=c:\users\lasse\downloads\runes_of_magic_4_0_5_2467_eu_slim.exe |
"TCP Query User{4A67ADEE-E10D-4D92-AF62-53CB37C08A90}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{87D129E1-CD0A-4FB6-B042-DB3E8E938069}C:\users\lasse\downloads\runes_of_magic_4_0_5_2467_eu_slim (1).exe" = protocol=6 | dir=in | app=c:\users\lasse\downloads\runes_of_magic_4_0_5_2467_eu_slim (1).exe |
"TCP Query User{91CC7540-1545-4FA2-983B-BD50702F4726}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{F9A7ED9D-0EDF-4DB0-BF92-A3D2956C7528}C:\users\lasse\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\lasse\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{FBF84F57-D4E1-403C-B435-692B174A1347}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"UDP Query User{11C2896C-AD11-4B8F-A30C-3E513958B61D}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{4456312E-0110-4298-B5EF-64498F688DD6}C:\users\lasse\downloads\runes_of_magic_4_0_5_2467_eu_slim.exe" = protocol=17 | dir=in | app=c:\users\lasse\downloads\runes_of_magic_4_0_5_2467_eu_slim.exe |
"UDP Query User{96BE6069-4B84-4528-9020-3704826B8AF5}C:\users\lasse\downloads\runes_of_magic_4_0_5_2467_eu_slim (1).exe" = protocol=17 | dir=in | app=c:\users\lasse\downloads\runes_of_magic_4_0_5_2467_eu_slim (1).exe |
"UDP Query User{D298FF87-81E5-4E7C-BEF9-5D1BA86A5DCF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{F74C1BE7-5FBE-4E76-A28B-091EB9D3B734}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"UDP Query User{F7E38DF6-0A4C-4636-AFA4-111E6E6393AE}C:\users\lasse\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\lasse\appdata\local\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7DBFFECE-904C-470E-9322-4F0353B753DD}" = Microsoft Antimalware Service NB-NO Language Pack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0414-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2007
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.61
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA kontrollpanel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafikkdriver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client NB-NO Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 30
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0015-0414-0000-0000000FF1CE}" = Microsoft Office Access MUI (Norwegian (Bokmål)) 2007
"{90120000-0015-0414-0000-0000000FF1CE}_ENTERPRISE_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0414-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007
"{90120000-0016-0414-0000-0000000FF1CE}_ENTERPRISE_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0414-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007
"{90120000-0018-0414-0000-0000000FF1CE}_ENTERPRISE_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0414-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2007
"{90120000-0019-0414-0000-0000000FF1CE}_ENTERPRISE_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0414-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2007
"{90120000-001A-0414-0000-0000000FF1CE}_ENTERPRISE_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0414-0000-0000000FF1CE}" = Microsoft Office Word MUI (Norwegian (Bokmål)) 2007
"{90120000-001B-0414-0000-0000000FF1CE}_ENTERPRISE_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2007
"{90120000-001F-0414-0000-0000000FF1CE}_ENTERPRISE_{F47DC432-9E71-4DC4-A488-9842D767DDDB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2007
"{90120000-001F-0814-0000-0000000FF1CE}_ENTERPRISE_{67BED6C1-5AE1-45CD-8060-BFFD37ED0DDD}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0414-1000-0000000FF1CE}_ENTERPRISE_{F12E93BA-172F-4875-A3C6-FE271A461AA1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0414-0000-0000000FF1CE}" = Microsoft Office Proofing (Norwegian (Bokmål)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0414-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2007
"{90120000-0044-0414-0000-0000000FF1CE}_ENTERPRISE_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0414-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007
"{90120000-006E-0414-0000-0000000FF1CE}_ENTERPRISE_{F12E93BA-172F-4875-A3C6-FE271A461AA1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0414-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007
"{90120000-00A1-0414-0000-0000000FF1CE}_ENTERPRISE_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0414-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Norwegian (Bokmål)) 2007
"{90120000-00BA-0414-0000-0000000FF1CE}_ENTERPRISE_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A479B868-E782-4BEC-B0DB-1AD9E0521908}" = Overwolf
"{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}" = SweetIM Toolbar for Internet Explorer 4.2
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{AC76BA86-7AD7-1044-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Norsk
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.3
"{F7FC09BA-5A3E-49C0-AD4C-07D8FD5CE3EA}" = Martial Empires
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"heroes in the sky" = heroes in the sky
"IMVU_Inc Toolbar" = IMVU Inc Toolbar
"LogMeIn Hamachi" = LogMeIn Hamachi
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"New LEGO Digital Designer" = LEGO Digital Designer
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.11.2109" = Opera 11.11
"PunkBusterSvc" = PunkBuster Services
"TeamViewer 6" = TeamViewer 6
"uTorrent" = µTorrent

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02.05.2012 07:20:45 | Computer Name = Stark-PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for c:\program files (x86)\lego
software\lego universe\patcher\LURepair.exe. Finner ikke den avhengige samlingen
Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Bruk
sxstrace.exe for detaljert diagnostisering.

Error - 07.05.2012 09:47:58 | Computer Name = Stark-PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for c:\program files (x86)\lego
software\lego universe\patcher\LURepair.exe. Finner ikke den avhengige samlingen
Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Bruk
sxstrace.exe for detaljert diagnostisering.

Error - 08.05.2012 08:14:33 | Computer Name = Stark-PC | Source = Application Error | ID = 1000
Description = Programnavn med feil: BFP4f.exe, versjon: 0.0.0.0, tidsangivelse:
0x4f957e55 Modulnavn med feil: ntdll.dll, versjon: 6.1.7601.17725, tidsangivelse:
0x4ec49b8f Unntakskode: 0xc0000005 Feilforskyvning: 0x00038dc9 Feil prosess-ID: 0x8e0
Feil
starttid for program: 0x01cd2d085b2b1a7a Feil programbane: C:\Program Files (x86)\EA
Games\Battlefield Play4Free\BFP4f.exe Feil modulbane: C:\Windows\SysWOW64\ntdll.dll
Rapport-ID:
5e3cb7ce-9907-11e1-bd4f-0016179b2671

Error - 08.05.2012 09:40:34 | Computer Name = Stark-PC | Source = Application Error | ID = 1000
Description = Programnavn med feil: BFHeroes.exe, versjon: 0.0.0.0, tidsangivelse:
0x4f8ea003 Modulnavn med feil: pbcl.dll_unloaded, versjon: 0.0.0.0, tidsangivelse:
0x4cf7ee21 Unntakskode: 0xc0000005 Feilforskyvning: 0x0e9f0e1c Feil prosess-ID: 0xe8c
Feil
starttid for program: 0x01cd2d1f10117aaf Feil programbane: C:\Program Files (x86)\EA
Games\Battlefield Heroes\BFHeroes.exe Feil modulbane: pbcl.dll Rapport-ID: 62ab9294-9913-11e1-bd4f-0016179b2671

Error - 09.05.2012 07:30:58 | Computer Name = Stark-PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for c:\program files (x86)\lego
software\lego universe\patcher\LURepair.exe. Finner ikke den avhengige samlingen
Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Bruk
sxstrace.exe for detaljert diagnostisering.

Error - 09.05.2012 14:57:16 | Computer Name = Stark-PC | Source = Application Error | ID = 1000
Description = Programnavn med feil: BFHeroes.exe, versjon: 0.0.0.0, tidsangivelse:
0x4f8ea003 Modulnavn med feil: pbcl.dll_unloaded, versjon: 0.0.0.0, tidsangivelse:
0x4cf7ee21 Unntakskode: 0xc0000005 Feilforskyvning: 0x07e00e1c Feil prosess-ID: 0xd48
Feil
starttid for program: 0x01cd2e10b6c610c6 Feil programbane: C:\Program Files (x86)\EA
Games\Battlefield Heroes\BFHeroes.exe Feil modulbane: pbcl.dll Rapport-ID: cb355e0e-9a08-11e1-bd4f-0016179b2671

Error - 11.05.2012 04:26:00 | Computer Name = Stark-PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for c:\program files (x86)\lego
software\lego universe\patcher\LURepair.exe. Finner ikke den avhengige samlingen
Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Bruk
sxstrace.exe for detaljert diagnostisering.

Error - 12.05.2012 00:04:30 | Computer Name = Stark-PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for c:\program files (x86)\lego
software\lego universe\patcher\LURepair.exe. Finner ikke den avhengige samlingen
Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Bruk
sxstrace.exe for detaljert diagnostisering.

Error - 12.05.2012 00:05:35 | Computer Name = Stark-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 13.05.2012 03:14:08 | Computer Name = Stark-PC | Source = SideBySide | ID = 16842785
Description = Generering av aktiveringskontekst mislyktes for c:\program files (x86)\lego
software\lego universe\patcher\LURepair.exe. Finner ikke den avhengige samlingen
Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Bruk
sxstrace.exe for detaljert diagnostisering.

[ System Events ]
Error - 12.05.2012 00:10:26 | Computer Name = Stark-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 har oppdaget feil ved forsøk på å oppdatere signaturer. Ny signaturversjon:
Forrige signaturversjon: 1.125.1581.0 Oppdateringskilde: %%859 Oppdateringsstadium:
%%854 Kildebane: http://www.microsoft.com Signaturtype: %%800 Oppdateringstype: %%803

Bruker:
NT AUTHORITY\SYSTEM Aktuell motorversjon: Forrige motorversjon: 1.1.8304.0 Feilkode:
0x80240016 Feilbeskrivelse: An unexpected problem occurred while checking for updates.
For information on installing or troubleshooting updates, see Help and Support.

Error - 12.05.2012 00:10:26 | Computer Name = Stark-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 har oppdaget feil ved forsøk på å oppdatere signaturer. Ny signaturversjon:
Forrige signaturversjon: 1.125.1581.0 Oppdateringskilde: %%859 Oppdateringsstadium:
%%853 Kildebane: http://www.microsoft.com Signaturtype: %%800 Oppdateringstype: %%803

Bruker:
NT AUTHORITY\SYSTEM Aktuell motorversjon: Forrige motorversjon: 1.1.8304.0 Feilkode:
0x80240016 Feilbeskrivelse: An unexpected problem occurred while checking for updates.
For information on installing or troubleshooting updates, see Help and Support.

Error - 12.05.2012 03:13:25 | Computer Name = Stark-PC | Source = Service Control Manager | ID = 7043
Description = Tjenesten Windows Modules Installer avsluttet ikke riktig etter å
ha mottatt en forhåndsavslutningskontroll.

Error - 12.05.2012 03:13:55 | Computer Name = Stark-PC | Source = Service Control Manager | ID = 7023
Description = Tjenesten Windows Modules Installer terminerte med følgende feil:
%%6701

Error - 12.05.2012 03:15:14 | Computer Name = Stark-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Enkelte strømstyringsfunksjoner for ytelse på prosessoren har blitt
deaktivert på grunn av et kjent fastvareproblem. Kontroller om datamaskinprodusenten
har oppdatert fastvare.

Error - 12.05.2012 03:16:58 | Computer Name = Stark-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Enkelte strømstyringsfunksjoner for ytelse på prosessoren har blitt
deaktivert på grunn av et kjent fastvareproblem. Kontroller om datamaskinprodusenten
har oppdatert fastvare.

Error - 12.05.2012 12:03:17 | Computer Name = Stark-PC | Source = bowser | ID = 8003
Description =

Error - 13.05.2012 13:10:59 | Computer Name = Stark-PC | Source = bowser | ID = 8003
Description =

Error - 14.05.2012 09:39:08 | Computer Name = Stark-PC | Source = bowser | ID = 8003
Description =

Error - 14.05.2012 10:12:08 | Computer Name = Stark-PC | Source = bowser | ID = 8003
Description =

< End of report >

aswMBR.txt

Quote

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-22 18:18:21
-----------------------------
18:18:21.768 OS Version: Windows x64 6.1.7601 Service Pack 1
18:18:21.768 Number of processors: 2 586 0x4B02
18:18:21.771 ComputerName: STARK-PC UserName: Stark
18:18:22.849 Initialize success
18:19:32.306 AVAST engine defs: 12052200
18:20:07.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:20:07.253 Disk 0 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
18:20:07.257 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
18:20:07.261 Disk 1 Vendor: SAMSUNG_SP2504C VT100-41 Size: 238475MB BusType: 3
18:20:07.282 Disk 0 MBR read successfully
18:20:07.287 Disk 0 MBR scan
18:20:07.293 Disk 0 Windows XP default MBR code
18:20:07.299 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
18:20:07.327 Disk 0 scanning C:\Windows\system32\drivers
18:20:16.982 Service scanning
18:20:36.994 Modules scanning
18:20:36.994 Disk 0 trace - called modules:
18:20:37.003 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:20:37.004 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800279a690]
18:20:37.004 3 CLASSPNP.SYS[fffff88001bb543f] -> nt!IofCallDriver -> [0xfffffa800232b520]
18:20:37.004 5 ACPI.sys[fffff88000f247a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800255c060]
18:20:38.091 AVAST engine scan C:\
18:25:32.454 Disk 0 MBR has been saved successfully to "C:\Users\Stark\Downloads\MBR.dat"
18:25:32.466 The log file has been saved successfully to "C:\Users\Stark\Downloads\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-22 18:26:41
-----------------------------
18:26:41.831 OS Version: Windows x64 6.1.7601 Service Pack 1
18:26:41.831 Number of processors: 2 586 0x4B02
18:26:41.832 ComputerName: STARK-PC UserName: Stark
18:26:43.033 Initialize success
18:26:52.424 AVAST engine defs: 12052200
18:26:53.417 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:26:53.421 Disk 0 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
18:26:53.424 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
18:26:53.428 Disk 1 Vendor: SAMSUNG_SP2504C VT100-41 Size: 238475MB BusType: 3
18:26:53.449 Disk 0 MBR read successfully
18:26:53.453 Disk 0 MBR scan
18:26:53.460 Disk 0 Windows XP default MBR code
18:26:53.467 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
18:26:53.508 Disk 0 scanning C:\Windows\system32\drivers
18:27:08.462 Service scanning
18:27:29.982 Modules scanning
18:27:29.982 Disk 0 trace - called modules:
18:27:29.991 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:27:29.992 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800279a690]
18:27:29.992 3 CLASSPNP.SYS[fffff88001bb543f] -> nt!IofCallDriver -> [0xfffffa800232b520]
18:27:29.992 5 ACPI.sys[fffff88000f247a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800255c060]
18:27:31.196 AVAST engine scan C:\Windows
18:27:39.093 AVAST engine scan C:\Windows\system32
18:34:22.549 AVAST engine scan C:\Windows\system32\drivers
18:35:05.291 AVAST engine scan C:\Users\Stark
18:39:10.310 AVAST engine scan C:\ProgramData
18:39:48.746 Scan finished successfully
20:13:35.859 Disk 0 MBR has been saved successfully to "C:\Users\Stark\Downloads\MBR.dat"
20:13:35.867 The log file has been saved successfully to "C:\Users\Stark\Downloads\aswMBR.txt"

Thank you kindly for your time. It is very much appreciated.

#2 CompCav

Group: GeekU Moderator
Posts: 6,590
Joined: 24-January 11

Posted 24 May 2012 - 09:06 AM

Hi, Sophonax! Posted Image

My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
You must reply within four days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Please post the log without quotes it is easier to read without them

Step 1.

Run OTL

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select Scan All Users
Select Lop Check and Purity Check
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
c:|Bandoo;true;true;true; /FP
c:|Searchqu;true;true;true; /FP
c:|iLivid;true;true;true; /FP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
C:\windows\*. /RP /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open OTL.Txt
- Post the log

Step 2.

Please post:

OTL.txt

Give me an update on your computer's issues.

#3 Sophonax

Group: Member
Posts: 2
Joined: 22-May 12

Posted 25 May 2012 - 09:34 AM

Hello, CompCav!

As requested.

Note; This had to be scanned with the help of TeamViewer as I do not (this weekend) have physical access to the computer.

OTL.txt

OTL logfile created on: 25.05.2012 17:11:47 - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Stark\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 30,04% Memory free
4,00 Gb Paging File | 2,42 Gb Available in Paging File | 60,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 137,46 Gb Free Space | 46,11% Space Free | Partition Type: NTFS

Computer Name: STARK-PC | User Name: Stark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.05.25 17:11:23 | 001,533,976 | ---- | M] (Google Inc.) -- C:\Users\Stark\AppData\Local\Temp\CR_2FC8C.tmp\setup.exe
PRC - [2012.05.24 00:00:00 | 000,672,168 | ---- | M] () -- C:\Users\Stark\AppData\Local\Google\Update\Install\{BCA40565-196D-4373-B2CC-F596443228BE}\chrome_updater.exe
PRC - [2012.05.22 17:40:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Stark\Downloads\OTL.exe
PRC - [2012.05.09 19:47:42 | 000,026,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
PRC - [2012.05.09 19:47:40 | 000,042,424 | ---- | M] (Overwolf) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
PRC - [2012.04.25 19:23:39 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.02.28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.08.26 01:38:06 | 000,053,504 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\IMVUClient.exe
PRC - [2011.08.26 01:38:06 | 000,022,784 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
PRC - [2011.08.01 15:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.04.15 11:43:21 | 002,038,648 | ---- | M] (TeamViewer GmbH) -- c:\program files (x86)\teamviewer\version6\TeamViewer_Desktop.exe
PRC - [2011.04.15 11:43:21 | 002,038,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Desktop.exe
PRC - [2011.04.15 11:43:21 | 002,038,648 | ---- | M] (TeamViewer GmbH) -- c:\program files (x86)\teamviewer\version6\TeamViewer_Desktop.exe
PRC - [2011.04.15 11:43:21 | 002,038,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Desktop.exe
PRC - [2011.04.15 11:43:21 | 002,038,648 | ---- | M] (TeamViewer GmbH) -- c:\program files (x86)\teamviewer\version6\TeamViewer_Desktop.exe
PRC - [2011.04.15 11:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- c:\program files (x86)\teamviewer\version6\TeamViewer.exe
PRC - [2011.04.15 11:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.04.15 11:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- c:\program files (x86)\teamviewer\version6\TeamViewer.exe
PRC - [2011.04.15 11:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.04.15 11:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- c:\program files (x86)\teamviewer\version6\TeamViewer.exe
PRC - [2011.04.15 11:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.04.15 11:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- c:\program files (x86)\teamviewer\version6\TeamViewer.exe
PRC - [2011.04.15 11:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.04.15 11:14:11 | 000,108,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
PRC - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

========== Modules (No Company Name) ==========

MOD - [2012.05.24 00:00:00 | 000,672,168 | ---- | M] () -- C:\Users\Stark\AppData\Local\Google\Update\Install\{BCA40565-196D-4373-B2CC-F596443228BE}\chrome_updater.exe
MOD - [2012.05.12 11:42:32 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9bfbf0613d3780e34d98333c7b381218\WindowsFormsIntegration.ni.dll
MOD - [2012.05.12 11:40:35 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.12 09:21:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.12 09:20:58 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5abddd1112204bd1e3347be519eaa28f\System.ServiceProcess.ni.dll
MOD - [2012.05.12 09:20:17 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012.05.12 09:19:58 | 000,039,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5a9d0ff936810991cedd098fe006a9be\PresentationCFFRasterizer.ni.dll
MOD - [2012.05.12 09:19:57 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.12 09:19:48 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.12 09:19:45 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012.05.12 09:19:32 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.12 09:19:25 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.12 09:19:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.12 09:19:18 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.12 09:19:06 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.09 19:47:54 | 000,462,776 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWServer.dll
MOD - [2012.05.09 19:47:54 | 000,117,688 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWService.dll
MOD - [2012.05.09 19:47:54 | 000,075,192 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OverWolf.BL.Interfaces.dll
MOD - [2012.05.09 19:47:54 | 000,074,680 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWExplorer-1063.dll
MOD - [2012.05.09 19:47:54 | 000,054,784 | ---- | M] () -- C:\Program Files (x86)\Overwolf\BrowserWindow.dll
MOD - [2012.05.09 19:47:54 | 000,023,480 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWInjector.dll
MOD - [2012.05.09 19:47:52 | 010,861,496 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OverWolf.Client.Core.dll
MOD - [2012.05.09 19:47:48 | 000,273,336 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWAgent.dll
MOD - [2012.05.09 19:47:48 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Overwolf\CoreAudioApi.dll
MOD - [2012.05.09 19:47:42 | 000,028,088 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWLog.dll
MOD - [2012.05.09 19:47:40 | 000,027,064 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWExplorerLauncher.dll
MOD - [2011.08.26 01:38:06 | 000,053,504 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\IMVUClient.exe
MOD - [2011.08.26 01:38:06 | 000,022,784 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
MOD - [2011.08.25 23:38:18 | 000,126,464 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\_libzero.pyd
MOD - [2011.08.25 23:38:10 | 000,125,440 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\_imvugecko.pyd
MOD - [2011.08.25 23:38:00 | 000,496,640 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\_cal3d.pyd
MOD - [2011.08.25 23:36:32 | 001,612,800 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\_avatarwindow.pyd
MOD - [2011.08.25 23:31:58 | 000,168,960 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\imvugecko.dll
MOD - [2011.08.25 23:31:08 | 001,112,064 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\SceneWindow.dll
MOD - [2011.08.25 23:30:32 | 000,167,424 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\libzero.dll
MOD - [2011.08.25 23:30:16 | 000,272,896 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\cal3d.dll
MOD - [2011.08.17 03:13:22 | 000,014,336 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\MemoryHook.dll
MOD - [2011.08.17 03:13:10 | 000,216,576 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\boost_python.dll
MOD - [2011.08.17 03:13:06 | 000,031,744 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\CallStack.dll
MOD - [2011.08.16 23:17:40 | 000,043,520 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\pylzma.pyd
MOD - [2011.08.16 23:16:24 | 000,010,752 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\nphwndproxy.dll
MOD - [2011.08.16 23:07:36 | 000,072,192 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\ParticleLib.dll
MOD - [2011.07.27 18:27:22 | 000,872,448 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\js3250.dll
MOD - [2011.07.26 01:36:52 | 003,771,296 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\NPSWF32.dll
MOD - [2011.05.20 22:59:20 | 000,565,827 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\sqlite3.dll
MOD - [2011.04.28 20:51:30 | 000,353,280 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\pythoncom26.dll
MOD - [2011.04.28 20:51:30 | 000,110,080 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\pywintypes26.dll
MOD - [2011.04.28 20:51:14 | 000,167,424 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\win32gui.pyd
MOD - [2011.04.28 20:51:14 | 000,110,592 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\win32file.pyd
MOD - [2011.04.28 20:51:14 | 000,095,744 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\win32api.pyd
MOD - [2011.04.28 20:51:14 | 000,035,840 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\win32process.pyd
MOD - [2011.04.28 20:51:14 | 000,017,408 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\win32event.pyd
MOD - [2011.04.28 20:51:14 | 000,017,408 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\win32clipboard.pyd
MOD - [2011.04.28 20:51:06 | 000,324,608 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\_imaging.pyd
MOD - [2011.04.28 20:51:04 | 000,262,656 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\win32com.shell.shell.pyd
MOD - [2011.04.28 20:51:02 | 000,022,016 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\Crypto.Cipher.Blowfish.pyd
MOD - [2011.04.28 20:50:56 | 000,645,120 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\_ssl.pyd
MOD - [2011.04.28 20:50:56 | 000,311,808 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\_hashlib.pyd
MOD - [2011.04.28 20:50:56 | 000,127,488 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\pyexpat.pyd
MOD - [2011.04.28 20:50:56 | 000,087,040 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\_ctypes.pyd
MOD - [2011.04.28 20:50:56 | 000,053,248 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\_sqlite3.pyd
MOD - [2011.04.28 20:50:56 | 000,045,568 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\_socket.pyd
MOD - [2011.04.28 20:50:56 | 000,010,240 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\IMVUClient\select.pyd
MOD - [2010.11.13 03:41:38 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_no_b77a5c561934e089\mscorlib.resources.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.09 19:47:36 | 000,018,360 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2012.04.25 19:23:39 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.28 09:16:16 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 17:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.01.12 11:42:16 | 000,016,376 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVMonitor.sys -- (MonitorFunction)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2612669
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = no
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 9C AD 7F C9 1C CC 01 [binary data]
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...016179b26722672
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2612669
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2612669
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nb-NO
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 07 B2 41 68 FA 88 CC 01 [binary data]
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1007\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stark\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stark\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoo...earchTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Stark\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Stark\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stark\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.127.0_0\npBFHUpdater.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.127.0_0\BFHUpdater.exe
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Stark\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.28_0\
CHR - Extension: AdBlock = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: Battlefield Heroes = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.127.0_0\
CHR - Extension: Gmail = C:\Users\Stark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-917754677-3972319178-1609893153-1007\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-917754677-3972319178-1609893153-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-917754677-3972319178-1609893153-1000..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe (Overwolf)
O4 - HKU\S-1-5-21-917754677-3972319178-1609893153-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-917754677-3972319178-1609893153-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Stark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\Stark\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.213.112.4 130.67.15.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{410BA0AA-8E7A-43D6-8BDD-327BFC10B13A}: DhcpNameServer = 193.213.112.4 130.67.15.198
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.05.22 17:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.05.22 17:29:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Overwolf
[2012.05.22 17:29:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.17 06:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.17 06:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.17 06:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.16 10:00:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hpmonitor
[2012.05.16 10:00:07 | 000,018,816 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2012.05.16 10:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
[2012.05.16 10:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Window Registry Repair
[2012.05.16 09:59:55 | 000,000,000 | ---D | C] -- C:\Users\Stark\AppData\Roaming\systweak
[2012.05.16 09:59:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegpairSetup
[2012.05.16 09:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Overwolf
[2012.04.25 19:11:48 | 000,000,000 | ---D | C] -- C:\Users\Stark\Documents\Battlefield Play4Free

========== Files - Modified Within 30 Days ==========

[2012.05.25 17:15:10 | 000,002,359 | ---- | M] () -- C:\Users\Stark\Desktop\Google Chrome.lnk
[2012.05.25 16:55:00 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-917754677-3972319178-1609893153-1007UA.job
[2012.05.25 16:46:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-917754677-3972319178-1609893153-1000UA.job
[2012.05.25 16:31:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-917754677-3972319178-1609893153-1006UA.job
[2012.05.25 15:55:00 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-917754677-3972319178-1609893153-1007Core.job
[2012.05.25 14:25:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.25 10:25:18 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-917754677-3972319178-1609893153-1000Core.job
[2012.05.25 07:33:40 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-917754677-3972319178-1609893153-1006Core.job
[2012.05.24 14:34:58 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.05.24 14:34:58 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.24 14:30:48 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.05.23 19:24:18 | 000,002,170 | ---- | M] () -- C:\Users\Stark\Application Data\Microsoft\Internet Explorer\Quick Launch\LEGO Digital Designer.lnk
[2012.05.23 19:24:18 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\LEGO Digital Designer.lnk
[2012.05.22 20:23:38 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 20:23:38 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.22 20:22:45 | 001,255,500 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.22 20:22:45 | 000,618,160 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.22 20:22:45 | 000,458,868 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2012.05.22 20:22:45 | 000,107,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.22 20:22:45 | 000,078,274 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2012.05.22 20:18:11 | 1610,162,176 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.22 17:33:29 | 000,002,216 | ---- | M] () -- C:\prefs.js
[2012.05.22 17:28:42 | 000,000,917 | ---- | M] () -- C:\Users\Stark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2012.05.16 10:30:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.12 09:17:46 | 000,413,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.11 16:51:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.05.03 06:01:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.05.03 06:01:27 | 001,274,594 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.25 19:23:39 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== Files Created - No Company Name ==========

[2012.05.16 10:30:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.11 16:51:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.05.29 14:03:44 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.29 14:03:41 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.28 09:26:58 | 001,274,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012.02.14 10:28:08 | 000,000,000 | ---D | M] -- C:\Users\Lasse\AppData\Roaming\.minecraft
[2012.02.12 17:40:01 | 000,000,000 | ---D | M] -- C:\Users\Lasse\AppData\Roaming\FOG Downloader
[2011.11.08 17:48:22 | 000,000,000 | ---D | M] -- C:\Users\Lasse\AppData\Roaming\LEGO Company
[2011.10.13 17:12:03 | 000,000,000 | ---D | M] -- C:\Users\Lasse\AppData\Roaming\Rovio
[2012.05.16 12:47:04 | 000,000,000 | ---D | M] -- C:\Users\Lasse\AppData\Roaming\Systweak
[2011.10.12 21:27:35 | 000,000,000 | ---D | M] -- C:\Users\Lasse\AppData\Roaming\Unity
[2012.04.02 21:25:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\.minecraft
[2011.11.02 17:42:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\LEGO Company
[2012.05.22 12:52:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Systweak
[2011.12.24 15:16:32 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TeamViewer
[2012.03.18 17:08:27 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Unity
[2011.12.25 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\uTorrent
[2011.11.11 17:19:57 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\.minecraft
[2011.11.09 09:01:18 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\Babylon
[2011.08.14 17:40:43 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\Bandoo
[2011.06.30 10:57:55 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\DAEMON Tools Lite
[2012.05.25 17:11:04 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\IMVU
[2011.08.29 15:09:52 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\IMVUClient
[2011.11.01 14:15:20 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\LEGO Company
[2011.06.21 17:05:46 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\Opera
[2011.05.29 13:55:49 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\Rovio
[2012.05.22 17:36:39 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\systweak
[2011.05.28 02:16:11 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\TeamViewer
[2012.05.16 10:35:19 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\uTorrent
[2009.07.14 07:08:49 | 000,015,502 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< c:|Bandoo;true;true;true; /FP >
[2011.08.14 17:40:31 | 000,000,000 | ---D | M] -- c:\Users\Stark\AppData\LocalLow\Bandoo
[2011.08.14 17:40:31 | 000,000,000 | ---D | M] -- c:\Users\Stark\AppData\LocalLow\Bandoo\Flash
[2011.08.14 17:40:43 | 000,000,000 | ---D | M] -- c:\Users\Stark\AppData\Roaming\Bandoo

< c:|Searchqu;true;true;true; /FP >
[2011.10.12 18:11:31 | 000,000,000 | ---D | M] -- c:\Users\Lasse\AppData\LocalLow\searchquband
[2011.10.12 18:14:15 | 000,000,000 | ---D | M] -- c:\Users\Lasse\AppData\LocalLow\searchqutoolbar
[2011.10.12 18:17:15 | 000,000,000 | ---D | M] -- c:\Users\Lisa\AppData\LocalLow\searchquband
[2011.10.12 18:19:52 | 000,000,000 | ---D | M] -- c:\Users\Lisa\AppData\LocalLow\searchqutoolbar
[2011.08.16 15:20:14 | 000,000,000 | ---D | M] -- c:\Users\Stark\AppData\LocalLow\searchquband

< c:|iLivid;true;true;true; /FP >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{21AE8332-928C-4080-B5BE-C6D670848746}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{410BA0AA-8E7A-43D6-8BDD-327BFC10B13A}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{42EB63CE-204F-4EE9-BAAA-CB6419F638A0}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 00 01 07 01 06 01 0A 01 09 01 08 01 05 01 02 01 01 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Stark\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Stark\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Stark\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Stark\AppData\Local\Google\Chrome\Application\chrome.exe" [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Lasse\InstallInfo\\ShowIconsCommand: "C:\Users\Lasse\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Lasse\InstallInfo\\HideIconsCommand: "C:\Users\Lasse\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Lasse\InstallInfo\\ReinstallCommand: "C:\Users\Lasse\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Lasse\shell\open\command\\: "C:\Users\Lasse\AppData\Local\Google\Chrome\Application\chrome.exe" [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Lisa\InstallInfo\\ShowIconsCommand: "C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Lisa\InstallInfo\\HideIconsCommand: "C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Lisa\InstallInfo\\ReinstallCommand: "C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Lisa\shell\open\command\\: "C:\Users\Lisa\AppData\Local\Google\Chrome\Application\chrome.exe" [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011.05.28 22:52:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011.05.28 22:52:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011.05.28 22:52:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011.05.28 22:52:24 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011.05.28 22:52:24 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ShowIconsCommand [2011.06.21 17:05:41 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /HideIconsCommand [2011.06.21 17:05:41 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ReInstallBrowser [2011.06.21 17:05:41 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files (x86)\Opera\Opera.exe" [2011.06.21 17:05:41 | 000,941,936 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\STARK\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\STARK\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\STARK\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\STARK\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Lasse\InstallInfo\\ShowIconsCommand: "C:\USERS\LASSE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Lasse\InstallInfo\\HideIconsCommand: "C:\USERS\LASSE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Lasse\InstallInfo\\ReinstallCommand: "C:\USERS\LASSE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Lasse\shell\open\command\\: "C:\USERS\LASSE\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Lisa\InstallInfo\\ShowIconsCommand: "C:\USERS\LISA\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Lisa\InstallInfo\\HideIconsCommand: "C:\USERS\LISA\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Lisa\InstallInfo\\ReinstallCommand: "C:\USERS\LISA\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.Lisa\shell\open\command\\: "C:\USERS\LISA\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012.05.23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011.05.28 22:52:19 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011.05.28 22:52:19 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011.05.28 22:52:19 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011.05.28 22:52:24 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011.05.28 22:52:24 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /SHOWICONSCOMMAND [2011.06.21 17:05:41 | 000,941,936 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /HIDEICONSCOMMAND [2011.06.21 17:05:41 | 000,941,936 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" /REINSTALLBROWSER [2011.06.21 17:05:41 | 000,941,936 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" [2011.06.21 17:05:41 | 000,941,936 | ---- | M] (Opera Software)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart versjon 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
P† datamaskin: STARK-PC
Volumnr. Bks Etikett Fs Type Str. Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volum 0 E DVD-ROM 0 b Intet med
Volum 1 G DVD-ROM 0 b Intet med
Volum 2 C NTFS Partisjon 298 G OK Oppstart
Volum 3 XPOS NTFS Partisjon 232 G OK System
Volum 4 F Flyttbar 0 b Intet med

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >

#4 CompCav

Group: GeekU Moderator
Posts: 6,590
Joined: 24-January 11

Posted 25 May 2012 - 10:18 AM

2 gig memory is marginal at best for an x64 machine, I recommend 4 minimum.

CCleaner has a "registry cleaner"
A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there. The temp file cleaner is OK just not the registry cleaner.
Go HERE to get more information about why registry cleaners aren't needed.

Step 1.

Please make sure you have uninstalled all the programs you have listed in Post #1 before running this fix for maximum effectiveness.

Step 2.

The preferred method of removing plugins and extensions in Chrome is through Chrome itself. Therefore here are instructions to remove these:

Reset these inside Chrome:

CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = http://start.facemoo...earchTerms}&f=4

Step 3.

uTorrent
IMPORTANT I have noticed that there are signs of uTorrent P2P (Peer to Peer) File Sharing Programs on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these type programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep them, please do not use either of them until your computer is cleaned.

Step 4.

Please reopen on your desktop.

Copy and Paste the following code into the

textbox.

:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2612669
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...016179b26722672
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2612669
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...q={searchTerms}
IE - HKU\S-1-5-21-917754677-3972319178-1609893153-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2612669
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
[2011.12.25 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\uTorrent
[2011.11.09 09:01:18 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\Babylon
[2011.08.14 17:40:43 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\Bandoo
[2012.05.16 10:35:19 | 000,000,000 | ---D | M] -- C:\Users\Stark\AppData\Roaming\uTorrent
[2011.08.14 17:40:31 | 000,000,000 | ---D | M] -- c:\Users\Stark\AppData\LocalLow\Bandoo
[2011.08.14 17:40:31 | 000,000,000 | ---D | M] -- c:\Users\Stark\AppData\LocalLow\Bandoo\Flash
[2011.10.12 18:11:31 | 000,000,000 | ---D | M] -- c:\Users\Lasse\AppData\LocalLow\searchquband
[2011.10.12 18:14:15 | 000,000,000 | ---D | M] -- c:\Users\Lasse\AppData\LocalLow\searchqutoolbar
[2011.10.12 18:17:15 | 000,000,000 | ---D | M] -- c:\Users\Lisa\AppData\LocalLow\searchquband
[2011.10.12 18:19:52 | 000,000,000 | ---D | M] -- c:\Users\Lisa\AppData\LocalLow\searchqutoolbar
[2011.08.16 15:20:14 | 000,000,000 | ---D | M] -- c:\Users\Stark\AppData\LocalLow\searchquband






:files
ipconfig /flushdns /c


:reg


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 5.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application. Do not accept the trial version at this time choose decline.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 6.

Please post:

OTL fix log
mbam log

Please provide me with an update on the computer performance after the uninstalls and running of these tools.

#5 CompCav

Group: GeekU Moderator
Posts: 6,590
Joined: 24-January 11

Posted 30 May 2012 - 10:06 AM

Are you still there and needing help?

#6 CompCav

Group: GeekU Moderator
Posts: 6,590
Joined: 24-January 11

Posted 31 May 2012 - 11:51 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

[Help wanted] Malware Removal [Closed] - Geeks to Go Forums