Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

popup problem and invalid image error [Solved]


  • This topic is locked This topic is locked

#1
toddn

toddn

    New Member

  • Member
  • Pip
  • 4 posts
Hi,

My biggest problem on my laptop is related to the unvalid image error which keeps popping up whenever I want to open a new program.
Example, if I click on IE icon the following error occurs:
c:\progra~2\browse~1\261519~1.190\c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll

I hope you can help me.

Kind regards

Tor Maarten

Text from logg:

OTL logfile created on: 05.11.2013 11:14:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Husn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,34 Gb Available Physical Memory | 17,24% Memory free
4,23 Gb Paging File | 1,78 Gb Available in Paging File | 42,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226,42 Gb Total Space | 10,62 Gb Free Space | 4,69% Space Free | Partition Type: NTFS
Drive D: | 6,47 Gb Total Space | 1,38 Gb Free Space | 21,36% Space Free | Partition Type: NTFS
Drive E: | 702,81 Mb Total Space | 687,30 Mb Free Space | 97,79% Space Free | Partition Type: UDF

Computer Name: HUSN-PC | User Name: Husn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.11.05 10:09:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Husn\Desktop\OTL.exe
PRC - [2013.09.22 11:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Internet Explorer\iexplore.exe
PRC - [2013.08.14 16:01:02 | 000,409,776 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft Office\Office12\WINWORD.EXE
PRC - [2013.07.29 20:41:11 | 000,896,000 | ---- | M] (installdaddy) -- C:\Programfiler\Torntv 2\Torntv 2-bg.exe
PRC - [2013.07.25 08:50:54 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Programfiler\Java\jre7\bin\javaws.exe
PRC - [2013.07.25 08:50:54 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Programfiler\Java\jre7\bin\javaw.exe
PRC - [2013.07.16 20:22:36 | 000,943,016 | ---- | M] (Lavasoft) -- C:\ProgramData\Search Protection\SearchProtection.exe
PRC - [2013.07.15 22:09:24 | 000,554,384 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013.04.04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.12 06:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Programfiler\Common Files\Java\Java Update\jucheck.exe
PRC - [2013.02.26 15:59:08 | 006,227,512 | ---- | M] () -- C:\Programfiler\Polar\WebSync\WebSync.exe
PRC - [2013.01.28 12:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Programfiler\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.12.17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Programfiler\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.12.17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Programfiler\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.12.12 14:20:18 | 000,419,536 | ---- | M] () -- C:\Programfiler\Polar\Daemon\polard.exe
PRC - [2012.09.06 10:50:24 | 000,248,248 | R--- | M] (Western Digital) -- C:\Programfiler\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programfiler\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.27 09:40:23 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft\BingBar\SeaPort.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.11.13 08:33:54 | 000,097,128 | ---- | M] (Microsoft Corp.) -- C:\Programfiler\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\wmpnscfg.exe
PRC - [2007.04.23 17:11:44 | 000,106,593 | ---- | M] () -- C:\Programfiler\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2007.04.23 17:11:42 | 000,262,243 | ---- | M] () -- C:\Programfiler\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.03.29 13:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Programfiler\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007.02.07 15:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- c:\Programfiler\Bioscrypt\VeriSoft\Bin\asghost.exe


========== Modules (No Company Name) ==========

MOD - [2013.09.11 14:09:42 | 000,146,432 | ---- | M] () -- C:\Programfiler\LyricsPal\133.dll
MOD - [2013.07.10 17:07:22 | 000,756,888 | ---- | M] () -- C:\Programfiler\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2013.02.26 15:59:08 | 006,227,512 | ---- | M] () -- C:\Programfiler\Polar\WebSync\WebSync.exe
MOD - [2013.02.26 15:59:06 | 000,110,648 | ---- | M] () -- C:\Programfiler\Polar\WebSync\PTransform.dll
MOD - [2013.02.26 15:59:00 | 003,722,296 | ---- | M] () -- C:\Programfiler\Polar\WebSync\libpolar.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programfiler\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programfiler\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.01.14 15:01:02 | 002,142,720 | ---- | M] () -- C:\Programfiler\Polar\WebSync\QtCore4.dll
MOD - [2010.02.10 17:45:48 | 000,025,600 | ---- | M] () -- C:\Programfiler\Polar\WebSync\imageformats\qgif4.dll
MOD - [2010.02.10 17:45:40 | 000,119,808 | ---- | M] () -- C:\Programfiler\Polar\WebSync\imageformats\qjpeg4.dll
MOD - [2010.02.10 15:22:16 | 007,971,840 | ---- | M] () -- C:\Programfiler\Polar\WebSync\QtGui4.dll
MOD - [2010.02.10 15:07:32 | 000,929,280 | ---- | M] () -- C:\Programfiler\Polar\WebSync\QtNetwork4.dll
MOD - [2010.02.10 15:06:06 | 000,334,848 | ---- | M] () -- C:\Programfiler\Polar\WebSync\QtXml4.dll
MOD - [2007.03.29 13:02:48 | 000,126,976 | ---- | M] () -- C:\Programfiler\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.03.29 12:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Services (SafeList) ==========

SRV - [2013.07.26 11:11:20 | 002,847,696 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2013.04.04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.12 14:20:18 | 000,419,536 | ---- | M] () [Auto | Running] -- C:\Programfiler\Polar\Daemon\polard.exe -- (Polar Daemon)
SRV - [2012.09.06 10:50:24 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Programfiler\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programfiler\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programfiler\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programfiler\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programfiler\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009.08.05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008.12.31 16:53:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programfiler\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programfiler\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programfiler\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.04.23 17:11:44 | 000,106,593 | ---- | M] () [Auto | Running] -- C:\Programfiler\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2007.04.23 17:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Programfiler\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2007.02.07 15:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Programfiler\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007.01.09 13:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.06.22 08:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Programfiler\Bioscrypt\VeriSoft\Bin\ASChnl.dll -- (ASChannel)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.08.05 22:06:09 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013.04.04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.13 16:51:42 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010.04.19 19:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2008.08.14 23:22:54 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.01.19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007.09.19 04:05:00 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.04.12 03:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007.03.28 17:44:22 | 000,140,424 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.03.07 05:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.17 00:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.01.23 18:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.30 09:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006.11.28 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.06.28 08:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.swee...A-001B24D39E11}
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Programfiler\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=03/05/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A6609AB8-24BB-4147-B0F3-23BB3B438CF1}: "URL" = http://no.search.yah...ing}&fr=cb-hp06
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://mysearch.swee...A-001B24D39E11}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...123884&tsp=4956
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...Date=03/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=03/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...Date=03/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...Date=03/05/2013
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Updater By Sweetpacks\Firefox [2013.07.29 20:42:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8f5010e2-9577-4aed-ad42-f2098ea15def}: C:\Program Files\LyricsPal\133.xpi [2013.09.11 21:46:43 | 000,005,847 | ---- | M] ()

[2009.03.13 11:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Husn\AppData\Roaming\mozilla\Extensions
[2009.03.13 11:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Husn\AppData\Roaming\mozilla\Extensions\mozsw[email protected]
[2013.08.26 21:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Husn\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.06.30 09:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\Husn\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
[2013.07.27 15:24:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programfiler\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: SecureSearch (Enabled)
CHR - default_search_provider: search_url = http://securedsearch...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://securedsearch...5551B5200153174
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00C2\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: InoViewer Plugin (Enabled) = C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Lavasoft NewTab = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.10_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.3_0\
CHR - Extension: Auto Refresh Plus = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.22_0\
CHR - Extension: Gmail = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Lyrics-Pal = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbffeddnekkhjmokkhdebbfbibbflc\1.133_0\

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O2 - BHO: (Torntv 2) - {11111111-1111-1111-1111-110311551178} - C:\Programfiler\Torntv 2\Torntv 2-bho.dll (installdaddy)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programfiler\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programfiler\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Påloggingshjelp for Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Programfiler\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programfiler\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (Lyrics-Pal) - {ebcafb3f-5032-49f2-bf60-b99beef14b5c} - C:\Programfiler\LyricsPal\133.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programfiler\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programfiler\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Programfiler\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Programfiler\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe (Lavasoft)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Programfiler\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Husn\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O4 - HKCU..\Run: [iCloudServices] C:\Programfiler\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Husn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&ksporter til Microsoft Excel - C:\Programfiler\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programfiler\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: skandiabanken.no ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: skandiabanken.no ([www] https in Trusted sites)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fotoknuds...geUploader5.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB595F04-94C9-489A-AF24-EE741B737DF3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBD6292A-FE95-4EFA-A03B-D9B068512F97}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programfiler\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programfiler\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programfiler\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programfiler\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Husn\AppData\Roaming\Microsoft\Windows Photo Gallery\Bakgrunn for Windows Fotogalleri.jpg
O24 - Desktop BackupWallPaper: C:\Users\Husn\AppData\Roaming\Microsoft\Windows Photo Gallery\Bakgrunn for Windows Fotogalleri.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{5c15a5db-46d3-11dd-b988-001e3760b573}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{94a519e2-af7e-11df-8d16-001b24d39e11}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{a58c81c4-6ad5-11dd-8256-001e3760b573}\Shell - "" = AutoRun
O33 - MountPoints2\{a58c81c4-6ad5-11dd-8256-001e3760b573}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe /run
O33 - MountPoints2\H\Shell\Shell00\Command - "" = H:\Autorun.exe /run
O33 - MountPoints2\H\Shell\Shell01\Command - "" = H:\Autorun.exe /action
O33 - MountPoints2\H\Shell\Shell02\Command - "" = H:\Autorun.exe /uninstall
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.11.05 10:09:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Husn\Desktop\OTL.exe
[2013.11.05 09:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\REGSERVO
[2013.10.07 21:49:12 | 000,000,000 | R--D | C] -- C:\Users\Husn\Dropbox
[2013.10.07 21:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013.10.07 21:46:11 | 000,000,000 | ---D | C] -- C:\Users\Husn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.10.07 21:42:30 | 000,000,000 | ---D | C] -- C:\Users\Husn\AppData\Roaming\Dropbox
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Husn\Documents\*.tmp files -> C:\Users\Husn\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.11.05 10:48:05 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.05 10:09:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Husn\Desktop\OTL.exe
[2013.11.05 09:41:02 | 000,001,162 | ---- | M] () -- C:\Windows\tasks\Torntv 2-updater.job
[2013.11.05 09:41:01 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\Torntv 2-codedownloader.job
[2013.11.05 09:41:01 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\Torntv 2-enabler.job
[2013.11.05 09:29:05 | 000,601,058 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.11.05 09:29:05 | 000,466,124 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2013.11.05 09:29:05 | 000,106,934 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.11.05 09:29:05 | 000,082,596 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2013.11.05 09:24:44 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cecabe58dec658.job
[2013.11.05 09:24:42 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\Lyrics-Pal Update.job
[2013.11.05 09:22:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.05 09:22:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.05 09:22:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.05 00:35:49 | 000,006,396 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.11.02 00:03:13 | 000,166,400 | ---- | M] () -- C:\Users\Husn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.11.02 00:01:21 | 000,188,164 | ---- | M] () -- C:\Users\Husn\AppData\Roaming\nvModes.001
[2013.11.01 23:29:21 | 000,000,953 | ---- | M] () -- C:\Users\Husn\Desktop\Dropbox.lnk
[2013.10.31 16:59:46 | 000,413,374 | ---- | M] () -- C:\Users\Husn\Desktop\Bekreftelse fortolling.pdf
[2013.10.28 20:42:13 | 003,733,211 | ---- | M] () -- C:\Users\Husn\Desktop\Løvstakken02.jpg
[2013.10.20 16:51:26 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.10.20 16:19:49 | 001,695,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.10.06 21:35:26 | 000,088,224 | ---- | M] () -- C:\Users\Husn\Desktop\bryllup TM og L.jpg
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Husn\Documents\*.tmp files -> C:\Users\Husn\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.10.31 16:59:46 | 000,413,374 | ---- | C] () -- C:\Users\Husn\Desktop\Bekreftelse fortolling.pdf
[2013.10.28 20:41:31 | 003,733,211 | ---- | C] () -- C:\Users\Husn\Desktop\Løvstakken02.jpg
[2013.10.16 23:23:32 | 000,000,976 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cecabe58dec658.job
[2013.10.09 23:01:24 | 1941,841,997 | ---- | C] () -- C:\Users\Husn\Desktop\HDV_1322.MP4
[2013.10.07 21:49:12 | 000,000,953 | ---- | C] () -- C:\Users\Husn\Desktop\Dropbox.lnk
[2013.10.06 21:35:26 | 000,088,224 | ---- | C] () -- C:\Users\Husn\Desktop\bryllup TM og L.jpg
[2013.07.29 20:41:41 | 001,344,304 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2013.06.09 14:45:01 | 000,000,004 | ---- | C] () -- C:\Users\Husn\AppData\Roaming\skype.ini
[2012.07.22 21:38:23 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.05.12 19:50:12 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009.08.08 00:35:04 | 000,000,008 | ---- | C] () -- C:\Users\Husn\AppData\Roaming\NMM-MetaData.db
[2009.06.25 22:24:50 | 000,007,592 | ---- | C] () -- C:\Users\Husn\AppData\Local\d3d9caps.dat
[2009.03.29 23:24:06 | 000,000,091 | ---- | C] () -- C:\Users\Husn\appletfile.props
[2008.10.21 17:27:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.02.26 13:34:53 | 000,001,348 | ---- | C] () -- C:\Users\Husn\AppData\Roaming\wklnhst.dat
[2008.02.25 15:35:25 | 000,188,164 | ---- | C] () -- C:\Users\Husn\AppData\Roaming\nvModes.001
[2008.02.25 12:41:21 | 000,188,164 | ---- | C] () -- C:\Users\Husn\AppData\Roaming\nvModes.dat
[2008.02.25 00:27:20 | 000,166,400 | ---- | C] () -- C:\Users\Husn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.06.14 20:27:02 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Afgeeb
[2011.11.25 20:27:49 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Azureus
[2013.07.27 15:25:01 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\BabSolution
[2013.08.02 22:18:53 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Babylon
[2011.06.21 21:46:31 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\com.aspiro.wimp.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1
[2008.08.14 23:22:25 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\DAEMON Tools
[2013.07.27 15:24:52 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Delta
[2013.11.01 23:59:26 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Dropbox
[2012.04.25 21:32:02 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Ehhuah
[2013.02.13 20:53:19 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\elitefoto-bildearkiv
[2013.04.19 21:14:03 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\File Scout
[2011.11.25 20:33:17 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\FrostWire
[2012.07.22 21:21:26 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\HandBrake
[2012.06.14 21:15:21 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Kyybvu
[2011.12.09 00:42:47 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\LimeWire
[2013.03.08 22:28:56 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Mp3jam
[2009.08.08 00:30:58 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Nokia
[2009.08.08 00:36:01 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Nokia Multimedia Player
[2013.05.03 20:01:17 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\OpenCandy
[2009.01.01 16:21:42 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Opera
[2009.08.08 00:29:11 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\PC Suite
[2013.01.24 00:20:29 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\PerformerSoft
[2012.12.08 16:55:06 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\PhotoScape
[2013.08.02 22:37:05 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Solvusoft
[2010.02.01 17:26:25 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Sports Interactive
[2012.12.31 01:24:03 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Spotify
[2012.04.17 21:46:31 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\SumatraPDF
[2008.02.28 18:17:52 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Template
[2008.07.02 22:13:33 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\updater
[2013.11.01 23:53:03 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\uTorrent
[2009.05.10 15:15:55 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\WeatherDPA
[2013.08.02 19:36:22 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Web Cake
[2012.05.13 06:16:46 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\xmzufnu2czgv1ctokwbgqjuotl1ujxsj
[2012.04.27 13:14:45 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\xuv1ryjuvntramxrbwsc3h1kqqtmissd
[2009.05.10 15:15:50 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Zango

========== Purity Check ==========



< End of report >


Extras Text:
OTL Extras logfile created on: 05.11.2013 11:14:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Husn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,34 Gb Available Physical Memory | 17,24% Memory free
4,23 Gb Paging File | 1,78 Gb Available in Paging File | 42,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226,42 Gb Total Space | 10,62 Gb Free Space | 4,69% Space Free | Partition Type: NTFS
Drive D: | 6,47 Gb Total Space | 1,38 Gb Free Space | 21,36% Space Free | Partition Type: NTFS
Drive E: | 702,81 Mb Total Space | 687,30 Mb Free Space | 97,79% Space Free | Partition Type: UDF

Computer Name: HUSN-PC | User Name: Husn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041D8CDC-7A47-448B-B1C3-1E0C8A97ED46}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{04EA544A-859A-414C-B22C-564F4044736B}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{38E183D7-4AC8-4031-BB46-3A50498E910D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43D92CCF-6ACE-4963-B052-8D0B1C54BDDB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4C96D502-2B23-4B8C-A9CE-27FA10DD9FDF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{66346C3F-5416-490C-B104-9CBFBD2D89FD}" = lport=2178 | protocol=6 | dir=in | app=system |
"{70F4055C-3DBE-4A2B-B78E-8DA52631BB68}" = lport=55275 | protocol=6 | dir=in | name=vuze |
"{7AD507FA-67C6-482D-9801-17C6C2E1764F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97107722-0D87-41E4-B9F5-5508610E0498}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{BD105AF6-FC8C-4D6B-A3E4-DE862C695ED0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C139A7BC-250A-4D4B-8B2A-505433C80EC4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA88C6BB-DBC1-4D1A-ACD8-29D3F3B9C58B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{CCA19DEF-11BE-466A-BBC8-A9A3E06E4BAA}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{D7A0E471-4BEB-4E24-92E9-16D17EC36954}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9891056-B26F-452E-B088-67E874C69825}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC87B40C-10B6-47FA-B96C-8BC853F0C621}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE2F46D5-BF6A-4429-AA91-C4E3851A86CC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED6C93F4-B6A2-4D03-AE5B-0B415D9F1B39}" = rport=2178 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017AD97E-1B0B-483D-AB44-6901A23A8D4B}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{05563A17-8F66-4F96-A3F4-ADCFA50DFFFF}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{07C23507-7CC2-4D30-A55B-9460935A5691}" = protocol=17 | dir=in | app=c:\program files\lavasoft\adaware securesearch toolbar\dtuser.exe |
"{08F605B4-2919-4B26-9D9D-6DA62D8924DD}" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"{0B4C0637-E68F-449F-B975-6C6410BA8CF3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0DAD1C0C-2C9C-4A41-B6A1-F994DB196D1D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E3E069D-5C52-4D51-BC9A-4D9771C08C3E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28F94F2A-0E91-4844-9D62-B72DC8ABAE51}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2ED4EC72-8723-474D-9585-8462FEFB62C7}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{3224CC8D-EF9C-48CE-BCD9-A58256FCB800}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{33C28733-FB7A-44FF-AC7D-ACD535E83340}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{359752E9-59F5-41E2-B0A8-726103AA8C13}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{36C9531B-0A7A-4027-8476-B8E70FE8E40E}" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"{39EDCA67-B0F1-48B9-BF9D-3776CFD10042}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C0CCADB-9325-4915-93A6-D317E12922D4}" = protocol=17 | dir=in | app=c:\users\husn\appdata\roaming\dropbox\bin\dropbox.exe |
"{3D9E515D-926A-4883-87FD-754273F9D500}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{3F7E9997-FCAE-4AF1-A790-F5A1C8F2D704}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3FB979F1-C070-415E-8FB8-24D927F729B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{408B10BF-6279-4EAF-96B4-4BEB1967AAE8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{43F5CDE2-D3EF-48D4-B9F8-81EF61AA5994}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{50C74E81-FD48-4CDB-A34F-E4BC4DCD109E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5314624F-B5F1-4F16-8633-014C14B18378}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{610CF5BA-DA1F-494E-B07D-DE3B0567DC0C}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{6179CC02-1AE3-49BD-8FD1-2C6115998597}" = protocol=17 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{6BAA02CC-3604-4E64-A458-52EECF4C017B}" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{6F4B76CA-4DDD-49DF-84E2-D1BAA6D0C522}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7A33682B-3395-4ADC-957B-632ABA334302}" = protocol=6 | dir=in | app=c:\users\husn\documents\azureus downloads\azureus.exe |
"{7BA3A4EB-9D7F-42F8-8747-EEABB98E73D2}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{8012CE21-1F42-4A20-AC9B-9183F8009F4A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{88B82DC7-0C5B-42D1-82EC-ADE0002A0688}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{8A9CAB74-927D-4162-9027-08F1DABD1866}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{8BF53685-BC37-4345-9DFB-3408E106E38E}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{96DFE8D6-5431-40B4-A27E-7EB127C88A28}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{9B8FFCB1-DC2A-4F2A-B0ED-EDB0369424C1}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{9DB488AA-465B-49F7-BB72-84989EE814A8}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{9EA04B10-DB23-4740-A480-B36B0F82AD5A}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{A697FDD9-413A-4251-9CA1-40DA9E3C00AB}" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
"{A78DA9DE-965A-4EB1-9098-5F5DAD2BF4CF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ACC70919-919F-4038-B519-8808F46C60EF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B0F86C59-C966-43B9-9551-6DF85B23155C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B12B092E-8F1A-4592-BF6E-68EA679EF910}" = protocol=6 | dir=out | app=c:\program files\airvideoserver\airvideoserver.exe |
"{B525158C-3200-40FC-B3F3-B324EB9C44E9}" = protocol=17 | dir=in | app=c:\users\husn\documents\azureus downloads\azureus.exe |
"{B60898F6-8B0C-445C-8453-2EE7AAC18579}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BEAE372D-D175-4B67-8F64-33D8C7FABA6E}" = protocol=6 | dir=in | app=c:\program files\lavasoft\adaware securesearch toolbar\dtuser.exe |
"{CB1A102E-7DA7-48CC-8858-789E4DEA214B}" = protocol=6 | dir=out | app=system |
"{CC803AF9-9E61-41C1-988C-7E855027879C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0136F33-44B6-4C9B-A72C-6FD85ABB1D96}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{D1E733B6-3BC9-4189-98ED-DB96419758A7}" = protocol=6 | dir=in | app=c:\users\husn\appdata\roaming\dropbox\bin\dropbox.exe |
"{D32F7E98-524D-419A-82D4-D8D8E78DF265}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D85B4EF9-67AF-4E7D-B640-D7AF5EBC94E0}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{D8A30292-0A9F-4758-B291-7FC9C5290332}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{DC0A9BDB-6A92-4778-886B-C0B8203FB834}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F176DFBA-8E0E-436F-9DE6-A277D7225521}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F56DF7E0-7D1A-4406-BF52-96FCA17878B5}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{F662476B-7E48-46C0-9F1E-9A754F32F1BD}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F6E3F0B8-B145-4ECF-8753-9C74C9F3B081}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F914FFA8-FCF3-4BAE-9FC6-DCC628F5F66C}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{FB295307-A61B-44F0-A33F-470DBBFEDCCD}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{FC5F2B73-9540-45DA-A282-D98773F892B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{32E135DB-1A55-4F68-BE1F-617E3ADF2849}C:\users\husn\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\husn\appdata\roaming\spotify\spotify.exe |
"TCP Query User{37298E77-97B2-49BE-B687-CA30E0B16ED7}C:\users\husn\appdata\roaming\xmzufnu2czgv1ctokwbgqjuotl1ujxsj\svcnost.exe" = protocol=6 | dir=in | app=c:\users\husn\appdata\roaming\xmzufnu2czgv1ctokwbgqjuotl1ujxsj\svcnost.exe |
"TCP Query User{3A7E6EB7-85EE-4BD8-8E49-C8DD191160C0}C:\program files\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\program files\torntv.com\torntv downloader.exe |
"TCP Query User{3B189A36-A26C-4E9C-8024-7511779655C6}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{4A25D025-2F2B-493B-9827-ABDE3E590BCE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4B609E24-FC07-45AF-A6E2-802F35479FCB}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{5A042A0B-2D36-4B07-AFA4-B24244D45583}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{5CBC76D2-DE5B-4C4C-A4C9-90646F17AD18}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{7363DC5A-C2CF-40E5-A715-96DE3DC84B21}C:\users\husn\desktop\mp3\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\users\husn\desktop\mp3\limewire\limewire.exe |
"TCP Query User{84BAE3F1-DE96-47A2-98EF-20EE0594C7C6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{8ABF5075-ED83-4FDA-A730-442DAE5472F8}C:\users\husn\documents\azureus downloads\azureus.exe" = protocol=6 | dir=in | app=c:\users\husn\documents\azureus downloads\azureus.exe |
"TCP Query User{B3369938-97C9-43D8-9C46-607F34D171C7}C:\users\husn\appdata\roaming\xuv1ryjuvntramxrbwsc3h1kqqtmissd\svcnost.exe" = protocol=6 | dir=in | app=c:\users\husn\appdata\roaming\xuv1ryjuvntramxrbwsc3h1kqqtmissd\svcnost.exe |
"TCP Query User{BF969E3D-2D22-4E34-915E-FA63F5F1453B}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{F755FA16-DE1A-4D5D-A844-464648375B33}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{FA1A2929-1142-4D62-9328-A5B2AE9FEE9E}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{063D9A96-6060-49F4-ACD6-2742C74C955A}C:\users\husn\appdata\roaming\xmzufnu2czgv1ctokwbgqjuotl1ujxsj\svcnost.exe" = protocol=17 | dir=in | app=c:\users\husn\appdata\roaming\xmzufnu2czgv1ctokwbgqjuotl1ujxsj\svcnost.exe |
"UDP Query User{084CF1DD-D56A-42F1-95D6-2D0E735DBD4E}C:\users\husn\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\husn\appdata\roaming\spotify\spotify.exe |
"UDP Query User{0CA69B3A-968D-4CBA-88DF-A53B068CD1D7}C:\users\husn\desktop\mp3\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\users\husn\desktop\mp3\limewire\limewire.exe |
"UDP Query User{0EFE3887-0B5C-49DA-A651-010D348A05DC}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{2E1ECE47-B52D-40B3-A4BA-AF3D8E1AA694}C:\users\husn\appdata\roaming\xuv1ryjuvntramxrbwsc3h1kqqtmissd\svcnost.exe" = protocol=17 | dir=in | app=c:\users\husn\appdata\roaming\xuv1ryjuvntramxrbwsc3h1kqqtmissd\svcnost.exe |
"UDP Query User{3B88CE2B-D468-4672-A6DA-97912C146AAF}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{6DD7A15C-1F49-4081-9E31-B9C7E600E41A}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{7EBB2643-ED94-4EEC-897B-6B6AB43D7E2A}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{7F8A0483-578F-4421-B387-854C22B0A9DF}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{87F8F345-BD49-4029-B6E7-DD4C18BEA395}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A886C2AC-C2FD-423B-B6C0-7D118DC67D3C}C:\program files\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\program files\torntv.com\torntv downloader.exe |
"UDP Query User{B26715A3-7683-4C7C-9458-63C9C335A9CE}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{C0032121-E7B9-462B-8A52-3F641459017D}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{C9A1DC4F-7EEE-4997-9E85-355F6838B3AA}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{D9A455B4-6CF2-4717-9EE1-3CF9E315C7FE}C:\users\husn\documents\azureus downloads\azureus.exe" = protocol=17 | dir=in | app=c:\users\husn\documents\azureus downloads\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.4900
"{046204EB-610B-470B-AE40-2B5D9AE5755E}" = Windows Live Movie Maker
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0ABA40AF-288D-41F1-B735-C5155692CD7D}" = VeriSoft Access Manager
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DFC4415-8E8F-4ADB-8A0B-2F314A8FD14D}" = Windows Live Messenger
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Opplastingsverktøy for Windows Live
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2ADD2892-255C-34C2-AE90-5EF603273DFF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nor
"{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}" = Polar Daemon
"{301C3EAA-7220-428D-A5A0-CEF9EEEABCBB}" = MSCU for Microsoft Vista
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{320453EE-6AEA-4E1A-8E64-72F33C0C928F}" = Polar WebSync
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B4A0DDA-2AAE-4467-A803-BF2520CD3D06}" = Påloggingsassistent for Windows Live
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple-programsupport
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{494F562B-86B6-C01E-8C0E-6211DCBA31EB}" = WiMP 2.2.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52243BD3-3142-4331-B0AB-F1A82EEECE1C}" = Windows Live Writer
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5526d33c-7120-4326-9097-defcbdfa0dbc}" = Lyrics-Pal
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66F0F316-B9B7-4DC5-A935-1C54BA516D45}" = Windows Live Fotogalleri
"{6A3B0503-7DF4-4BE7-BC75-F6B02AC78C06}" = Windows Live Essentials
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F165A1E-494D-41B5-9D18-F96A6852F741}" = ESU for Microsoft Vista
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = WD Drive Utilities
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0414-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007
"{90120000-0016-0414-0000-0000000FF1CE}_HOMESTUDENTR_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0414-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007
"{90120000-0018-0414-0000-0000000FF1CE}_HOMESTUDENTR_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0414-0000-0000000FF1CE}" = Microsoft Office Word MUI (Norwegian (Bokmål)) 2007
"{90120000-001B-0414-0000-0000000FF1CE}_HOMESTUDENTR_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2007
"{90120000-001F-0414-0000-0000000FF1CE}_HOMESTUDENTR_{F47DC432-9E71-4DC4-A488-9842D767DDDB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2007
"{90120000-001F-0814-0000-0000000FF1CE}_HOMESTUDENTR_{67BED6C1-5AE1-45CD-8060-BFFD37ED0DDD}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0414-0000-0000000FF1CE}" = Microsoft Office Proofing (Norwegian (Bokmål)) 2007
"{90120000-006E-0414-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007
"{90120000-006E-0414-0000-0000000FF1CE}_HOMESTUDENTR_{F12E93BA-172F-4875-A3C6-FE271A461AA1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0414-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007
"{90120000-00A1-0414-0000-0000000FF1CE}_HOMESTUDENTR_{45D06784-F685-4736-8143-AAEB4969932C}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9017E2F4-44FF-4AB3-AAD2-0904AD360CC8}" = Windows Live Tryggere for familien
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A44DC95-026F-4A07-98A0-EBDB9ED2DE19}" = Windows Live Sync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F97AC16-A3E5-442E-8DCB-0DF553D72477}" = IKEA Home Planner
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3499A41-41EA-3567-977C-29E9E226A360}" = Microsoft .NET Framework 4 Client Profile NOR Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1044-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Norsk
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B61B6668-A674-4A06-8405-51944D5CCDDD}" = AuthenTec Fingerprint Sensor Minimum Install
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoplus
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C5E94F24-3D8F-49B5-A39C-E1CD03362A43}" = Snap.Do
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{D9E3F4DD-2B33-4E5E-BCD3-7F08F6296E18}" = Windows Live Mail
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{DEDAF650-12B8-48f5-A843-BBA100716106}_is1" = Updater By Sweetpacks 2.0.0.605
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F22E8D16-0D5E-4b25-A630-F1361E6B02D2}" = Microsoft Works
"{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}" = Internet Explorer Toolbar 4.9 by SweetPacks
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"adawaretb" = Ad-Aware Security Add-on
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Air Video Server" = Air Video Server 2.4.3
"bi_uninstaller" = Bundled software uninstaller
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.aspiro.wimp.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1" = WiMP 2.2.2
"conduitEngine" = Conduit Engine
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"elitefoto-bildearkiv_is1" = Elite Foto bildearkiv 2.4.19
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FotoKnudsen FotoBok_is1" = FotoKnudsen FotoBok
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"LimeWire" = LimeWire 5.5.14
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versjon 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - nor" = Språkpakke for Microsoft .NET Framework 3.5 SP1 - NOR
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NOR Language Pack" = Microsoft .NET Framework 4 Client Profile NOR Language Pack
"MP3jam_is1" = MP3jam 1.1.0.0
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"SmartAudio" = SmartAudio
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Torntv 2" = Torntv 2
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WNLT" = SweetPacks Updater Service

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"JNLP" = JNLP
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09.10.2013 06:52:47 | Computer Name = Husn-pc | Source = Windows Search Service | ID = 3013
Description =

Error - 09.10.2013 06:52:47 | Computer Name = Husn-pc | Source = Windows Search Service | ID = 3013
Description =

Error - 09.10.2013 07:08:51 | Computer Name = Husn-pc | Source = Application Error | ID = 1000
Description = Program med feil Explorer.EXE, versjon 6.0.6002.18005, tidsangivelse
0x49e01da5, modul med feil ole32.dll, versjon 6.0.6002.18277, tidsangivelse 0x4c28d53e,
unntakskode 0xc0000005, feilforskyvning 0x0012928e, prosess-ID 0xbb8, starttid for
program 0x01cec4d05ea8a40d.

Error - 09.10.2013 19:14:11 | Computer Name = Husn-pc | Source = Application Error | ID = 1000
Description = Program med feil iexplore.exe, versjon 9.0.8112.16506, tidsangivelse
0x51f8de05, modul med feil Torntv 2-bho.dll_unloaded, versjon 0.0.0.0, tidsangivelse
0x51b5cf67, unntakskode 0xc0000005, feilforskyvning 0x03daf4a9, prosess-ID 0xbb0,
starttid for program 0x01cec5451a1acf5c.

Error - 13.10.2013 17:24:17 | Computer Name = Husn-pc | Source = Application Hang | ID = 1002
Description = Programmet iexplore.exe versjon 9.0.8112.16506 sluttet å samhandle
med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig
om problemet, ser du i problemhistorikken i kontrollpanelet for Problemrapportering
og -løsninger. Prosess-ID: 141c Starttidspunkt: 01cec85a11a7f624 Avslutningstidspunkt:
146

Error - 13.10.2013 17:48:37 | Computer Name = Husn-pc | Source = Windows Search Service | ID = 3006
Description =

Error - 13.10.2013 17:48:38 | Computer Name = Husn-pc | Source = Windows Search Service | ID = 3007
Description =

Error - 16.10.2013 17:46:07 | Computer Name = Husn-pc | Source = Application Hang | ID = 1002
Description = Programmet iexplore.exe versjon 9.0.8112.16514 sluttet å samhandle
med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig
om problemet, ser du i problemhistorikken i kontrollpanelet for Problemrapportering
og -løsninger. Prosess-ID: 17b8 Starttidspunkt: 01cecab7ba8a7408 Avslutningstidspunkt:
389

Error - 20.10.2013 16:37:10 | Computer Name = Husn-pc | Source = Application Error | ID = 1000
Description = Program med feil WINWORD.EXE, versjon 12.0.6683.5002, tidsangivelse
0x520bb457, modul med feil gdiplus.dll_unloaded, versjon 0.0.0.0, tidsangivelse
0x515ba857, unntakskode 0xc0000005, feilforskyvning 0x73ab74b2, prosess-ID 0x13dc,
starttid for program 0x01cecdccf116625f.

Error - 01.11.2013 18:47:25 | Computer Name = Husn-pc | Source = Application Error | ID = 1000
Description = Program med feil AsGHost.exe, versjon 2.5.0.57, tidsangivelse 0x45c99c4a,
modul med feil unknown, versjon 0.0.0.0, tidsangivelse 0x00000000, unntakskode
0xc0000005, feilforskyvning 0x5eff244c, prosess-ID 0x95c, starttid for program 0x01ced750b9d510fc.

[ OSession Events ]
Error - 18.05.2013 14:20:12 | Computer Name = Husn-pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 884
seconds with 600 seconds of active time. This session ended with a crash.

Error - 18.05.2013 14:20:12 | Computer Name = Husn-pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2555
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 20.05.2013 13:10:42 | Computer Name = Husn-pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 917
seconds with 240 seconds of active time. This session ended with a crash.

Error - 12.06.2013 15:00:18 | Computer Name = Husn-pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3445
seconds with 420 seconds of active time. This session ended with a crash.

Error - 17.06.2013 15:48:19 | Computer Name = Husn-pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2232
seconds with 660 seconds of active time. This session ended with a crash.

Error - 09.07.2013 16:45:01 | Computer Name = Husn-pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3619
seconds with 2520 seconds of active time. This session ended with a crash.

Error - 20.08.2013 14:55:58 | Computer Name = Husn-pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 385
seconds with 60 seconds of active time. This session ended with a crash.

Error - 17.09.2013 16:49:02 | Computer Name = Husn-pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 18
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29.09.2013 17:10:34 | Computer Name = Husn-pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6679.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9806
seconds with 840 seconds of active time. This session ended with a crash.

Error - 20.10.2013 16:37:05 | Computer Name = Husn-pc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3090
seconds with 2400 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 31.10.2013 11:34:28 | Computer Name = Husn-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 31.10.2013 17:11:26 | Computer Name = Husn-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 31.10.2013 17:11:26 | Computer Name = Husn-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 01.11.2013 18:18:34 | Computer Name = Husn-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 01.11.2013 18:18:34 | Computer Name = Husn-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 01.11.2013 18:58:24 | Computer Name = Husn-pc | Source = DCOM | ID = 10010
Description =

Error - 04.11.2013 18:44:07 | Computer Name = Husn-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 04.11.2013 18:44:07 | Computer Name = Husn-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 05.11.2013 04:24:07 | Computer Name = Husn-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 05.11.2013 04:24:07 | Computer Name = Husn-pc | Source = Service Control Manager | ID = 7000
Description =

[ VeriSoft Events ]
Error - 07.03.2008 12:34:28 | Computer Name = Husn-pc | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: [email protected] Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.


< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there let me know how the computer is behaving after this run

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2013.07.26 11:11:20 | 002,847,696 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.swee...A-001B24D39E11}
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Programfiler\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=03/05/2013
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://mysearch.swee...A-001B24D39E11}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...123884&tsp=4956
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...Date=03/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=03/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...Date=03/05/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...Date=03/05/2013
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch...q={searchTerms}
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Updater By Sweetpacks\Firefox [2013.07.29 20:42:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8f5010e2-9577-4aed-ad42-f2098ea15def}: C:\Program Files\LyricsPal\133.xpi [2013.09.11 21:46:43 | 000,005,847 | ---- | M] ()
[2013.06.30 09:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\Husn\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O2 - BHO: (Torntv 2) - {11111111-1111-1111-1111-110311551178} - C:\Programfiler\Torntv 2\Torntv 2-bho.dll (installdaddy)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programfiler\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Lyrics-Pal) - {ebcafb3f-5032-49f2-bf60-b99beef14b5c} - C:\Programfiler\LyricsPal\133.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programfiler\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Programfiler\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe (Lavasoft)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Husn\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261519~1.190\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
[2013.11.05 09:41:02 | 000,001,162 | ---- | M] () -- C:\Windows\tasks\Torntv 2-updater.job
[2013.11.05 09:41:01 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\Torntv 2-codedownloader.job
[2013.11.05 09:41:01 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\Torntv 2-enabler.job
[2013.11.05 09:24:44 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cecabe58dec658.job
[2013.11.05 09:24:42 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\Lyrics-Pal Update.job
[2013.07.27 15:25:01 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\BabSolution
[2013.08.02 22:18:53 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Babylon
[2013.07.27 15:24:52 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Delta
[2013.08.02 19:36:22 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Web Cake
[2012.05.13 06:16:46 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\xmzufnu2czgv1ctokwbgqjuotl1ujxsj
[2012.04.27 13:14:45 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\xuv1ryjuvntramxrbwsc3h1kqqtmissd
[2009.05.10 15:15:50 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Zango

:Files
C:\Programfiler\Torntv 2
C:\Programfiler\LyricsPal
C:\Programfiler\ConduitEngine
C:\ProgramData\Search Protection
C:\Users\Husn\AppData\Local\Smartbar
c:\ProgramData\BrowserDefender
C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbffeddnekkhjmokkhdebbfbibbflc

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

  • 0

#3
toddn

toddn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Dear Essexboy

Thank you very much for your help! superb

It seems that my problems now are gone.

Here are the logs from OLT and Junkware removal

OLT:
OTL logfile created on: 05.11.2013 20:24:30 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Husn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 44,95% Memory free
4,23 Gb Paging File | 2,97 Gb Available in Paging File | 70,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226,42 Gb Total Space | 10,39 Gb Free Space | 4,59% Space Free | Partition Type: NTFS
Drive D: | 6,47 Gb Total Space | 1,38 Gb Free Space | 21,36% Space Free | Partition Type: NTFS
Drive E: | 702,81 Mb Total Space | 687,30 Mb Free Space | 97,79% Space Free | Partition Type: UDF

Computer Name: HUSN-PC | User Name: Husn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.11.05 10:09:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Husn\Desktop\OTL.exe
PRC - [2013.09.22 11:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Internet Explorer\iexplore.exe
PRC - [2013.07.15 22:09:24 | 000,554,384 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013.04.04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programfiler\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.02.26 15:59:08 | 006,227,512 | ---- | M] () -- C:\Programfiler\Polar\WebSync\WebSync.exe
PRC - [2013.01.28 12:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Programfiler\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.12.17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Programfiler\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.12.17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Programfiler\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.12.12 14:20:18 | 000,419,536 | ---- | M] () -- C:\Programfiler\Polar\Daemon\polard.exe
PRC - [2012.09.06 10:50:24 | 000,248,248 | R--- | M] (Western Digital) -- C:\Programfiler\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programfiler\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.27 09:40:23 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Programfiler\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Microsoft\BingBar\SeaPort.EXE
PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programfiler\Windows Media Player\wmpnscfg.exe
PRC - [2007.04.23 17:11:44 | 000,106,593 | ---- | M] () -- C:\Programfiler\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2007.04.23 17:11:42 | 000,262,243 | ---- | M] () -- C:\Programfiler\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007.03.29 13:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Programfiler\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.03.29 13:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Programfiler\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007.02.07 15:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- c:\Programfiler\Bioscrypt\VeriSoft\Bin\asghost.exe


========== Modules (No Company Name) ==========

MOD - [2013.02.26 15:59:08 | 006,227,512 | ---- | M] () -- C:\Programfiler\Polar\WebSync\WebSync.exe
MOD - [2013.02.26 15:59:06 | 000,110,648 | ---- | M] () -- C:\Programfiler\Polar\WebSync\PTransform.dll
MOD - [2013.02.26 15:59:00 | 003,722,296 | ---- | M] () -- C:\Programfiler\Polar\WebSync\libpolar.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programfiler\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programfiler\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.01.14 15:01:02 | 002,142,720 | ---- | M] () -- C:\Programfiler\Polar\WebSync\QtCore4.dll
MOD - [2010.02.10 17:45:48 | 000,025,600 | ---- | M] () -- C:\Programfiler\Polar\WebSync\imageformats\qgif4.dll
MOD - [2010.02.10 17:45:40 | 000,119,808 | ---- | M] () -- C:\Programfiler\Polar\WebSync\imageformats\qjpeg4.dll
MOD - [2010.02.10 15:22:16 | 007,971,840 | ---- | M] () -- C:\Programfiler\Polar\WebSync\QtGui4.dll
MOD - [2010.02.10 15:07:32 | 000,929,280 | ---- | M] () -- C:\Programfiler\Polar\WebSync\QtNetwork4.dll
MOD - [2010.02.10 15:06:06 | 000,334,848 | ---- | M] () -- C:\Programfiler\Polar\WebSync\QtXml4.dll
MOD - [2007.03.29 13:02:48 | 000,126,976 | ---- | M] () -- C:\Programfiler\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.03.29 12:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Services (SafeList) ==========

SRV - [2013.04.04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programfiler\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programfiler\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.12 14:20:18 | 000,419,536 | ---- | M] () [Auto | Running] -- C:\Programfiler\Polar\Daemon\polard.exe -- (Polar Daemon)
SRV - [2012.09.06 10:50:24 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Programfiler\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programfiler\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programfiler\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programfiler\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programfiler\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009.08.05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008.12.31 16:53:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programfiler\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programfiler\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programfiler\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.04.23 17:11:44 | 000,106,593 | ---- | M] () [Auto | Running] -- C:\Programfiler\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2007.04.23 17:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Programfiler\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2007.02.07 15:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Programfiler\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007.01.09 13:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programfiler\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.06.22 08:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Programfiler\Bioscrypt\VeriSoft\Bin\ASChnl.dll -- (ASChannel)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.08.05 22:06:09 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013.04.04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.13 16:51:42 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010.04.19 19:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2008.08.14 23:22:54 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.01.19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007.09.19 04:05:00 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.04.12 03:30:52 | 000,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007.03.28 17:44:22 | 000,140,424 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.03.07 05:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.17 00:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.01.23 18:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.30 09:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006.11.28 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.06.28 08:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A6609AB8-24BB-4147-B0F3-23BB3B438CF1}: "URL" = http://no.search.yah...ing}&fr=cb-hp06

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2009.03.13 11:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Husn\AppData\Roaming\mozilla\Extensions
[2009.03.13 11:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Husn\AppData\Roaming\mozilla\Extensions\[email protected]
[2013.11.05 19:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Husn\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.07.27 15:24:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programfiler\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: SecureSearch (Enabled)
CHR - default_search_provider: search_url = http://securedsearch...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://securedsearch...5551B5200153174
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00C2\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: InoViewer Plugin (Enabled) = C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Lavasoft NewTab = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole\0.10_0\
CHR - Extension: Auto Refresh Plus = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.22_0\
CHR - Extension: Gmail = C:\Users\Husn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013.11.05 20:08:24 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programfiler\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Påloggingshjelp for Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programfiler\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Programfiler\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Programfiler\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Programfiler\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Husn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper og Launcher.lnk = C:\Programfiler\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&ksporter til Microsoft Excel - C:\Programfiler\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send bilde til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send side til &Bluetooth-enhet... - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programfiler\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: skandiabanken.no ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: skandiabanken.no ([www] https in Trusted sites)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fotoknuds...geUploader5.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB595F04-94C9-489A-AF24-EE741B737DF3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBD6292A-FE95-4EFA-A03B-D9B068512F97}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programfiler\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programfiler\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programfiler\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programfiler\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Husn\AppData\Roaming\Microsoft\Windows Photo Gallery\Bakgrunn for Windows Fotogalleri.jpg
O24 - Desktop BackupWallPaper: C:\Users\Husn\AppData\Roaming\Microsoft\Windows Photo Gallery\Bakgrunn for Windows Fotogalleri.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{5c15a5db-46d3-11dd-b988-001e3760b573}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{94a519e2-af7e-11df-8d16-001b24d39e11}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{a58c81c4-6ad5-11dd-8256-001e3760b573}\Shell - "" = AutoRun
O33 - MountPoints2\{a58c81c4-6ad5-11dd-8256-001e3760b573}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe /run
O33 - MountPoints2\H\Shell\Shell00\Command - "" = H:\Autorun.exe /run
O33 - MountPoints2\H\Shell\Shell01\Command - "" = H:\Autorun.exe /action
O33 - MountPoints2\H\Shell\Shell02\Command - "" = H:\Autorun.exe /uninstall
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.11.05 19:47:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.11.05 10:09:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Husn\Desktop\OTL.exe
[2013.11.05 09:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\REGSERVO
[2013.10.07 21:49:12 | 000,000,000 | R--D | C] -- C:\Users\Husn\Dropbox
[2013.10.07 21:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2013.10.07 21:46:11 | 000,000,000 | ---D | C] -- C:\Users\Husn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.10.07 21:42:30 | 000,000,000 | ---D | C] -- C:\Users\Husn\AppData\Roaming\Dropbox
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Husn\Documents\*.tmp files -> C:\Users\Husn\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.11.05 20:26:50 | 000,601,058 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.11.05 20:26:50 | 000,466,124 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2013.11.05 20:26:50 | 000,106,934 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.11.05 20:26:50 | 000,082,596 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2013.11.05 20:20:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.05 20:20:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.05 20:20:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.05 20:15:07 | 000,006,396 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.11.05 20:08:24 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013.11.05 19:48:53 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.05 10:09:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Husn\Desktop\OTL.exe
[2013.11.02 00:03:13 | 000,166,400 | ---- | M] () -- C:\Users\Husn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.11.02 00:01:21 | 000,188,164 | ---- | M] () -- C:\Users\Husn\AppData\Roaming\nvModes.001
[2013.11.01 23:29:21 | 000,000,953 | ---- | M] () -- C:\Users\Husn\Desktop\Dropbox.lnk
[2013.10.31 16:59:46 | 000,413,374 | ---- | M] () -- C:\Users\Husn\Desktop\Bekreftelse fortolling.pdf
[2013.10.28 20:42:13 | 003,733,211 | ---- | M] () -- C:\Users\Husn\Desktop\Løvstakken02.jpg
[2013.10.20 16:51:26 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.10.20 16:19:49 | 001,695,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.10.06 21:35:26 | 000,088,224 | ---- | M] () -- C:\Users\Husn\Desktop\bryllup TM og L.jpg
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Husn\Documents\*.tmp files -> C:\Users\Husn\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.10.31 16:59:46 | 000,413,374 | ---- | C] () -- C:\Users\Husn\Desktop\Bekreftelse fortolling.pdf
[2013.10.28 20:41:31 | 003,733,211 | ---- | C] () -- C:\Users\Husn\Desktop\Løvstakken02.jpg
[2013.10.09 23:01:24 | 1941,841,997 | ---- | C] () -- C:\Users\Husn\Desktop\HDV_1322.MP4
[2013.10.07 21:49:12 | 000,000,953 | ---- | C] () -- C:\Users\Husn\Desktop\Dropbox.lnk
[2013.10.06 21:35:26 | 000,088,224 | ---- | C] () -- C:\Users\Husn\Desktop\bryllup TM og L.jpg
[2013.07.29 20:41:41 | 001,344,304 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2013.06.09 14:45:01 | 000,000,004 | ---- | C] () -- C:\Users\Husn\AppData\Roaming\skype.ini
[2012.07.22 21:38:23 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.05.12 19:50:12 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009.08.08 00:35:04 | 000,000,008 | ---- | C] () -- C:\Users\Husn\AppData\Roaming\NMM-MetaData.db
[2009.06.25 22:24:50 | 000,007,592 | ---- | C] () -- C:\Users\Husn\AppData\Local\d3d9caps.dat
[2009.03.29 23:24:06 | 000,000,091 | ---- | C] () -- C:\Users\Husn\appletfile.props
[2008.10.21 17:27:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.02.26 13:34:53 | 000,001,348 | ---- | C] () -- C:\Users\Husn\AppData\Roaming\wklnhst.dat
[2008.02.25 15:35:25 | 000,188,164 | ---- | C] () -- C:\Users\Husn\AppData\Roaming\nvModes.001
[2008.02.25 12:41:21 | 000,188,164 | ---- | C] () -- C:\Users\Husn\AppData\Roaming\nvModes.dat
[2008.02.25 00:27:20 | 000,166,400 | ---- | C] () -- C:\Users\Husn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.06.14 20:27:02 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Afgeeb
[2011.11.25 20:27:49 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Azureus
[2011.06.21 21:46:31 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\com.aspiro.wimp.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1
[2008.08.14 23:22:25 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\DAEMON Tools
[2013.11.01 23:59:26 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Dropbox
[2012.04.25 21:32:02 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Ehhuah
[2013.02.13 20:53:19 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\elitefoto-bildearkiv
[2013.04.19 21:14:03 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\File Scout
[2011.11.25 20:33:17 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\FrostWire
[2012.07.22 21:21:26 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\HandBrake
[2012.06.14 21:15:21 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Kyybvu
[2011.12.09 00:42:47 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\LimeWire
[2013.03.08 22:28:56 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Mp3jam
[2009.08.08 00:30:58 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Nokia
[2009.08.08 00:36:01 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Nokia Multimedia Player
[2013.05.03 20:01:17 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\OpenCandy
[2009.01.01 16:21:42 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Opera
[2009.08.08 00:29:11 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\PC Suite
[2013.01.24 00:20:29 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\PerformerSoft
[2012.12.08 16:55:06 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\PhotoScape
[2013.08.02 22:37:05 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Solvusoft
[2010.02.01 17:26:25 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Sports Interactive
[2012.12.31 01:24:03 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Spotify
[2012.04.17 21:46:31 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\SumatraPDF
[2008.02.28 18:17:52 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\Template
[2008.07.02 22:13:33 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\updater
[2013.11.01 23:53:03 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\uTorrent
[2009.05.10 15:15:55 | 000,000,000 | ---D | M] -- C:\Users\Husn\AppData\Roaming\WeatherDPA

========== Purity Check ==========



< End of report >


Junkware removal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows Vista ™ Home Premium x86
Ran by Husn on 05.11.2013 at 20:40:24,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\extension.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\filescout
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarbackup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarlog
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricspal
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\utorrentbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3020190071-1794261815-3198327091-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\WebCakeUpdater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\updater by sweetpacks
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wnlt
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dttoolbar.toolbandobj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dttoolbar.toolbandobj.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitengine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035578.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035578.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035578.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035578.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322552278}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355555578}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366556678}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440344554478}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0035578.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0035578.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0035578.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0035578.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2504091
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355555578}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366556678}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440344554478}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311551178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311551178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\Lyrics-Pal Update
Successfully deleted: [File] C:\Windows\System32\Tasks\epupdater
Successfully deleted: [File] "C:\Users\Husn\appdata\local\google\chrome\user data\default\bprotector web data"
Successfully deleted: [File] "C:\Users\Husn\appdata\local\google\chrome\user data\default\bprotectorpreferences"
Successfully deleted: [File] "C:\Users\Husn\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] "C:\Windows\system32\dmwu.exe"
Successfully deleted: [File] "C:\Windows\system32\imhttpcomm.dll"
Successfully deleted: [File] "C:\Windows\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Husn\AppData\Roaming\file scout"
Successfully deleted: [Folder] "C:\Users\Husn\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Husn\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Users\Husn\AppData\Roaming\weatherdpa"
Successfully deleted: [Folder] "C:\Users\Husn\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Husn\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Users\Husn\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Husn\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\Husn\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Husn\appdata\locallow\smartbar"
Successfully deleted: [Folder] "C:\Users\Husn\appdata\locallow\sweetim"
Successfully deleted: [Folder] "C:\Users\Husn\appdata\locallow\utorrentbar"
Successfully deleted: [Folder] "C:\Users\Husn\appdata\locallow\zango"
Successfully deleted: [Folder] "C:\Program Files\bearshare applications"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduitengine"
Successfully deleted: [Folder] "C:\Program Files\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files\delta"
Successfully deleted: [Folder] "C:\Program Files\file scout"
Successfully deleted: [Folder] "C:\Program Files\lyricspal"
Successfully deleted: [Folder] "C:\Program Files\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files\sweetim"
Successfully deleted: [Folder] "C:\Program Files\torntv 2"
Successfully deleted: [Folder] "C:\Program Files\torntv.com"
Successfully deleted: [Folder] "C:\Program Files\updater by sweetpacks"
Successfully deleted: [Folder] "C:\Program Files\utorrentbar"
Successfully deleted: [Folder] "C:\Program Files\web cake"
Successfully deleted: [Folder] "C:\Users\Husn\AppData\Roaming\microsoft\windows\start menu\programs\torntv.com"
Successfully deleted: [Folder] "C:\Windows\system32\arfc"
Successfully deleted: [Folder] "C:\Windows\system32\jmdp"
Successfully deleted: [Folder] "C:\Windows\system32\wnlt"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Husn\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.11.2013 at 20:43:31,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still getting the bad image error ?

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Attach the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#5
toddn

toddn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi,

Thank you for your reply. My PC is working a lot better now, thank you

Malwarebytes has been downloaded and a quick scan has been preformed.
Here you can find the log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Databaseversjon: v2013.11.06.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Husn :: HUSN-PC [administrator]

06.11.2013 20:55:15
mbam-log-2013-11-06 (20-55-15).txt

Skanntype: Hurtigsøk
Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM
Deaktiverte skanninnstillinger: P2P
Objekter skannet: 216457
Tid tilbakelagt: 10 minutt(er), 50 sekund(er)

Minneprosesser oppdaget: 0
(Ingen skadelige objekter funnet)

Minnemoduler oppdaget: 0
(Ingen skadelige objekter funnet)

Registernøkler oppdaget: 9
HKCR\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Satt i karantene og slettet vellykket.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Satt i karantene og slettet vellykket.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Satt i karantene og slettet vellykket.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Satt i karantene og slettet vellykket.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Satt i karantene og slettet vellykket.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Satt i karantene og slettet vellykket.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Satt i karantene og slettet vellykket.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Satt i karantene og slettet vellykket.
HKLM\SOFTWARE\Wow6432Node\Updater By Sweetpacks (PUP.Optional.SweetPacks.A) -> Satt i karantene og slettet vellykket.

Registerverdier oppdaget: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: -> Satt i karantene og slettet vellykket.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Satt i karantene og slettet vellykket.

Registerfiler oppdaget: 0
(Ingen skadelige objekter funnet)

Mapper oppdaget: 1
C:\ProgramData\ZangoSA (Adware.Zango) -> Satt i karantene og slettet vellykket.

Filer oppdaget 6
C:\Users\Husn\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe (PUP.Optional.OpenCandy) -> Satt i karantene og slettet vellykket.
C:\Users\Husn\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe (PUP.Optional.OpenCandy) -> Satt i karantene og slettet vellykket.
C:\Users\Husn\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.1.4.windows.exe (PUP.Optional.OpenCandy) -> Satt i karantene og slettet vellykket.
C:\Users\Husn\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.2.10.windows.exe (PUP.Optional.OpenCandy) -> Satt i karantene og slettet vellykket.
C:\Windows\Temp\Optimizer_Pro.exe (PUP.Optional.PCOptimizerPro) -> Satt i karantene og slettet vellykket.
C:\Windows\Installer\47219a.msi (PUP.Optional.SweetIM) -> Satt i karantene og slettet vellykket.

(klar)
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks OK now, any further problems before I tidy up ?
  • 0

#7
toddn

toddn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi,

Thank you for your help ;)
I don't think I have any further problems with the PC.


kind regards

Toddn
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Delete JRT from the desktop

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP