Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet keeps disconnecting and reconnecting. [Solved]


  • This topic is locked This topic is locked

#1
Konaci

Konaci

    New Member

  • Member
  • Pip
  • 4 posts
Hi, my Internet keeps disconnecting and reconnecting. It's disconnecting atleast once every 5 minutes and comes back after a few seconds. Everything seemes fine and i have no lags (just some lag spikes now and then), then i just loose internet.

I run a virus scan with Microsoft security essentials and it does not come up with any viruses.

OTL logfile created on: 30.11.2013 20:19:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = A:\
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

15,86 Gb Total Physical Memory | 12,31 Gb Available Physical Memory | 77,63% Memory free
31,71 Gb Paging File | 27,47 Gb Available in Paging File | 86,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 36,84 Gb Free Space | 32,95% Space Free | Partition Type: NTFS
Drive H: | 7,45 Gb Total Space | 7,45 Gb Free Space | 100,00% Space Free | Partition Type: FAT32

Computer Name: HAAVARD-PC | User Name: Haavard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.11.30 20:19:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- A:\OTL.exe
PRC - [2013.11.26 16:58:25 | 002,151,744 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2013.11.14 20:36:08 | 005,955,072 | ---- | M] (Spotify Ltd) -- C:\Users\Haavard\AppData\Roaming\Spotify\spotify.exe
PRC - [2013.11.14 20:36:04 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\Haavard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.11.14 20:36:04 | 000,610,304 | ---- | M] () -- C:\Users\Haavard\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2013.11.14 12:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.10.30 22:08:14 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.10.25 07:59:58 | 000,463,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2013.10.17 16:30:56 | 000,442,200 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.09 09:11:32 | 000,036,864 | ---- | M] (Corsair Components, Inc.) -- C:\Program Files (x86)\Corsair\CorsairLINK2\CorsairLINK_HardwareMonitor.exe
PRC - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2008.07.11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013.11.14 20:36:04 | 036,967,424 | ---- | M] () -- C:\Users\Haavard\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2013.11.14 20:36:04 | 000,887,808 | ---- | M] () -- C:\Users\Haavard\AppData\Roaming\Spotify\Data\libglesv2.dll
MOD - [2013.11.14 20:36:04 | 000,610,304 | ---- | M] () -- C:\Users\Haavard\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2013.11.14 20:36:04 | 000,109,568 | ---- | M] () -- C:\Users\Haavard\AppData\Roaming\Spotify\Data\libegl.dll
MOD - [2013.11.14 12:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013.11.14 12:29:30 | 013,582,800 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
MOD - [2013.11.14 12:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013.11.14 12:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013.11.14 12:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013.11.14 12:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013.10.25 07:59:58 | 000,463,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2013.10.23 10:22:36 | 000,597,504 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2013.10.23 10:22:20 | 000,215,552 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2013.10.23 10:22:14 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2013.10.23 10:22:10 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2013.10.23 10:22:04 | 000,056,832 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2013.10.11 15:25:49 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\dc33506c780c23cab954eb636c82e4fe\System.Xml.Linq.ni.dll
MOD - [2013.10.10 22:24:42 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\835995cb3fbaa0382d4eb962a88f503e\System.Windows.Forms.ni.dll
MOD - [2013.10.10 22:24:40 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\aab789fb8e9675f0a3d90602148e2175\System.Core.ni.dll
MOD - [2013.10.10 22:24:39 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\e9883c6aff20fa3611ffe42322bf8a51\WindowsBase.ni.dll
MOD - [2013.10.10 22:24:38 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\d52a9aa8e6d3f00094be8796b1e7734f\System.Runtime.Serialization.ni.dll
MOD - [2013.10.10 22:24:37 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0a81bada44a029dd28fed217513ad24d\System.Configuration.ni.dll
MOD - [2013.10.05 15:03:10 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3e0ab52938e22d04ed74e6f3aae9fed0\UIAutomationTypes.ni.dll
MOD - [2013.10.05 15:03:09 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\b27c23c8377e003eef44831269d63dc4\PresentationFramework-SystemXml.ni.dll
MOD - [2013.10.05 15:03:09 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\af04018574dbd35ecd8730d9241ccb04\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2013.10.05 10:49:40 | 018,545,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\0c72b4e5c1de77634ec157943074cea4\PresentationFramework.ni.dll
MOD - [2013.10.05 10:49:34 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\f53bcd4c15b40418ee9ddc9eb6c09ea1\PresentationCore.ni.dll
MOD - [2013.10.05 10:49:29 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d5cfc19d54290dc150dedcc6a58cf6ba\System.Xml.ni.dll
MOD - [2013.10.05 10:49:29 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6fa468188705932387c89c28c77e3367\System.Xaml.ni.dll
MOD - [2013.10.05 10:49:27 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\0bcfa477c2670c4343ffdf576810d81d\System.Drawing.ni.dll
MOD - [2013.10.05 10:49:27 | 000,288,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#\e4140f884cad21ab173ce7485da49d0f\PresentationFramework.classic.ni.dll
MOD - [2013.10.05 10:49:26 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\bff5f538eab1eb8a5c42e9867715de33\System.ni.dll
MOD - [2013.10.05 10:49:26 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\55372abf66072be04c3442356a0aa998\System.Management.ni.dll
MOD - [2013.10.05 10:49:26 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\b76a01cb02537ad8be9cbe7b2f0a7bb8\System.ServiceModel.Internals.ni.dll
MOD - [2013.10.05 10:49:26 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\51d256bd62eb113246c273261df1ff7a\SMDiagnostics.ni.dll
MOD - [2013.10.05 10:49:22 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\10ac4ed5a22a4882529e01cf7bd8b895\mscorlib.ni.dll
MOD - [2013.03.09 09:09:30 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Corsair\CorsairLINK2\SynchronousIO.Native.dll
MOD - [2010.01.21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010.01.09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008.07.11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013.10.23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013.10.23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013.08.30 23:57:54 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013.06.11 10:52:08 | 000,663,056 | ---- | M] () [Auto | Running] -- C:\Program Files\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV:64bit: - [2013.05.27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2012.09.02 02:26:29 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.11.26 16:58:25 | 002,151,744 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013.11.20 16:13:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.10.30 22:08:14 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.10.25 08:08:20 | 000,032,960 | ---- | M] (Razer, Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe -- (RzOvlMon)
SRV - [2013.10.09 03:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.09.05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.01.08 17:23:50 | 000,277,488 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.07.08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.11.01 15:10:16 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013.10.25 07:57:01 | 000,129,472 | ---- | M] (Razer, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzDxgk.sys -- (RzDxgk)
DRV:64bit: - [2013.10.25 07:57:01 | 000,074,432 | ---- | M] (Razer, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RzFilter.sys -- (RzFilter)
DRV:64bit: - [2013.10.17 03:27:10 | 000,143,016 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2013.10.14 03:17:26 | 000,034,984 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzmpos.sys -- (rzmpos)
DRV:64bit: - [2013.10.14 03:17:22 | 000,039,080 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2013.10.01 01:53:16 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV:64bit: - [2013.09.27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013.08.31 01:11:28 | 012,528,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.08.30 23:32:32 | 000,618,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.07.31 19:24:22 | 000,183,312 | ---- | M] (<Turtle Entertainment>) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2013.07.22 03:19:42 | 000,126,872 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013.07.22 01:47:29 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.07.05 09:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.05.17 16:27:56 | 000,040,696 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzMaelstromVAD.sys -- (RZMAELSTROMVADService)
DRV:64bit: - [2013.04.11 18:21:08 | 002,734,080 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2012.12.13 16:24:10 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.12.13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.12.12 16:42:28 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.07 08:09:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.08.07 08:09:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.06.25 10:30:10 | 002,427,904 | ---- | M] (Blackmagic Design) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Intensity.sys -- (DeckLink)
DRV:64bit: - [2012.06.25 10:22:18 | 000,018,432 | ---- | M] (Blackmagic Design) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\deckaud.sys -- (BMDDeckLinkAudio)
DRV:64bit: - [2012.06.25 10:20:12 | 000,037,376 | ---- | M] (Blackmagic Design) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\deckavs.sys -- (deckavs)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.02 11:38:08 | 000,239,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2011.09.22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011.06.01 13:16:50 | 000,535,656 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.12 16:59:46 | 000,154,624 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011.04.28 14:20:30 | 001,617,472 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.21 10:09:14 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.08.03 15:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010.06.23 15:20:44 | 000,189,952 | ---- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcwhdpvr.sys -- (hcwhdpvr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013.10.25 07:59:58 | 000,013,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2012.05.26 19:34:10 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.05.26 10:02:56 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hel...734&lg=EN&cc=NO
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=01/01/1970
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...Date=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/...Date=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nb-NO
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 7B 51 8F 7A 3B CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...Date=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...Date=01/01/1970
IE - HKCU\..\SearchScopes,DefaultScope = {B5312EF6-27C3-4212-B88D-820EC9D1342A}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=01/01/1970
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...=SPLBR1&pc=SPLH
IE - HKCU\..\SearchScopes\{B5312EF6-27C3-4212-B88D-820EC9D1342A}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.1: C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AddLyrics\FF\

[2013.07.03 13:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haavard\AppData\Roaming\mozilla\Extensions
[2013.07.03 13:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haavard\AppData\Roaming\mozilla\Extensions\net.openvpn.client
[2012.05.26 22:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\extensions
[2012.05.26 22:43:48 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013.07.26 01:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.08.01 13:27:15 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\Profiles\extensions\[email protected]
[2013.02.09 00:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\Profiles\extensions\searchplugins

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: AdBlock = C:\Users\Haavard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: Google Wallet = C:\Users\Haavard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Haavard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Haavard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://A:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://A:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://A:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://A:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.213.112.4 130.67.15.198 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC7DBFF8-0AE5-4E01-BC21-566001D8C0D0}: DhcpNameServer = 193.213.112.4 130.67.15.198 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC7DBFF8-0AE5-4E01-BC21-566001D8C0D0}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (c:\progra~2\movies~1\safety~1\x64\safety~2.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~2\movies~1\safety~1\safety~2.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - No CLSID value found.
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsemngr.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsermngr.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cltmngsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta babylon.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta tb.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta2.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltainstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltasetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltatb.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\iminentsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\sweetimsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsemngr.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsermngr.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\cltmngsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta babylon.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta tb.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta2.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltainstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltasetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\iminentsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweetimsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.09.02 01:26:10 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.11.30 12:41:28 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Local\ElevatedDiagnostics
[2013.11.28 21:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2013.11.28 21:24:46 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2013.11.28 21:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2013.11.28 21:23:58 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2013.11.28 21:23:58 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Roaming\Image-Line
[2013.11.28 21:23:58 | 000,000,000 | ---D | C] -- A:\Haavard\Pictures\Haavard\Image-Line
[2013.11.28 21:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2013.11.28 21:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2013.11.28 21:23:47 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Roaming\FlowStone
[2013.11.28 21:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DSPRobotics
[2013.11.28 21:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2013.11.28 16:28:25 | 000,000,000 | ---D | C] -- C:\Users\Haavard\VirtualBox VMs
[2013.11.27 21:41:45 | 000,000,000 | ---D | C] -- C:\Users\Haavard\.VirtualBox
[2013.11.27 21:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2013.11.27 21:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2013.11.26 16:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013.11.26 16:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2013.11.26 16:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2013.11.26 16:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013.11.23 00:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.11.23 00:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2013.11.23 00:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\BitGuard
[2013.11.22 23:34:30 | 000,000,000 | ---D | C] -- C:\Users\Haavard\Local Settings
[2013.11.22 19:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2013.11.17 19:07:33 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Roaming\.mono
[2013.11.15 15:14:54 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Roaming\CodeBlocks
[2013.11.15 15:14:39 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
[2013.11.15 15:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
[2013.11.15 15:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CodeBlocks
[2013.11.14 18:14:39 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Local\FluxSoftware
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.11.30 20:21:11 | 000,000,021 | ---- | M] () -- C:\Users\Haavard\AppData\Roaming\config_data.dat
[2013.11.30 19:50:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.30 19:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.11.30 17:50:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.11.30 17:23:30 | 001,556,654 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.11.30 17:23:30 | 000,731,498 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.11.30 17:23:30 | 000,563,402 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2013.11.30 17:23:30 | 000,148,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.11.30 17:23:30 | 000,121,796 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2013.11.30 17:22:50 | 000,020,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.30 17:22:50 | 000,020,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.30 17:17:50 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013.11.30 17:17:36 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{7C1E22C6-97A0-4B24-B854-B6FD9C4DEEA2}.job
[2013.11.30 17:17:36 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{22F1FCD5-CC22-40D5-A867-72F79D801741}.job
[2013.11.30 17:17:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.30 17:17:27 | 4179,451,902 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.28 20:21:37 | 000,365,923 | ---- | M] () -- A:\Haavard\Desktop\4.png
[2013.11.28 19:49:29 | 000,376,797 | ---- | M] () -- A:\Haavard\Desktop\3.png
[2013.11.28 19:42:28 | 000,629,315 | ---- | M] () -- A:\Haavard\Desktop\2.png
[2013.11.28 19:42:08 | 000,379,902 | ---- | M] () -- A:\Haavard\Desktop\Uten navn.png
[2013.11.27 16:49:17 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.11.23 18:30:29 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.11.20 17:18:33 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.11.19 16:04:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzmpos_01009.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.11.28 21:23:57 | 000,002,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FL Studio 11.lnk
[2013.11.28 20:21:37 | 000,365,923 | ---- | C] () -- A:\Haavard\Desktop\4.png
[2013.11.28 19:49:29 | 000,376,797 | ---- | C] () -- A:\Haavard\Desktop\3.png
[2013.11.28 19:42:28 | 000,629,315 | ---- | C] () -- A:\Haavard\Desktop\2.png
[2013.11.28 19:42:08 | 000,379,902 | ---- | C] () -- A:\Haavard\Desktop\Uten navn.png
[2013.11.19 16:04:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzmpos_01009.Wdf
[2013.10.24 17:14:30 | 000,008,192 | ---- | C] () -- C:\Users\Haavard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.10.24 14:17:30 | 000,004,547 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\CamStudio.cfg
[2013.10.24 14:17:30 | 000,000,408 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\CamShapes.ini
[2013.10.24 14:17:30 | 000,000,408 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\CamLayout.ini
[2013.10.24 14:17:30 | 000,000,123 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\Camdata.ini
[2013.10.24 14:17:29 | 000,000,096 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\version2.xml
[2013.09.04 17:10:21 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013.09.04 14:40:07 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2013.09.04 14:40:07 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2013.09.04 14:40:07 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2013.09.04 14:40:06 | 000,045,397 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2013.09.03 15:39:07 | 000,005,874 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2013.08.31 00:47:50 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.08.31 00:47:50 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.08.30 18:53:48 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013.08.26 17:17:21 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2013.07.19 02:56:45 | 000,000,041 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\TheHunterSettings_live.cfg
[2013.06.30 22:46:39 | 145,388,814 | ---- | C] () -- C:\Users\Haavard\AppData\Local\ACCCx183.zip.aamdownload
[2013.06.30 22:46:39 | 000,001,811 | ---- | C] () -- C:\Users\Haavard\AppData\Local\ACCCx183.zip.aamdownload.aamd
[2013.06.24 19:11:54 | 000,007,605 | ---- | C] () -- C:\Users\Haavard\AppData\Local\Resmon.ResmonCfg
[2013.05.28 17:57:07 | 000,000,021 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\config_data.dat
[2013.05.02 13:39:28 | 000,836,096 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\usft_ext.dll
[2013.05.02 13:39:28 | 000,342,528 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\miner.dll
[2013.05.02 13:39:27 | 000,054,784 | -H-- | C] () -- C:\Users\Haavard\AppData\Roaming\nsdiuyeir.exe
[2013.05.02 13:39:27 | 000,022,528 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\coinutil.dll
[2013.04.23 13:55:32 | 000,034,816 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\RZR_00109f2746029f3b594efaf44e37.db
[2013.03.22 14:37:58 | 000,000,046 | ---- | C] () -- C:\Users\Haavard\jagex_cl_runescape_LIVE.dat
[2013.03.22 14:37:58 | 000,000,024 | ---- | C] () -- C:\Users\Haavard\random.dat
[2013.01.27 17:46:11 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEBsm.dll
[2013.01.27 17:46:11 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEBsmr.dll
[2012.12.12 16:41:24 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.12 16:38:16 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.12 16:38:16 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.12.03 14:53:12 | 003,190,168 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_fc3.exe
[2012.09.28 20:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012.09.10 20:08:42 | 000,000,132 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012.09.08 16:53:49 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.09.08 16:53:49 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.08.30 20:58:05 | 000,001,456 | ---- | C] () -- C:\Users\Haavard\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012.08.22 15:33:43 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.08.11 19:23:28 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012.08.11 19:23:28 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2012.08.11 19:23:28 | 000,001,994 | ---- | C] () -- C:\Windows\unins000.dat
[2012.08.04 23:52:26 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.08.04 23:12:02 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012.08.03 15:53:36 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2012.07.02 21:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
[2012.06.11 17:35:46 | 000,000,265 | ---- | C] () -- C:\Windows\HCWBlast.ini
[2012.06.11 17:35:21 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\dmcrypto.dll
[2012.06.11 17:35:05 | 000,002,336 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012.05.27 08:14:54 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.05.27 06:28:55 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.27 06:28:54 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.05.27 06:28:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.26 20:16:44 | 001,540,504 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.26 09:30:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.05.26 09:12:00 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.05.26 09:07:22 | 000,207,400 | ---- | C] () -- C:\Windows\GSetup.exe
[2012.05.26 09:07:22 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.19 22:37:12 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.03.19 22:37:12 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.02.03 04:00:58 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\TCPClient.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.07.09 16:30:09 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\.Blackmagic_Design
[2013.11.25 20:26:03 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\.minecraft
[2013.11.17 19:07:33 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\.mono
[2013.07.21 00:37:52 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\.StarMade
[2013.09.04 14:06:59 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\ASUS
[2012.09.02 09:46:06 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Autodesk
[2012.10.06 22:18:10 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Blender Foundation
[2012.06.03 21:06:27 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.06.03 15:59:25 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.11.30 17:17:48 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Corsair
[2013.07.22 22:13:18 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\DAEMON Tools Lite
[2013.07.26 01:58:12 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Dev-Cpp
[2012.10.29 21:44:52 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Dropbox
[2013.11.28 21:23:47 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\FlowStone
[2013.07.22 19:27:20 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\fltk.org
[2013.10.13 17:01:05 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Guild Wars 2
[2013.10.16 14:01:30 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Gyazo
[2013.03.19 12:46:32 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\HandBrake
[2013.11.28 21:23:58 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Image-Line
[2013.09.04 14:30:22 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\IObit
[2012.06.29 11:05:42 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\LolClient
[2012.05.27 17:46:03 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\LolClient2
[2013.01.20 17:00:13 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\MAXON
[2013.01.12 16:46:26 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\NCdownloader
[2013.06.23 19:42:43 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Notepad++
[2013.07.03 13:34:35 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\OpenVPN Technologies
[2012.08.20 16:45:07 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Opera
[2013.08.03 01:32:27 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Origin
[2012.05.27 14:19:24 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\PACE Anti-Piracy
[2012.08.13 12:22:29 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\PowerISO
[2012.05.26 23:06:01 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Publish Providers
[2013.05.27 13:54:40 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\PunkBuster
[2013.09.16 20:25:54 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Rainmeter
[2012.05.27 14:13:26 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Red Giant Link
[2013.04.20 11:36:09 | 000,000,000 | -H-D | M] -- C:\Users\Haavard\AppData\Roaming\RWBYTE
[2012.10.19 15:37:38 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\SendSpace
[2012.08.21 14:54:06 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\six-zsync
[2012.07.10 12:06:16 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Sony
[2012.07.07 03:25:59 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Sony Creative Software Inc
[2012.05.26 10:07:21 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Splashtop
[2013.11.30 20:15:39 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Spotify
[2012.06.03 18:08:08 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.08.03 16:00:21 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Stardock
[2013.11.26 17:01:44 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\TERA
[2013.09.16 18:09:04 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\The Creative Assembly
[2013.07.19 02:59:47 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\theHunter
[2012.11.02 19:13:10 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Ubisoft
[2013.11.30 19:28:01 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\uTorrent
[2013.06.15 15:49:32 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Wargaming.net
[2013.11.30 11:09:32 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Wise Disk Cleaner

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1126 bytes -> C:\Users\Haavard\AppData\Local\0Pb0o6dW6aLmmm:wQsFZfQzqLB6Sl5m97wE7

< End of report >
  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Welcome to GeeksToGo, Konaci
My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)
  • 0

#3
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Please move the OTL.exe to your Desktop ... Also , have you been travelling the last time - or better say do you know this DHCP NameServer: 85.166.40.33 ?

P2P Warning

P2P File sharing programs (uTorrent, Bittorrent, Vuze, Limewire, Kazaa etc.) need to be avoided to reduce the risk of infection. When visiting file sharing sites you usually get more than you intend to, these downloads are commonly laced with infections with varying effects - allowing remote access to your computer and stealing passwords being the most common.

Many underground websites, that host cracks or keygens, can be equally bad. Not only can the downloads be infected, but innocent looking banners can contain malicious flash code that installs malware on your system. These files are also illegal.

Should you continue to use these websites/software after my assistance then there is a very high chance you will get infected again - putting your files and passwords at stake, just ask yourself is it really worth the risk?

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CreateRestorePoint]
    
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.hel...734&lg=EN&cc=NO
    IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=01/01/1970
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...Date=01/01/1970
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...Date=01/01/1970
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/...Date=01/01/1970
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...Date=01/01/1970
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...Date=01/01/1970
    IE - HKCU\..\SearchScopes,DefaultScope = {B5312EF6-27C3-4212-B88D-820EC9D1342A}
    IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...Date=01/01/1970
    IE - HKCU\..\SearchScopes\{B5312EF6-27C3-4212-B88D-820EC9D1342A}: "URL" = http://search.yahoo....p={searchTerms}
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AddLyrics\FF\
    [2012.08.01 13:27:15 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\Profiles\extensions\[email protected]
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O20:64bit: - AppInit_DLLs: (c:\progra~2\movies~1\safety~1\x64\safety~2.dll) - File not found
    O20 - AppInit_DLLs: (c:\progra~2\movies~1\safety~1\safety~2.dll) - File not found
    O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\browsemngr.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\browsermngr.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\cltmngsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\delta babylon.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\delta tb.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\delta2.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\deltainstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\deltasetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\deltatb.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\iminentsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\sweetimsetup.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27:64bit: - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\browsemngr.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\browsermngr.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\cltmngsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\delta babylon.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\delta tb.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\delta2.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\deltainstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\deltasetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\deltatb.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\iminentsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\sweetimsetup.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O27 - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
    [2013.11.23 00:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
    [2013.11.23 00:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
    [2013.11.30 17:17:50 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
    [2013.11.30 17:17:36 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{7C1E22C6-97A0-4B24-B854-B6FD9C4DEEA2}.job
    [2013.11.30 17:17:36 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{22F1FCD5-CC22-40D5-A867-72F79D801741}.job
    [2013.09.04 17:10:21 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
    [2013.05.02 13:39:28 | 000,836,096 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\usft_ext.dll
    [2013.05.02 13:39:28 | 000,342,528 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\miner.dll
    [2013.05.02 13:39:27 | 000,054,784 | -H-- | C] () -- C:\Users\Haavard\AppData\Roaming\nsdiuyeir.exe
    [2013.05.02 13:39:27 | 000,022,528 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\coinutil.dll
    @Alternate Data Stream - 1126 bytes -> C:\Users\Haavard\AppData\Local\0Pb0o6dW6aLmmm:wQsFZfQzqLB6Sl5m97wE7
    
    :Files
    C:\Program Files (x86)\AddLyrics
    
    :Commands
    [ResetHosts]
    [EMPTYTEMP] 
    
  • Click the Run Fix button.
  • The computer will reboot - after the reboot a logfile will open - please post that logfile into your next reply

AdwCleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1


  • Right-click on AdwCleaner.exe and select Run as administrator.
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

JRT Scan

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

OTL Scan


  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      qmgr.dll
      winsock.*
      /md5stop
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT

  • Open Posted Image on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      Posted Image

    • Click the box beside Scan All Users at the top of the console
    • IF you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
    • Make sure the Output box at the top is set to Standard Output.
    • Check the boxes beside LOP Checkand Purity Check.
    • Under Extra Registry please check Use Safe List.
    • Place the mouse pointer inside the Posted Image box, right click and click Paste. This will put the above script inside OTL
    • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
    • Let the scan run uninterrupted.
    • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files is also saved in the same location as OTL (it should be on your desktop).
    • Please copy the contents of these files and paste it into your reply. To do that:
    • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Please also post the Extras.txt file.

Question

How is your PC running? Any issues?
  • 0

#4
Konaci

Konaci

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
The computer seemes to be running normaly.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B5312EF6-27C3-4212-B88D-820EC9D1342A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5312EF6-27C3-4212-B88D-820EC9D1342A}\ not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\Program Files (x86)\AddLyrics\FF not found.
C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\Profiles\extensions\[email protected]\skin folder moved successfully.
C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\Profiles\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\Profiles\extensions\[email protected]\locale folder moved successfully.
C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\Profiles\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\Profiles\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\Profiles\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\Profiles\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\Profiles\extensions\[email protected] folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\movies~1\safety~1\x64\safety~2.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\movies~1\safety~1\safety~2.dll deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\setup.exe not found.
Folder move failed. C:\ProgramData\BrowserProtect scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot.
C:\Windows\Tasks\AutoKMS.job moved successfully.
C:\Windows\Tasks\OptimizerPro1UpdaterTask{7C1E22C6-97A0-4B24-B854-B6FD9C4DEEA2}.job moved successfully.
C:\Windows\Tasks\OptimizerPro1UpdaterTask{22F1FCD5-CC22-40D5-A867-72F79D801741}.job moved successfully.
C:\ProgramData\DP45977C.lfl moved successfully.
C:\Users\Haavard\AppData\Roaming\usft_ext.dll moved successfully.
C:\Users\Haavard\AppData\Roaming\miner.dll moved successfully.
C:\Users\Haavard\AppData\Roaming\nsdiuyeir.exe moved successfully.
C:\Users\Haavard\AppData\Roaming\coinutil.dll moved successfully.
ADS C:\Users\Haavard\AppData\Local\0Pb0o6dW6aLmmm:wQsFZfQzqLB6Sl5m97wE7 deleted successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\AddLyrics not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Haavard
->Temp folder emptied: 13565952 bytes
->Temporary Internet Files folder emptied: 35396 bytes
->Java cache emptied: 60167 bytes
->Google Chrome cache emptied: 13414293 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 57979 bytes

User: Public

User: ÅËÅÍÇ

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9734 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 26,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11302013_214907

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
C:\ProgramData\BrowserProtect folder moved successfully.
C:\ProgramData\Browser Manager folder moved successfully.
File\Folder C:\Users\Haavard\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File\Folder C:\Users\Haavard\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat not found!
C:\Users\Haavard\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Haavard\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Haavard\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Haavard\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Haavard\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




# AdwCleaner v3.013 - Report created 30/11/2013 at 21:52:25
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Haavard - HAAVARD-PC
# Running from : A:\Haavard\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
[#] Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Browse2Save
Folder Deleted : C:\ProgramData\continuetosave
Folder Deleted : C:\ProgramData\Download and Sa
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\RightClick
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Splashtop
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\BrooWseu2savee
Folder Deleted : C:\ProgramData\saaveansharee
Folder Deleted : C:\ProgramData\SEEaorcha-NewTTAeb
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Users\Haavard\AppData\Local\AddLyrics
Folder Deleted : C:\Users\Haavard\AppData\Local\PackageAware
Folder Deleted : C:\Users\Haavard\AppData\Local\Smartbar
Folder Deleted : C:\Users\Haavard\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Haavard\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Haavard\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\Haavard\AppData\Roaming\SendSpace
Folder Deleted : C:\Users\Haavard\AppData\Roaming\Splashtop
File Deleted : C:\Users\Haavard\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\WebSearch.xml
File Deleted : C:\Users\Haavard\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\oneclick
Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Shortcut_bundlesweetimsetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Shortcut_bundlesweetimsetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_universal-theme-patcher_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_universal-theme-patcher_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444C3C5-6C56-4A16-A453-832B05BF6EA4}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarbackup
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SafetyNut
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v

[ File : C:\Users\Haavard\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Haavard\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10963 octets] - [30/11/2013 21:52:04]
AdwCleaner[S0].txt - [10270 octets] - [30/11/2013 21:52:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10331 octets] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by Haavard on 30.11.2013 at 21:56:35,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smarttweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-372863723-2970391944-1656933904-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\addlyrics1050_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\addlyrics1050_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\addlyrics1050_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\addlyrics1050_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\cloud software ltd"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.11.2013 at 21:59:55,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




OTL logfile created on: 30.11.2013 22:02:10 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = A:\Haavard\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

15,86 Gb Total Physical Memory | 12,71 Gb Available Physical Memory | 80,16% Memory free
31,71 Gb Paging File | 28,24 Gb Available in Paging File | 89,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 37,65 Gb Free Space | 33,68% Space Free | Partition Type: NTFS

Computer Name: HAAVARD-PC | User Name: Haavard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.11.30 21:44:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- A:\Haavard\Desktop\OTL.exe
PRC - [2013.11.26 16:58:25 | 002,151,744 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2013.11.14 20:36:04 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\Haavard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.11.14 12:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.10.30 22:08:14 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.10.25 07:59:58 | 000,463,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2013.10.17 16:30:56 | 000,442,200 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
PRC - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.03.09 09:11:32 | 000,036,864 | ---- | M] (Corsair Components, Inc.) -- C:\Program Files (x86)\Corsair\CorsairLINK2\CorsairLINK_HardwareMonitor.exe
PRC - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2008.07.11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013.11.14 12:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013.11.14 12:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013.11.14 12:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013.11.14 12:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013.11.14 12:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013.10.25 07:59:58 | 000,463,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2013.10.23 10:22:36 | 000,597,504 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2013.10.23 10:22:20 | 000,215,552 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2013.10.23 10:22:14 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2013.10.23 10:22:10 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2013.10.23 10:22:04 | 000,056,832 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2013.10.11 15:25:49 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\dc33506c780c23cab954eb636c82e4fe\System.Xml.Linq.ni.dll
MOD - [2013.10.10 22:24:42 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\835995cb3fbaa0382d4eb962a88f503e\System.Windows.Forms.ni.dll
MOD - [2013.10.10 22:24:40 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\aab789fb8e9675f0a3d90602148e2175\System.Core.ni.dll
MOD - [2013.10.10 22:24:39 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\e9883c6aff20fa3611ffe42322bf8a51\WindowsBase.ni.dll
MOD - [2013.10.10 22:24:38 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\d52a9aa8e6d3f00094be8796b1e7734f\System.Runtime.Serialization.ni.dll
MOD - [2013.10.10 22:24:37 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0a81bada44a029dd28fed217513ad24d\System.Configuration.ni.dll
MOD - [2013.10.05 15:03:10 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3e0ab52938e22d04ed74e6f3aae9fed0\UIAutomationTypes.ni.dll
MOD - [2013.10.05 15:03:09 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\b27c23c8377e003eef44831269d63dc4\PresentationFramework-SystemXml.ni.dll
MOD - [2013.10.05 15:03:09 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\af04018574dbd35ecd8730d9241ccb04\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2013.10.05 10:49:40 | 018,545,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\0c72b4e5c1de77634ec157943074cea4\PresentationFramework.ni.dll
MOD - [2013.10.05 10:49:34 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\f53bcd4c15b40418ee9ddc9eb6c09ea1\PresentationCore.ni.dll
MOD - [2013.10.05 10:49:29 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d5cfc19d54290dc150dedcc6a58cf6ba\System.Xml.ni.dll
MOD - [2013.10.05 10:49:29 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6fa468188705932387c89c28c77e3367\System.Xaml.ni.dll
MOD - [2013.10.05 10:49:27 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\0bcfa477c2670c4343ffdf576810d81d\System.Drawing.ni.dll
MOD - [2013.10.05 10:49:27 | 000,288,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#\e4140f884cad21ab173ce7485da49d0f\PresentationFramework.classic.ni.dll
MOD - [2013.10.05 10:49:26 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\bff5f538eab1eb8a5c42e9867715de33\System.ni.dll
MOD - [2013.10.05 10:49:26 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\55372abf66072be04c3442356a0aa998\System.Management.ni.dll
MOD - [2013.10.05 10:49:26 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\b76a01cb02537ad8be9cbe7b2f0a7bb8\System.ServiceModel.Internals.ni.dll
MOD - [2013.10.05 10:49:26 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\51d256bd62eb113246c273261df1ff7a\SMDiagnostics.ni.dll
MOD - [2013.10.05 10:49:22 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\10ac4ed5a22a4882529e01cf7bd8b895\mscorlib.ni.dll
MOD - [2013.03.09 09:09:30 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Corsair\CorsairLINK2\SynchronousIO.Native.dll
MOD - [2008.07.11 15:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013.10.23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013.10.23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013.08.30 23:57:54 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013.06.11 10:52:08 | 000,663,056 | ---- | M] () [Auto | Running] -- C:\Program Files\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV:64bit: - [2013.05.27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2012.09.02 02:26:29 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.11.26 16:58:25 | 002,151,744 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013.11.20 16:13:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.10.30 22:08:14 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.10.25 08:08:20 | 000,032,960 | ---- | M] (Razer, Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe -- (RzOvlMon)
SRV - [2013.10.09 03:19:14 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.09.05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.01.08 17:23:50 | 000,277,488 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.07.08 23:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.11.01 15:10:16 | 000,140,560 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013.10.25 07:57:01 | 000,129,472 | ---- | M] (Razer, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzDxgk.sys -- (RzDxgk)
DRV:64bit: - [2013.10.25 07:57:01 | 000,074,432 | ---- | M] (Razer, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RzFilter.sys -- (RzFilter)
DRV:64bit: - [2013.10.17 03:27:10 | 000,143,016 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2013.10.14 03:17:26 | 000,034,984 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzmpos.sys -- (rzmpos)
DRV:64bit: - [2013.10.14 03:17:22 | 000,039,080 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt)
DRV:64bit: - [2013.10.01 01:53:16 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV:64bit: - [2013.09.27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013.08.31 01:11:28 | 012,528,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.08.30 23:32:32 | 000,618,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.07.31 19:24:22 | 000,183,312 | ---- | M] (<Turtle Entertainment>) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2013.07.22 03:19:42 | 000,126,872 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013.07.22 01:47:29 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.07.05 09:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.05.17 16:27:56 | 000,040,696 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzMaelstromVAD.sys -- (RZMAELSTROMVADService)
DRV:64bit: - [2013.04.11 18:21:08 | 002,734,080 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2012.12.13 16:24:10 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.12.13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.12.12 16:42:28 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.07 08:09:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.08.07 08:09:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.06.25 10:30:10 | 002,427,904 | ---- | M] (Blackmagic Design) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Intensity.sys -- (DeckLink)
DRV:64bit: - [2012.06.25 10:22:18 | 000,018,432 | ---- | M] (Blackmagic Design) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\deckaud.sys -- (BMDDeckLinkAudio)
DRV:64bit: - [2012.06.25 10:20:12 | 000,037,376 | ---- | M] (Blackmagic Design) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\deckavs.sys -- (deckavs)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.02 11:38:08 | 000,239,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2011.09.22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011.06.01 13:16:50 | 000,535,656 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.12 16:59:46 | 000,154,624 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011.04.28 14:20:30 | 001,617,472 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.21 10:09:14 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.08.03 15:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010.06.23 15:20:44 | 000,189,952 | ---- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcwhdpvr.sys -- (hcwhdpvr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013.10.25 07:59:58 | 000,013,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2012.05.26 19:34:10 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.05.26 10:02:56 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-372863723-2970391944-1656933904-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-372863723-2970391944-1656933904-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-372863723-2970391944-1656933904-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-372863723-2970391944-1656933904-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-372863723-2970391944-1656933904-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nb-NO
IE - HKU\S-1-5-21-372863723-2970391944-1656933904-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 7B 51 8F 7A 3B CD 01 [binary data]
IE - HKU\S-1-5-21-372863723-2970391944-1656933904-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-372863723-2970391944-1656933904-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-372863723-2970391944-1656933904-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-372863723-2970391944-1656933904-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-372863723-2970391944-1656933904-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-372863723-2970391944-1656933904-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.1: C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)


[2013.07.03 13:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haavard\AppData\Roaming\mozilla\Extensions
[2013.07.03 13:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haavard\AppData\Roaming\mozilla\Extensions\net.openvpn.client
[2012.05.26 22:43:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\extensions
[2012.05.26 22:43:48 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013.11.30 21:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.11.30 21:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Haavard\AppData\Roaming\mozilla\Firefox\Profiles\extensions\searchplugins

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: AdBlock = C:\Users\Haavard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: Google Wallet = C:\Users\Haavard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\

O1 HOSTS File: ([2013.11.30 21:49:22 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-372863723-2970391944-1656933904-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-372863723-2970391944-1656933904-1000..\Run: [Spotify Web Helper] C:\Users\Haavard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Haavard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-372863723-2970391944-1656933904-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://A:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://A:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://A:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://A:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.213.112.4 130.67.15.198 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC7DBFF8-0AE5-4E01-BC21-566001D8C0D0}: DhcpNameServer = 193.213.112.4 130.67.15.198 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC7DBFF8-0AE5-4E01-BC21-566001D8C0D0}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-372863723-2970391944-1656933904-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - No CLSID value found.
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll (Stardock.net, Inc)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.09.02 01:26:10 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.11.30 21:56:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.11.30 21:52:00 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.11.30 21:46:13 | 001,034,531 | ---- | C] (Thisisu) -- A:\Haavard\Desktop\JRT.exe
[2013.11.30 21:44:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- A:\Haavard\Desktop\OTL.exe
[2013.11.30 12:41:28 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Local\ElevatedDiagnostics
[2013.11.28 21:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2013.11.28 21:24:46 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2013.11.28 21:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2013.11.28 21:23:58 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2013.11.28 21:23:58 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Roaming\Image-Line
[2013.11.28 21:23:58 | 000,000,000 | ---D | C] -- A:\Haavard\Pictures\Haavard\Image-Line
[2013.11.28 21:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2013.11.28 21:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2013.11.28 21:23:47 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Roaming\FlowStone
[2013.11.28 21:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DSPRobotics
[2013.11.28 21:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2013.11.28 16:28:25 | 000,000,000 | ---D | C] -- C:\Users\Haavard\VirtualBox VMs
[2013.11.27 21:41:45 | 000,000,000 | ---D | C] -- C:\Users\Haavard\.VirtualBox
[2013.11.27 21:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2013.11.27 21:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2013.11.26 16:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013.11.26 16:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2013.11.26 16:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2013.11.26 16:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013.11.22 23:34:30 | 000,000,000 | ---D | C] -- C:\Users\Haavard\Local Settings
[2013.11.17 19:07:33 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Roaming\.mono
[2013.11.15 15:14:54 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Roaming\CodeBlocks
[2013.11.15 15:14:39 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
[2013.11.15 15:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
[2013.11.15 15:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CodeBlocks
[2013.11.14 18:14:39 | 000,000,000 | ---D | C] -- C:\Users\Haavard\AppData\Local\FluxSoftware
[2013.11.13 22:30:35 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.11.13 22:30:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.11.13 22:30:34 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.11.13 22:30:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.11.13 22:30:34 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.11.13 22:30:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.11.13 22:30:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.11.13 22:30:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.11.13 22:30:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.11.13 22:30:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.11.13 22:30:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.11.13 22:30:33 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.11.13 22:30:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.11.13 22:30:33 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.11.13 22:30:32 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.11.13 14:50:34 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.11.13 14:50:16 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.11.13 14:50:16 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.11.13 14:50:16 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013.11.13 14:50:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013.11.13 14:50:16 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013.11.13 14:50:01 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013.11.13 14:49:53 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013.11.13 14:49:53 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013.11.13 14:49:53 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013.11.13 14:49:53 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013.11.01 15:10:16 | 000,140,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2013.11.01 15:07:00 | 000,204,048 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNobj.dll

========== Files - Modified Within 30 Days ==========

[2013.11.30 22:03:35 | 000,000,021 | ---- | M] () -- C:\Users\Haavard\AppData\Roaming\config_data.dat
[2013.11.30 22:01:31 | 000,020,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.30 22:01:31 | 000,020,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.30 22:00:16 | 001,556,654 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.11.30 22:00:16 | 000,731,498 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.11.30 22:00:16 | 000,563,402 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2013.11.30 22:00:16 | 000,148,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.11.30 22:00:16 | 000,121,796 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2013.11.30 21:54:36 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.11.30 21:54:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.30 21:54:19 | 4179,451,902 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.30 21:49:49 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2013.11.30 21:49:22 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013.11.30 21:46:22 | 001,034,531 | ---- | M] (Thisisu) -- A:\Haavard\Desktop\JRT.exe
[2013.11.30 21:45:39 | 001,091,882 | ---- | M] () -- A:\Haavard\Desktop\AdwCleaner.exe
[2013.11.30 21:44:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- A:\Haavard\Desktop\OTL.exe
[2013.11.30 20:50:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.30 20:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.11.28 20:21:37 | 000,365,923 | ---- | M] () -- A:\Haavard\Desktop\4.png
[2013.11.28 19:49:29 | 000,376,797 | ---- | M] () -- A:\Haavard\Desktop\3.png
[2013.11.28 19:42:28 | 000,629,315 | ---- | M] () -- A:\Haavard\Desktop\2.png
[2013.11.28 19:42:08 | 000,379,902 | ---- | M] () -- A:\Haavard\Desktop\Uten navn.png
[2013.11.27 16:49:17 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.11.23 18:30:29 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.11.20 17:18:33 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.11.20 16:13:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.11.20 16:13:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.11.19 16:04:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzmpos_01009.Wdf
[2013.11.18 18:11:39 | 020,613,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imageres.dll
[2013.11.01 15:10:16 | 000,140,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2013.11.01 15:07:00 | 000,204,048 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNobj.dll

========== Files Created - No Company Name ==========

[2013.11.30 21:49:49 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013.11.30 21:45:20 | 001,091,882 | ---- | C] () -- A:\Haavard\Desktop\AdwCleaner.exe
[2013.11.28 21:23:57 | 000,002,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FL Studio 11.lnk
[2013.11.28 20:21:37 | 000,365,923 | ---- | C] () -- A:\Haavard\Desktop\4.png
[2013.11.28 19:49:29 | 000,376,797 | ---- | C] () -- A:\Haavard\Desktop\3.png
[2013.11.28 19:42:28 | 000,629,315 | ---- | C] () -- A:\Haavard\Desktop\2.png
[2013.11.28 19:42:08 | 000,379,902 | ---- | C] () -- A:\Haavard\Desktop\Uten navn.png
[2013.11.19 16:04:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzmpos_01009.Wdf
[2013.10.24 17:14:30 | 000,008,192 | ---- | C] () -- C:\Users\Haavard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.10.24 14:17:30 | 000,004,547 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\CamStudio.cfg
[2013.10.24 14:17:30 | 000,000,408 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\CamShapes.ini
[2013.10.24 14:17:30 | 000,000,408 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\CamLayout.ini
[2013.10.24 14:17:30 | 000,000,123 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\Camdata.ini
[2013.10.24 14:17:29 | 000,000,096 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\version2.xml
[2013.09.04 14:40:07 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2013.09.04 14:40:07 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2013.09.04 14:40:07 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2013.09.04 14:40:06 | 000,045,397 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2013.09.03 15:39:07 | 000,005,874 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2013.08.31 00:47:50 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.08.31 00:47:50 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.08.30 18:53:48 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013.08.26 17:17:21 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2013.07.19 02:56:45 | 000,000,041 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\TheHunterSettings_live.cfg
[2013.06.30 22:46:39 | 145,388,814 | ---- | C] () -- C:\Users\Haavard\AppData\Local\ACCCx183.zip.aamdownload
[2013.06.30 22:46:39 | 000,001,811 | ---- | C] () -- C:\Users\Haavard\AppData\Local\ACCCx183.zip.aamdownload.aamd
[2013.06.24 19:11:54 | 000,007,605 | ---- | C] () -- C:\Users\Haavard\AppData\Local\Resmon.ResmonCfg
[2013.05.28 17:57:07 | 000,000,021 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\config_data.dat
[2013.04.23 13:55:32 | 000,034,816 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\RZR_00109f2746029f3b594efaf44e37.db
[2013.03.22 14:37:58 | 000,000,046 | ---- | C] () -- C:\Users\Haavard\jagex_cl_runescape_LIVE.dat
[2013.03.22 14:37:58 | 000,000,024 | ---- | C] () -- C:\Users\Haavard\random.dat
[2013.01.27 17:46:11 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEBsm.dll
[2013.01.27 17:46:11 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEBsmr.dll
[2012.12.12 16:41:24 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.12 16:38:16 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.12 16:38:16 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.12.03 14:53:12 | 003,190,168 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_fc3.exe
[2012.09.28 20:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012.09.10 20:08:42 | 000,000,132 | ---- | C] () -- C:\Users\Haavard\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012.09.08 16:53:49 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.09.08 16:53:49 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.08.30 20:58:05 | 000,001,456 | ---- | C] () -- C:\Users\Haavard\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012.08.22 15:33:43 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.08.11 19:23:28 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012.08.11 19:23:28 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2012.08.11 19:23:28 | 000,001,994 | ---- | C] () -- C:\Windows\unins000.dat
[2012.08.04 23:52:26 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.08.04 23:12:02 | 000,925,184 | ---- | C] () -- C:\Windows\expstart.exe
[2012.08.03 15:53:36 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2012.07.02 21:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
[2012.06.11 17:35:46 | 000,000,265 | ---- | C] () -- C:\Windows\HCWBlast.ini
[2012.06.11 17:35:21 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\dmcrypto.dll
[2012.06.11 17:35:05 | 000,002,336 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012.05.27 08:14:54 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.05.27 06:28:55 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.27 06:28:54 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.05.27 06:28:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.26 20:16:44 | 001,540,504 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.26 09:30:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.05.26 09:12:00 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.05.26 09:07:22 | 000,207,400 | ---- | C] () -- C:\Windows\GSetup.exe
[2012.05.26 09:07:22 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.19 22:37:12 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.03.19 22:37:12 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.02.03 04:00:58 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\TCPClient.dll

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.07.09 16:30:09 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\.Blackmagic_Design
[2013.11.25 20:26:03 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\.minecraft
[2013.11.17 19:07:33 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\.mono
[2013.07.21 00:37:52 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\.StarMade
[2013.09.04 14:06:59 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\ASUS
[2012.09.02 09:46:06 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Autodesk
[2012.10.06 22:18:10 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Blender Foundation
[2012.06.03 21:06:27 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.06.03 15:59:25 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.11.30 21:54:40 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Corsair
[2013.07.22 22:13:18 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\DAEMON Tools Lite
[2013.07.26 01:58:12 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Dev-Cpp
[2012.10.29 21:44:52 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Dropbox
[2013.11.28 21:23:47 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\FlowStone
[2013.07.22 19:27:20 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\fltk.org
[2013.10.13 17:01:05 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Guild Wars 2
[2013.10.16 14:01:30 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Gyazo
[2013.03.19 12:46:32 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\HandBrake
[2013.11.28 21:23:58 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Image-Line
[2013.09.04 14:30:22 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\IObit
[2012.06.29 11:05:42 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\LolClient
[2012.05.27 17:46:03 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\LolClient2
[2013.01.20 17:00:13 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\MAXON
[2013.06.23 19:42:43 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Notepad++
[2013.07.03 13:34:35 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\OpenVPN Technologies
[2012.08.20 16:45:07 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Opera
[2013.08.03 01:32:27 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Origin
[2012.05.27 14:19:24 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\PACE Anti-Piracy
[2012.08.13 12:22:29 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\PowerISO
[2012.05.26 23:06:01 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Publish Providers
[2013.05.27 13:54:40 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\PunkBuster
[2013.09.16 20:25:54 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Rainmeter
[2012.05.27 14:13:26 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Red Giant Link
[2013.04.20 11:36:09 | 000,000,000 | -H-D | M] -- C:\Users\Haavard\AppData\Roaming\RWBYTE
[2012.08.21 14:54:06 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\six-zsync
[2012.07.10 12:06:16 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Sony
[2012.07.07 03:25:59 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Sony Creative Software Inc
[2013.11.30 22:04:52 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Spotify
[2012.06.03 18:08:08 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.08.03 16:00:21 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Stardock
[2013.11.26 17:01:44 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\TERA
[2013.09.16 18:09:04 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\The Creative Assembly
[2013.07.19 02:59:47 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\theHunter
[2012.11.02 19:13:10 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Ubisoft
[2013.11.30 19:28:01 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\uTorrent
[2013.06.15 15:49:32 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Wargaming.net
[2013.11.30 21:33:21 | 000,000,000 | ---D | M] -- C:\Users\Haavard\AppData\Roaming\Wise Disk Cleaner

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009.07.14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013.02.27 06:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009.07.14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010.11.20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010.11.20 14:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013.09.25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009.07.14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009.07.14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012.07.04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013.07.09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013.07.09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010.11.20 14:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010.11.20 14:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010.11.20 13:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011.03.03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009.07.14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009.07.14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009.07.14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009.07.14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010.11.20 14:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013.10.23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013.10.23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009.07.14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009.07.14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009.07.14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009.07.14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009.07.14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012.10.03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009.07.14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011.05.24 12:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012.02.11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013.09.25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009.07.14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010.11.20 14:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010.11.20 14:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010.11.20 14:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013.09.25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009.07.14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010.11.20 14:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010.11.20 14:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010.11.20 13:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010.11.20 14:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010.11.20 14:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010.11.20 13:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2012.08.04 23:02:23 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012.05.01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010.11.20 14:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010.11.20 14:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010.11.20 14:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010.11.20 14:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013.05.27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2010.11.20 14:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010.11.20 14:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010.11.20 14:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010.11.20 14:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010.11.20 13:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009.07.14 02:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012.06.02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010.11.20 14:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009.07.14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010.11.20 14:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.11.20 14:24:45 | 002,389,504 | ---- | M] (Microsoft Corporation) MD5=4B59264EC09A3E568E2FBC86FE2658E7 -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:12 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\Resources\Themes\Theme Manager\Default\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\W7SOC\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: QMGR.DLL >
[2010.11.20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010.11.20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SERVICES >
[2009.06.10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.AIP >
[2012.03.29 19:35:50 | 000,297,104 | ---- | M] (Adobe Systems Incorporated) MD5=8311BFD3FD21EB8089259C491406A7B0 -- C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.ASFX >
[2013.09.05 15:04:20 | 000,002,491 | ---- | M] () MD5=137C7EE24F5411F53B8326B9B219FC66 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\nb_NO\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2013.09.05 15:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DAT >
[2013.11.05 23:18:20 | 000,003,117 | ---- | M] () MD5=5F3B95A58780ADA3F223F004CDEE9967 -- C:\Users\Haavard\AppData\Local\Temp\jrt\services.dat

< MD5 for: SERVICES.EXE >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009.07.13 17:56:16 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=06F1D18489683D6A92DC1708DDAB1F57 -- C:\Windows\SysNative\nb-NO\services.exe.mui
[2009.07.13 17:56:16 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=06F1D18489683D6A92DC1708DDAB1F57 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_80bededec782269a\services.exe.mui
[2009.07.14 03:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009.07.14 03:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009.07.14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009.06.10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009.06.10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009.07.13 17:59:42 | 000,092,746 | ---- | M] () MD5=5245726856C9A29E64EB51841B1A39A4 -- C:\Windows\SysNative\nb-NO\services.msc
[2009.07.13 17:32:32 | 000,092,746 | ---- | M] () MD5=5245726856C9A29E64EB51841B1A39A4 -- C:\Windows\SysWOW64\nb-NO\services.msc
[2009.07.13 17:59:42 | 000,092,746 | ---- | M] () MD5=5245726856C9A29E64EB51841B1A39A4 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_bb00aeca9debc08d\services.msc
[2009.07.13 17:32:32 | 000,092,746 | ---- | M] () MD5=5245726856C9A29E64EB51841B1A39A4 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_5ee21346e58e4f57\services.msc
[2009.07.14 03:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009.06.10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009.07.14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009.07.14 03:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009.06.10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009.07.14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009.06.10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009.07.13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009.07.13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WINSOCK.H >
[2011.03.26 04:46:02 | 000,016,310 | ---- | M] () MD5=530DC7A218E4A5D8ABCF92050CE18A96 -- C:\Program Files (x86)\CodeBlocks\MinGW\include\winsock.h

< dir "%systemdrive%\*" /S /A:L /C >
Volumet i stasjon C er uten navn.
Volumserienummeret er DA63-3700
Innhold i C:\
14.07.2009 06:08 <KNUTEPUNKT> Documents and Settings [C:\Users]
0 fil(er) 0 byte
Innhold i C:\Program Files (x86)\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\FPC
28.11.2013 21:24 <SYMLINKD> Downloaded [A:\Haavard\Pictures\Haavard\Image-Line\Data\fpc\]
0 fil(er) 0 byte
Innhold i C:\Program Files (x86)\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\Harmor
28.11.2013 21:24 <SYMLINKD> Downloaded [A:\Haavard\Pictures\Haavard\Image-Line\Data\Harmor\]
0 fil(er) 0 byte
Innhold i C:\Program Files (x86)\Image-Line\FL Studio 11\Data\Patches\Plugin presets\Generators\Ogun
28.11.2013 21:24 <SYMLINKD> Downloaded [A:\Haavard\Pictures\Haavard\Image-Line\Data\ogun\]
0 fil(er) 0 byte
Innhold i C:\ProgramData
14.07.2009 06:08 <KNUTEPUNKT> Application Data [C:\ProgramData]
14.07.2009 06:08 <KNUTEPUNKT> Desktop [C:\Users\Public\Desktop]
14.07.2009 06:08 <KNUTEPUNKT> Documents [C:\Users\Public\Documents]
14.07.2009 06:08 <KNUTEPUNKT> Favorites [C:\Users\Public\Favorites]
14.07.2009 06:08 <KNUTEPUNKT> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009 06:08 <KNUTEPUNKT> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 fil(er) 0 byte
Innhold i C:\Users
14.07.2009 06:08 <SYMLINKD> All Users [C:\ProgramData]
14.07.2009 06:08 <KNUTEPUNKT> Default User [C:\Users\Default]
0 fil(er) 0 byte
Innhold i C:\Users\All Users
14.07.2009 06:08 <KNUTEPUNKT> Application Data [C:\ProgramData]
14.07.2009 06:08 <KNUTEPUNKT> Desktop [C:\Users\Public\Desktop]
14.07.2009 06:08 <KNUTEPUNKT> Documents [C:\Users\Public\Documents]
14.07.2009 06:08 <KNUTEPUNKT> Favorites [C:\Users\Public\Favorites]
14.07.2009 06:08 <KNUTEPUNKT> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14.07.2009 06:08 <KNUTEPUNKT> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 fil(er) 0 byte
Innhold i C:\Users\Default
14.07.2009 06:08 <KNUTEPUNKT> Application Data [C:\Users\Default\AppData\Roaming]
14.07.2009 06:08 <KNUTEPUNKT> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14.07.2009 06:08 <KNUTEPUNKT> Local Settings [C:\Users\Default\AppData\Local]
14.07.2009 06:08 <KNUTEPUNKT> My Documents [C:\Users\Default\Documents]
14.07.2009 06:08 <KNUTEPUNKT> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14.07.2009 06:08 <KNUTEPUNKT> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14.07.2009 06:08 <KNUTEPUNKT> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14.07.2009 06:08 <KNUTEPUNKT> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14.07.2009 06:08 <KNUTEPUNKT> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14.07.2009 06:08 <KNUTEPUNKT> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 fil(er) 0 byte
Innhold i C:\Users\Default\AppData\Local
14.07.2009 06:08 <KNUTEPUNKT> Application Data [C:\Users\Default\AppData\Local]
14.07.2009 06:08 <KNUTEPUNKT> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14.07.2009 06:08 <KNUTEPUNKT> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fil(er) 0 byte
Innhold i C:\Users\Default\Documents
14.07.2009 06:08 <KNUTEPUNKT> My Music [C:\Users\Default\Music]
14.07.2009 06:08 <KNUTEPUNKT> My Pictures [C:\Users\Default\Pictures]
14.07.2009 06:08 <KNUTEPUNKT> My Videos [C:\Users\Default\Videos]
0 fil(er) 0 byte
Innhold i C:\Users\Public\Documents
14.07.2009 06:08 <KNUTEPUNKT> My Music [C:\Users\Public\Music]
14.07.2009 06:08 <KNUTEPUNKT> My Pictures [C:\Users\Public\Pictures]
14.07.2009 06:08 <KNUTEPUNKT> My Videos [C:\Users\Public\Videos]
0 fil(er) 0 byte
Innhold i C:\Windows\System32\config\systemprofile
26.05.2012 09:06 <KNUTEPUNKT> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
26.05.2012 09:06 <KNUTEPUNKT> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
26.05.2012 09:06 <KNUTEPUNKT> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
26.05.2012 09:06 <KNUTEPUNKT> My Documents [C:\Windows\system32\config\systemprofile\Documents]
26.05.2012 09:06 <KNUTEPUNKT> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
26.05.2012 09:06 <KNUTEPUNKT> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
26.05.2012 09:06 <KNUTEPUNKT> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
26.05.2012 09:06 <KNUTEPUNKT> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
26.05.2012 09:06 <KNUTEPUNKT> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
26.05.2012 09:06 <KNUTEPUNKT> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 fil(er) 0 byte
Innhold i C:\Windows\System32\config\systemprofile\AppData\Local
26.05.2012 09:06 <KNUTEPUNKT> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
26.05.2012 09:06 <KNUTEPUNKT> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
26.05.2012 09:06 <KNUTEPUNKT> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fil(er) 0 byte
Innhold i C:\Windows\System32\config\systemprofile\Documents
26.05.2012 09:06 <KNUTEPUNKT> My Music [C:\Windows\system32\config\systemprofile\Music]
26.05.2012 09:06 <KNUTEPUNKT> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
26.05.2012 09:06 <KNUTEPUNKT> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 fil(er) 0 byte
Innhold i C:\Windows\SysWOW64\config\systemprofile
26.05.2012 09:06 <KNUTEPUNKT> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
26.05.2012 09:06 <KNUTEPUNKT> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
26.05.2012 09:06 <KNUTEPUNKT> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
26.05.2012 09:06 <KNUTEPUNKT> My Documents [C:\Windows\system32\config\systemprofile\Documents]
26.05.2012 09:06 <KNUTEPUNKT> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
26.05.2012 09:06 <KNUTEPUNKT> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
26.05.2012 09:06 <KNUTEPUNKT> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
26.05.2012 09:06 <KNUTEPUNKT> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
26.05.2012 09:06 <KNUTEPUNKT> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
26.05.2012 09:06 <KNUTEPUNKT> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 fil(er) 0 byte
Innhold i C:\Windows\SysWOW64\config\systemprofile\AppData\Local
26.05.2012 09:06 <KNUTEPUNKT> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
26.05.2012 09:06 <KNUTEPUNKT> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
26.05.2012 09:06 <KNUTEPUNKT> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fil(er) 0 byte
Innhold i C:\Windows\SysWOW64\config\systemprofile\Documents
26.05.2012 09:06 <KNUTEPUNKT> My Music [C:\Windows\system32\config\systemprofile\Music]
26.05.2012 09:06 <KNUTEPUNKT> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
26.05.2012 09:06 <KNUTEPUNKT> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 fil(er) 0 byte
Totalt antall filer:
0 fil(er) 0 byte
69 mappe® 40ÿ297ÿ455ÿ616 byte ledig

< End of report >





OTL Extras logfile created on: 30.11.2013 22:02:10 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = A:\Haavard\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

15,86 Gb Total Physical Memory | 12,71 Gb Available Physical Memory | 80,16% Memory free
31,71 Gb Paging File | 28,24 Gb Available in Paging File | 89,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 37,65 Gb Free Space | 33,68% Space Free | Partition Type: NTFS

Computer Name: HAAVARD-PC | User Name: Haavard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-372863723-2970391944-1656933904-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "A:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "A:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "A:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "A:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F407F2E-2828-4CA3-86D5-C22E69981EE3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{27FDC8B2-9188-49B1-9454-C28C1B81C415}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2BF692E0-13CC-4E3D-9F82-4E3E860B6991}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3675E472-99D8-430B-9413-FCD532035AE2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E458020-3BC4-48B5-ABD1-FE858E0DA3D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3E9CC961-88B8-4926-A00D-19A8CD737345}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B39489E-6EF7-4ED9-A2EE-D2CF79592DF0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{5316B0DC-38FF-48AD-B5F4-A5F3EE9C355A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{65534428-4EBF-457E-BED7-C80079A6E3B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7281D774-CAE5-4F1D-BD9B-AABEA1BB4073}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7499A7E2-B206-4599-963A-0D94B73FF43E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85783670-5BB0-476E-900F-C20B6752A289}" = lport=445 | protocol=6 | dir=in | app=system |
"{8FF6FA8E-A15C-431D-A01A-0B7726F04FC0}" = rport=138 | protocol=17 | dir=out | app=system |
"{9279344E-073F-417E-A88F-CB225A36A853}" = lport=139 | protocol=6 | dir=in | app=system |
"{964F3C8C-DBBF-46EA-A081-E687E6CD9E40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A6D6E76-8188-4383-B614-A81039E185BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E279C72-6221-402E-998B-60AC9FEF318A}" = rport=137 | protocol=17 | dir=out | app=system |
"{9E28FAA4-5CCB-49D3-BE93-67C64290D97E}" = lport=137 | protocol=17 | dir=in | app=system |
"{AFB64148-25C4-437E-BE68-9D8B0642F27C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B306207B-6151-4C85-9626-9603203EFF9C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B3DBCE64-9DA3-47ED-92D7-96A14F4C4B8A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BB0D099E-C80F-46AC-B227-DFE156003031}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BBA24124-4F56-4D7B-8604-E93C7ECA9CDD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C36BC683-351D-41F7-9085-BA76D0E6AEE1}" = lport=138 | protocol=17 | dir=in | app=system |
"{C4A9B2CE-D12B-4A26-AA3C-BD8D9C8F346C}" = rport=445 | protocol=6 | dir=out | app=system |
"{C4D20AA2-FE7B-4C55-BFFF-75E0DC3C160A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCC5E5EE-1D37-47A0-951E-AB85B9DF0EB5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D224B081-60BC-4557-8A62-261050E56033}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D52050F7-88C5-40B8-80DD-07B61E8F6F63}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DED321B8-8D92-4E43-B3AE-78FFD6C4A3E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5E8C1B5-26D0-46D0-A19E-808401D839F9}" = rport=139 | protocol=6 | dir=out | app=system |
"{F1815F4D-8C83-49B8-8624-842B24FB9D4A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3CE79F6-A60C-43F7-A5F4-A0BDDFC0804A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0244D0CF-AB06-417B-9C03-0E3AC707B8B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{05231CD9-7580-4352-990F-2AC3BFF1A184}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{0572E2C3-8293-4628-B737-E26EDA4A1116}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\zydeh\counterstrike source beta\hl2.exe |
"{07DC5D82-F800-4CFB-B871-4D7CBD99A88F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{093870A1-554B-480F-AF23-DF5F3A6D3592}" = protocol=6 | dir=in | app=a:\spill\origin\origin games\battlefield 3\bf3.exe |
"{0BE71430-58B8-4E7D-A8D2-D4AE8EAA67ED}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{0C136677-EBF3-4509-83EB-34632DB72B5F}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{0CADC703-86C9-4613-98DD-915D4755BC22}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\darksiders 2\darksiders2.exe |
"{0DEE5C37-B96E-4969-8D01-EEDD3E8C5590}" = protocol=6 | dir=in | app=a:\spill\activision\call of duty 4\iw3mp.exe |
"{108C9891-8BD2-45A8-9630-C7407DFDDD46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{11E86FCB-2318-4515-828C-6DAE56B8CB52}" = protocol=58 | dir=out | [email protected],-28546 |
"{11FF0384-D5FC-477C-9750-DA92E918565C}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\dota 2 beta\dota.exe |
"{1598D4E7-669C-4B73-88E0-13CD4CFDFB0A}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\arma 2\arma2.exe |
"{15C122D7-181C-4BA7-81B7-EF40301BFB34}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{16A530BE-A194-494E-B289-9D4DCE9C5594}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{17C36AC3-3A1A-4E50-80C1-EB554740A4FC}" = protocol=58 | dir=in | [email protected],-28545 |
"{1833D99B-96A2-4618-9424-C50FBE04F9C0}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{1AF6008F-55AB-4013-8EB2-D9CEA9C56771}" = protocol=6 | dir=in | app=c:\users\haavard\appdata\roaming\utorrent\utorrent.exe |
"{1B0B0DB4-FF7B-4473-AC51-43E12C3134CB}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{1C329731-FBD1-4F49-8D88-848A9355C37A}" = protocol=17 | dir=in | app=a:\spill\starcraft ii\starcraft ii public test.exe |
"{1D728B7B-84A7-428B-B91D-8EB187B55B97}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{20290B77-5DE4-4FA5-A03E-6FF2FECB3D95}" = protocol=17 | dir=in | app=a:\spill\origin\origin games\crysis 3 - digital deluxe edition content\launcher.exe |
"{2362EDF9-2E34-43A8-ABCB-F439FE91F184}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\dota 2 beta\dota.exe |
"{26ACA2D1-6C9F-4CB4-BD3F-734E0A1354BD}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{276BB1BB-39CB-4AEC-AED2-B6048C5D1135}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{2A40A939-AA71-4EE9-99BF-69D73526B499}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\team fortress 2\hl2.exe |
"{2A8144AF-847B-49CE-B757-06E281588A0B}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{2E510FFA-8EB4-4659-B351-8F0651404039}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{2E635330-9FD8-493A-81E2-2DA16AE3F7F3}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\half-life\hl.exe |
"{2E81216E-409F-43DE-8B85-450F565A2248}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{2EB5DDF0-4A10-420E-9C58-3ED9A018BCE4}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{2EEC990C-4F48-4EB8-8D28-A2F5369E6BA0}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{2F425DE3-85C6-4C5C-98DA-DA93ECEDBBF2}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{302D7B38-64EF-4CF0-B337-FF4BFB74287E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{30340944-47EC-4FF2-ABEA-6CFBCE414E95}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{306CAA7F-7F17-4192-BB91-823393D69A61}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\half-life 2\hl2.exe |
"{3561CDF9-5112-488D-844E-4645EA33F41F}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{35C161DD-8464-4C9B-A6F4-08D081F68FE1}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{3997C270-A5FC-484F-97F2-6E5F71A47F2E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3B185653-0730-46B2-88F3-DCE278E5B19B}" = protocol=17 | dir=in | app=a:\spill\starcraft ii\versions\base23260\sc2.exe |
"{3CE966DC-4605-433A-B52D-2EF2475DD59B}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{4152933C-0A1F-47DF-8C2A-AB1D612A3AC9}" = protocol=6 | dir=in | app=a:\spill\origin\origin games\crysis 3\bin32\crysis3.exe |
"{4517F2A9-39C3-4EEA-915E-B5354850BA6B}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{45C0C3E3-7FF0-4CF1-BEC5-3A4F3337CD92}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{46386D64-5816-4E19-BE7A-6A142101FF6B}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\dota 2 beta\dota.exe |
"{4884D74D-4F25-45DB-8E82-9E02E47B584D}" = protocol=17 | dir=in | app=a:\spill\thehunter\launcher\launcher.exe |
"{50A546E8-291F-4BE0-90E0-AACA36742D54}" = protocol=17 | dir=in | app=c:\users\haavard\appdata\roaming\spotify\spotify.exe |
"{524C6B6C-2682-4335-9C2A-A4BDE91E8685}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{52958B5A-882A-48CA-8728-0216ADE4CC9C}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{53317DB8-7241-421B-AC70-956F30B2767F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{54770B06-46A2-4FC4-8FAD-B859A2D1E523}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55F0FA3D-135C-4141-BFD9-3717C14696BD}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{594C45B7-1811-4817-8C24-FFB97775FF9A}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{625A3879-4E97-47F2-92DE-D5E03B3F9AE6}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{64DDDD14-C10E-4572-A0F1-2C57D90E7E72}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\dota 2 beta\dota.exe |
"{665B6B96-BC53-465D-80F2-EC095F9673C2}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{67BE62C7-14C5-4142-8072-52496F8BD456}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{690F9296-E90A-4E67-AD32-DFB65367C4B8}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{6B8F3CB1-8427-4BE6-B9C0-E18D57F92135}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{6CBD5A8E-1B84-41EC-829A-1E94943C3B9B}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{6F7BD399-C644-4E89-ABC9-D16AD78324FC}" = protocol=6 | dir=in | app=c:\users\haavard\appdata\roaming\spotify\spotify.exe |
"{70609278-4E1A-4CA8-A946-3CCE03F10665}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\alan wake\alanwake.exe |
"{72D523BE-0A14-4566-A3DA-E3A48D7A1C1E}" = protocol=17 | dir=in | app=a:\spill\origin\origin games\battlefield 4\bf4.exe |
"{741165A1-4DEE-486E-A94A-CBF3EEB0E75B}" = dir=in | app=%programfiles% (x86)\image-line\fl studio 11\fl.exe |
"{7593D3B0-17C2-4076-B4C3-664E6ECC5787}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{75A3AE46-23BF-4C3E-80EB-DCA01BD5BBDA}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{75E2DC56-EFDD-4882-8E85-C213022C549C}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\half-life\hl.exe |
"{784784F8-634F-4C39-B5C0-F9A459287716}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{78D2B628-678C-40FB-A45D-8BC0C1E4CB89}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\alan wake\alanwake.exe |
"{7AA41D88-F34B-4518-9A8F-D4066B6E3A60}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\darksiders 2\darksiders2.exe |
"{7DEC481D-CDCB-432F-932D-E0B872C5657A}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\team fortress 2\hl2.exe |
"{7DFF5D52-0232-424C-9216-372FC4A05B9C}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\counter-strike source\hl2.exe |
"{802E8155-028B-4FBC-BA98-7DB91191DB2E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{810C295E-7F53-4008-8FEA-436A22B237DB}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{86407E69-4FB8-4B15-9591-8CFAFB3C1521}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{884910EF-EC7D-4CEA-9A56-9754AFBB8994}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{8858C434-FEA7-4082-A6E7-8BB12E23C001}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe |
"{8ABC8050-34BA-4063-A312-091C4E2E00C3}" = protocol=17 | dir=in | app=a:\spill\origin\origin games\crysis\bin32\crysis.exe |
"{8C2BEBDA-AF05-4389-9028-B28A2410A83C}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\half-life\hl.exe |
"{8D6D2AAC-9BD8-47ED-B0D5-6CAB6C3AA73C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{8E505C5C-C8E8-4550-A66B-77A088A41B36}" = protocol=17 | dir=in | app=a:\spill\starcraft ii\starcraft ii.exe |
"{9042F036-C947-439F-B3D1-661F0C4D4543}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{907A3701-AFC4-43BB-ABB4-0FF890833856}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{91E6224F-8205-4D28-8525-0989BCF302A9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9237B264-104E-433C-BF03-C43B3D462BE2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{9244F451-88AC-451D-9D97-5339A3DA6015}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{92D1B04D-A844-4CD8-A558-1A85C1D43918}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\arma 2\arma2.exe |
"{9525A7AB-DA6A-47FC-879A-71F06B2F44C2}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\smashmuck champions\smashmuck.exe |
"{96524B26-B1E0-46FB-808C-E60A419693FE}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{9816A5FA-EC41-4B87-A7D9-8E5BF1CDEB8A}" = protocol=6 | dir=in | app=a:\spill\starcraft ii\versions\base23260\sc2.exe |
"{98338F94-897B-4BCD-8BBA-759822815915}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{9888A4A6-1575-40E8-BC50-991C3E0365D7}" = protocol=17 | dir=in | app=c:\users\haavard\appdata\roaming\spotify\spotify.exe |
"{988C2A97-E4F9-4FF0-A4B5-BEDB22BD3E63}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{998B524F-3A58-470E-8381-DD82A3EA1F92}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{9AC7D02A-CEF2-46B3-A786-036D5CA3C91B}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\medal of honor\binaries\moh.exe |
"{9BA8290F-4EF7-4BAC-9EF7-5828838BC847}" = protocol=6 | dir=in | app=a:\spill\origin\origin games\crysis\bin32\crysis.exe |
"{9D6525B4-592E-48E1-9858-3E788FCE929A}" = protocol=17 | dir=in | app=c:\users\haavard\appdata\roaming\utorrent\utorrent.exe |
"{9DAC3B52-AC8A-4773-BEF2-6E9D219A6CE9}" = protocol=17 | dir=in | app=a:\spill\activision\call of duty 4\iw3mp.exe |
"{A022121E-CD65-4ED0-A39A-51AAEE74B01D}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{A07CF937-6B36-4C67-9D1A-B54AE5F5E96A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{A1A9BD9A-280C-408D-8E1D-2CE09B1913B9}" = protocol=6 | dir=in | app=a:\spill\origin\origin games\crysis 3 - digital deluxe edition content\launcher.exe |
"{A1B1E2ED-0157-438F-9D3B-F16B913390B7}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\medal of honor\support\ea help\electronic_arts_technical_support.htm |
"{A3CF49B8-6FAD-4D3B-BD95-42020337CFD0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A512A52E-3FC4-4051-9AF7-23A53435DE25}" = protocol=6 | dir=in | app=a:\spill\origin\origin games\battlefield 4\bf4_x86.exe |
"{A52E301A-C524-4C52-86D7-A86314D250D2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A72CAE21-E322-4D92-BB6A-2C15CCED0CB8}" = protocol=6 | dir=in | app=a:\spill\starcraft ii\starcraft ii.exe |
"{ABFF77BA-2E18-4AA1-961E-1C25D0F86CE4}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{ADBB57EB-2330-4415-B1DD-AE656089F3C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AEDD2C9F-1065-4A65-ABB6-1DA2A69C35D3}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{B2F63584-79BA-40AD-846C-C7771E1D1DFC}" = protocol=6 | dir=in | app=a:\spill\starcraft ii\starcraft ii public test.exe |
"{B312AF38-DF7A-4E5E-BA69-E04A71447CFD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{B3465E05-0152-4986-A88F-189748816482}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\smashmuck champions\smashmuck.exe |
"{B4077B74-5409-4269-99FC-4332D689088E}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{B4D0CF87-48EC-4981-AC36-438532834D16}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{B574414F-4265-45C2-816D-8D6737BFCBF7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6838824-D2A7-42EB-A2D6-141CA30F5DB9}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{B84B6590-6D2D-4D35-9CB2-63A972B1BBFF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8AEFEF7-8AFB-49F4-974D-586DD53AEF8B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{B9FCA556-936D-4572-8C11-1EDDFFE70FFB}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{BA751612-8580-4FFC-996A-53AC6F938EF8}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\half-life\hl.exe |
"{BD94DC1F-02F2-4A93-B3B3-97E17C423580}" = protocol=6 | dir=in | app=c:\users\haavard\appdata\roaming\spotify\spotify.exe |
"{C29D7945-B3FB-47B3-83DF-FF4101F2F47C}" = protocol=17 | dir=in | app=a:\spill\origin\origin games\battlefield 3\bf3.exe |
"{C529FB2C-4704-4594-957C-F3020F80F214}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{C58C3208-393E-4A51-9686-490D12DB027A}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{C6EE9F75-163E-4493-8929-FACB180C2C17}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C7C3CCA9-D1F5-47A5-BA1C-A5010052F9BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7EE88CB-B3B8-427B-B0D7-CBFE8D58B80A}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{C81DF047-66CB-4857-BB37-0B8AC4E62B7D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CBBA593B-5137-4919-A349-DCD8074869EC}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{CBF7791C-5C25-4470-88C0-BB242BBF574C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF36EBE2-2863-4EBD-8AB5-2CF9240AE737}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{D12C6EC7-554D-433B-9462-7C99A1394F63}" = protocol=17 | dir=in | app=a:\spill\origin\origin games\battlefield 4\bf4_x86.exe |
"{D372273A-B917-4311-8C26-38F0D9E222BF}" = protocol=1 | dir=in | [email protected],-28543 |
"{D6766007-9B0E-400F-A578-1268F7418C4A}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{D84FB95F-1C96-4C2A-BCE2-0231DFCBC3CA}" = protocol=6 | dir=out | app=system |
"{DF55D077-5765-41DD-AE92-B98D07A41512}" = protocol=17 | dir=in | app=a:\spill\origin\origin games\crysis 3\bin32\crysis3.exe |
"{E01F6651-045E-4248-A58A-1D22123C693C}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\zydeh\counterstrike source beta\hl2.exe |
"{E1C95CFE-D2A6-4AA7-9907-1EC124F07FBC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E2F70030-72D3-419C-B09D-D42582CC77A9}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E3CB8708-C0C3-477F-A1D9-9B634911C4E7}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\counter-strike source\hl2.exe |
"{E4CBC1EC-8042-4382-9DD7-A10328B2D5DB}" = protocol=6 | dir=in | app=a:\spill\thehunter\launcher\launcher.exe |
"{E6CCFF05-6B6B-45D1-891F-4AFFB9690EF5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EA995538-0594-4274-B69F-39EFAB1B68D0}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{ECAC7FD8-31B8-4B03-BBD1-62CAFF79D6CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF61EE75-FDBE-4E7C-9104-6DB2A71CA90E}" = protocol=6 | dir=in | app=a:\spill\origin\origin games\battlefield 4\bf4.exe |
"{F0EF356E-150B-42D8-8B88-0A33AEBEF46A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2328\agent.exe |
"{F1C809AE-2328-46C9-90C3-ADD10EDAF6EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F33305F2-7DC2-4A61-926F-F573A08F6BAB}" = protocol=1 | dir=out | [email protected],-28544 |
"{F4FEBE76-A90C-4BD7-979D-7CD504874C39}" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
"{F5D3448E-3659-4687-8275-6E8C77FC01C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F679C57D-1618-4E18-B9FB-B7BE83A74CD2}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\medal of honor\mp\mohmpgame.exe |
"{F95BAD84-D518-4770-92E0-D0917CC28A20}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2328\agent.exe |
"{FE6DFCD9-4A85-47C5-A577-62FE0F7B18F2}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{FED80A33-1820-44DD-87DA-F51CE03EB1D6}" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\common\half-life 2\hl2.exe |
"TCP Query User{121349E1-F9CF-44C5-B339-D978E2D1966B}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{31AF12A7-8226-4F37-82D5-FCC474CD3940}A:\spill\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=a:\spill\guild wars 2\gw2.exe |
"TCP Query User{33525982-B0C9-4DA3-AE5F-57B97DFE97B9}A:\spill\activision\call of duty 4\iw3mp - kopi.exe" = protocol=6 | dir=in | app=a:\spill\activision\call of duty 4\iw3mp - kopi.exe |
"TCP Query User{3F6F181D-46E7-493C-805B-84D38A53CE15}A:\haavard\pictures\haavard\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=a:\haavard\pictures\haavard\arma 2\expansion\beta\arma2oa.exe |
"TCP Query User{4499C7B5-0765-431D-AD4D-4AAE02B3FF23}A:\spill\activision\call of duty 4\iw3mp.exe" = protocol=6 | dir=in | app=a:\spill\activision\call of duty 4\iw3mp.exe |
"TCP Query User{61DAFFFB-8FE2-4FE2-B87C-4DC05F38350A}A:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=a:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{70902A26-5F6D-4549-965E-032662BEA87E}A:\spill\origin\origin games\crysis 2 maximum edition\bin32\crysis2.exe" = protocol=6 | dir=in | app=a:\spill\origin\origin games\crysis 2 maximum edition\bin32\crysis2.exe |
"TCP Query User{747456E3-4AED-4C45-9D63-1A39220E5822}A:\editingprograms\sony\vegas pro 10.0\vegas100.exe" = protocol=6 | dir=in | app=a:\editingprograms\sony\vegas pro 10.0\vegas100.exe |
"TCP Query User{78AE62AE-7883-41A8-A7EB-528AE36C069E}A:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=a:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{7EC40AA6-B2B9-4FF5-90B5-302B1C231460}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{8D5F2C5C-020B-41A8-8034-7D818FB883B9}A:\spill\assassins creed\assassin's creed ii pc full game updated v_1.01 ^^nosteam^^\assassin's creed ii\assassinscreediigame.exe" = protocol=6 | dir=in | app=a:\spill\assassins creed\assassin's creed ii pc full game updated v_1.01 ^^nosteam^^\assassin's creed ii\assassinscreediigame.exe |
"TCP Query User{A80F6384-E411-498C-A11E-0A445DDB0CB1}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{A8BC1470-8A89-4D7C-B86C-61EDB7820593}A:\spill\steam\steamapps\zydeh\source sdk base\hl2.exe" = protocol=6 | dir=in | app=a:\spill\steam\steamapps\zydeh\source sdk base\hl2.exe |
"TCP Query User{A948F768-EE50-4C13-94B7-A511F1608F0F}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{B0FFEA61-044D-460C-BD06-BC1367794AFB}C:\program files\adobe\adobe after effects cs6\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe after effects cs6\support files\afterfx.exe |
"TCP Query User{BFEC43E0-843C-4066-BE31-D900C934F5BB}A:\spill\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=a:\spill\guild wars 2\gw2.exe |
"TCP Query User{C8153870-EA64-4CF8-B4AB-164556A9E76D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{C9FDFBC6-F580-47D7-8215-13ABED9A0FE6}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"TCP Query User{CD85ADDB-4C70-4C95-BE83-2E1F65143B31}A:\spill\steam\steam.exe" = protocol=6 | dir=in | app=a:\spill\steam\steam.exe |
"TCP Query User{D1927900-655B-4458-8CCF-BA1918759543}A:\spill\activision\mw2\modern warfare 2 - multiplayer\bootstrap\iw4mp.exe" = protocol=6 | dir=in | app=a:\spill\activision\mw2\modern warfare 2 - multiplayer\bootstrap\iw4mp.exe |
"TCP Query User{DA7865E6-BF9E-40C8-881C-421EA9061A90}A:\spill\rome 2\total war rome ii\rome2.exe" = protocol=6 | dir=in | app=a:\spill\rome 2\total war rome ii\rome2.exe |
"TCP Query User{E2B051C4-28C6-4674-8DAC-E05F3C5FD0FC}C:\program files\adobe\adobe after effects cs6\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe after effects cs6\support files\afterfx.exe |
"TCP Query User{E4937FF0-5E3B-4815-9652-8E801F3EC702}A:\spill\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=a:\spill\diablo iii\diablo iii.exe |
"TCP Query User{EE9C0F4C-CC1D-4025-826B-C89C149D4F0F}A:\spill\activision\mw2\iw4m\iw4m.dat" = protocol=6 | dir=in | app=a:\spill\activision\mw2\iw4m\iw4m.dat |
"TCP Query User{FA56F93B-E4BE-484C-AAA6-432B56942C84}A:\spill\thehunter\game\thehunter.exe" = protocol=6 | dir=in | app=a:\spill\thehunter\game\thehunter.exe |
"UDP Query User{03CDE2CF-C988-4E43-B547-CA7727949631}A:\spill\steam\steamapps\zydeh\source sdk base\hl2.exe" = protocol=17 | dir=in | app=a:\spill\steam\steamapps\zydeh\source sdk base\hl2.exe |
"UDP Query User{092A8A3C-097A-4A09-8CCA-F5826C7FB0E7}A:\spill\origin\origin games\crysis 2 maximum edition\bin32\crysis2.exe" = protocol=17 | dir=in | app=a:\spill\origin\origin games\crysis 2 maximum edition\bin32\crysis2.exe |
"UDP Query User{098B287F-3843-4D0E-A1C4-33A305920A4B}A:\spill\activision\mw2\modern warfare 2 - multiplayer\bootstrap\iw4mp.exe" = protocol=17 | dir=in | app=a:\spill\activision\mw2\modern warfare 2 - multiplayer\bootstrap\iw4mp.exe |
"UDP Query User{2942C904-2883-4D74-A9D1-7B64594F92B4}C:\program files\adobe\adobe after effects cs6\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe after effects cs6\support files\afterfx.exe |
"UDP Query User{2B22EF0D-B909-4FA4-861E-CCF17ED55F11}A:\editingprograms\sony\vegas pro 10.0\vegas100.exe" = protocol=17 | dir=in | app=a:\editingprograms\sony\vegas pro 10.0\vegas100.exe |
"UDP Query User{30DDFBBF-A97C-472A-B0A2-02A3189457B3}A:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=a:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{338584EF-8892-4897-8FB4-DF7600880602}A:\haavard\pictures\haavard\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=a:\haavard\pictures\haavard\arma 2\expansion\beta\arma2oa.exe |
"UDP Query User{349B4CB3-8D3E-4733-9B27-664DA35B0444}A:\spill\rome 2\total war rome ii\rome2.exe" = protocol=17 | dir=in | app=a:\spill\rome 2\total war rome ii\rome2.exe |
"UDP Query User{37D135D4-43B2-47C8-A075-773576E47A35}A:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=a:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{462A6ADF-270A-4BD2-8140-32806FC4E2DD}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{46CB9EAA-3D1A-4D5A-AA08-E1F086190101}A:\spill\activision\call of duty 4\iw3mp.exe" = protocol=17 | dir=in | app=a:\spill\activision\call of duty 4\iw3mp.exe |
"UDP Query User{584B0C9D-2600-4768-B751-BC9CF6AE3460}A:\spill\thehunter\game\thehunter.exe" = protocol=17 | dir=in | app=a:\spill\thehunter\game\thehunter.exe |
"UDP Query User{5B9FAF36-09B9-4BCE-BE1E-07CE4B83ECBE}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{6807D93D-CC0A-4CAA-8D4A-59F2DDA890C1}A:\spill\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=a:\spill\guild wars 2\gw2.exe |
"UDP Query User{77245CB0-9168-4A26-96D8-402268246650}A:\spill\activision\call of duty 4\iw3mp - kopi.exe" = protocol=17 | dir=in | app=a:\spill\activision\call of duty 4\iw3mp - kopi.exe |
"UDP Query User{9CDF8D1C-CEF6-47B7-92E5-BAB57DF4794C}A:\spill\activision\mw2\iw4m\iw4m.dat" = protocol=17 | dir=in | app=a:\spill\activision\mw2\iw4m\iw4m.dat |
"UDP Query User{A69404FD-9DEC-46B4-BC9D-445A04A3AA29}A:\spill\assassins creed\assassin's creed ii pc full game updated v_1.01 ^^nosteam^^\assassin's creed ii\assassinscreediigame.exe" = protocol=17 | dir=in | app=a:\spill\assassins creed\assassin's creed ii pc full game updated v_1.01 ^^nosteam^^\assassin's creed ii\assassinscreediigame.exe |
"UDP Query User{A9FE6A28-C8E6-4774-9546-C6317442F451}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{D427BDEA-6E0C-4B36-9866-07FDD6412F2F}A:\spill\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=a:\spill\guild wars 2\gw2.exe |
"UDP Query User{D624E900-19CC-46C9-8E75-D18B072E3A12}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{D7B0ABCC-242D-4C64-A9F3-B347D6C7AA84}A:\spill\steam\steam.exe" = protocol=17 | dir=in | app=a:\spill\steam\steam.exe |
"UDP Query User{DBC2C31C-20C3-459C-9FAF-3884CCA32352}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{DD42D4E2-90C0-41ED-848B-E3CF83C3B6F8}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{E38761A3-5F36-4634-A7A6-AF38D68D3351}C:\program files\adobe\adobe after effects cs6\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe after effects cs6\support files\afterfx.exe |
"UDP Query User{F7512DC8-9335-4B28-A454-51A595BBA09C}A:\spill\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=a:\spill\diablo iii\diablo iii.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E18300-BB64-1664-8E6A-2593FC67BB74}" = Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{0F30B978-3536-0409-BC9C-0A2FB4C35EFC}" = Autodesk 3ds Max 2013 64-bit
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9871B6-7C44-9A3A-A1C0-F9729663C7F5}" = AMD Catalyst Install Manager
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client
"{29AFE1B0-26A4-11E1-BFD4-F04DA23A5C58}" = MSVCRT Redists
"{2D0056B0-7754-11E0-AAC5-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit
"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit
"{348207D1-7754-11E0-9BC0-0013D3D69929}" = MSVCRT Redists
"{44610EE0-C908-D8F1-425D-914A5B745DEA}" = AMD Drag and Drop Transcoding
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{49C9FDFF-6056-4E8C-B9AF-B7B4D78023E2}" = Oracle VM VirtualBox 4.3.2
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files
"{6532BCFB-8C63-3C63-B419-0A5FA3F1C854}" = Microsoft .NET Framework 4 Extended NOR Language Pack
"{67631D8E-EB7F-5D02-002C-D682BCF1D3EB}" = AMD Accelerated Video Transcoding
"{69045C17-66CE-1316-6CC9-7EA496D1F6EA}" = ccc-utility64
"{696BB53C-28E6-1664-974E-D42FFF5B8E04}" = Autodesk Inventor Server Engine for 3ds Max 2013 64-bit
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6D9DCF92-F8A3-33A2-897A-9C379448E0D8}" = Microsoft .NET Framework 4 Client Profile NOR Language Pack
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7EDE5B68-1FB0-405D-88F0-A34236002DA8}" = Autodesk Essential Skills Movies for 3ds Max 2013 64-bit
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-002A-0414-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A27FDB06-60C8-4D5A-BB2F-8038FD151E3C}" = Trapcode Suite 64-bit
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{B7765C3D-27EE-4AA8-BB54-D88285D128A0}" = Effects Suite 64-bit
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1" = EVGA OC Scanner X 3.2.1 (64-bit)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D376D654-CBBB-4601-8496-D1A54D4D80EA}" = Magic Bullet Suite 64-bit
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{FFCEA5CD-93FE-F0DB-57AB-0E0A62F0214A}" = AMD Media Foundation Decoders
"Autodesk 3ds Max 2013 64-bit" = Autodesk 3ds Max 2013 64-bit
"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit
"Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit
"CameraTracker for AE_is1" = CameraTracker 1.0v3 (64 bit) for AE
"CCleaner" = CCleaner
"ESL Wire_is1" = ESL Wire 1.17.2
"Microsoft .NET Framework 4 Client Profile NOR Language Pack" = Microsoft .NET Framework 4 Client Profile NOR Language Pack
"Microsoft .NET Framework 4 Extended NOR Language Pack" = Microsoft .NET Framework 4 Extended NOR Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Speccy" = Speccy
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07B98CCD-72B4-7F02-F9C1-B0410BA81580}" = CCC Help Norwegian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0C140947-C8D9-449F-9731-8023FFDB084E}" = ASUS PMP
"{0D66D9EB-2DAE-599C-92D0-E2E6CCAA0666}" = CCC Help Japanese
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.7.1
"{1CA07BFA-8F7C-80CA-0A69-EAA93C7C7744}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D FurMark 1.11.0
"{239D758B-F854-D61D-AC4E-1AAA9654426F}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2A8C5AE3-2772-4EB1-8206-D5E53D111A61}" = Crysis®3 Digital Deluxe Edition Content
"{2B2782F8-929D-AE80-1297-488D7590D208}" = CCC Help Portuguese
"{31DF9E67-DA8A-5C06-BBAD-3B3BCB5B2304}" = CCC Help Polish
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BCD05CE-8CDE-9503-8794-D8CDB9FA8562}" = Catalyst Control Center InstallProxy
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4198AE83-A3C6-4C41-85C8-EC63E990696E}" = Crysis®3
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3BF70D-19A9-F87B-7B8B-8BADDFF9C8A5}" = CCC Help Finnish
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{51853D9B-0D96-7A31-88D7-8520B50373F0}" = CCC Help Italian
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{580B86B2-0E0F-996C-0045-38D0B681B16E}" = CCC Help Danish
"{58760EEC-8B6A-43F4-81AA-696E381DFADD}" = Autodesk Material Library Medium Resolution Image Library 2013
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{658EFB3F-8606-4576-8FEC-B0CED48F1E68}" = CorsairLINK2
"{6BF04C63-EAC0-4F19-9E88-9A745493E7BF}" = IconPackager
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 2.0.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7E935774-B43B-48A3-93EE-D2C5E8FA5DB5}" = Blackmagic Design Desktop Video
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8624569E-94AE-EF90-92E2-6AD8E5A617ED}" = AMD Catalyst Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A6F6649-5244-9C2E-80CD-AD49603321AF}" = CCC Help German
"{8BF66753-6750-D41C-43EB-F64C54A8E80D}" = CCC Help Chinese Standard
"{8EA39464-1316-0125-7FD8-E74B49ADB429}" = CCC Help Turkish
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0414-0000-0000000FF1CE}" = Microsoft Office Access MUI (Norwegian (Bokmål)) 2010
"{90140000-0015-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0414-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Norwegian (Bokmål)) 2010
"{90140000-0016-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0017-0414-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Norwegian (Bokmål)) 2010
"{90140000-0017-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{11788EA4-1497-4A6C-AC21-FC33CB079E16}" = Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0414-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2010
"{90140000-0018-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0414-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2010
"{90140000-0019-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0414-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010
"{90140000-001A-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0414-0000-0000000FF1CE}" = Microsoft Office Word MUI (Norwegian (Bokmål)) 2010
"{90140000-001B-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.nb-no_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010
"{90140000-001F-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{F3137115-1D72-46BE-9D42-B5DE61971F2A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010
"{90140000-001F-0814-0000-0000000FF1CE}_Office14.OMUI.nb-no_{751049E8-D99F-4DE1-9FC2-71DE06655678}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002A-0414-1000-0000000FF1CE}_Office14.OMUI.nb-no_{BBFE07A3-B32C-4D6E-B5CA-9F420106EC9D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0414-0000-0000000FF1CE}" = Microsoft Office Proofing (Norwegian (Bokmål)) 2010
"{90140000-002C-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{66FC3637-893A-4837-A32C-0DD98E7F8444}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0414-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2010
"{90140000-0044-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0414-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Norwegian (Bokmål)) 2010
"{90140000-006E-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{C166254D-5FB6-4D3F-8509-3575387141B9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0414-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2010
"{90140000-00A1-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0414-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Norwegian (Bokmål)) 2010
"{90140000-00BA-0414-0000-0000000FF1CE}_Office14.OMUI.nb-no_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0100-0414-0000-0000000FF1CE}" = Microsoft Office O MUI (Norwegian (Bokmål)) 2010
"{90140000-0101-0414-0000-0000000FF1CE}" = Microsoft Office X MUI (Norwegian (Bokmål)) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90D2DF70-F0E8-2CA3-F3B9-DD7CE267BB19}" = Catalyst Control Center Graphics Previews Common
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0081-0414-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9785513D-0335-E199-3AC0-74DF83246F20}" = CCC Help Czech
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A049FD86-61DA-E6DB-2602-0065CB7D4414}" = CCC Help Greek
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A70B1A8B-24B4-4204-9E46-D14CBC49093E}" = Vicon boujou 5.0
"{A7B4D968-7FB7-2CD3-9792-5ACCAECAC72E}" = CCC Help Korean
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{AC76BA86-7AD7-1044-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Norsk
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B05FBD47-2A22-2259-E65C-A2D3FB647A6A}" = CCC Help Russian
"{B0EF1FE0-ECD8-44CE-AF83-F62E9EE58264}" = ASUS Xonar D2X
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B328A1B9-D169-FBA9-F4AF-806E0046F89A}" = CCC Help Spanish
"{B5BE22C7-420A-5F14-A1B9-4AB3F3DE0A3E}" = Catalyst Control Center InstallProxy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BE73543D-E7A0-01D8-7866-C05693BB6BBE}" = CCC Help English
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CCA78313-443C-4674-81B8-88919D137258}" = Autodesk Download Manager
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9E34320-D91C-E961-D902-B60788EAA26E}" = CCC Help Hungarian
"{DF4CBDE3-8789-A589-46F2-7F5B78092D5F}" = CCC Help Swedish
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{E70E73B2-DABD-40E4-AE50-81B22567F418}" = Crysis
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EC2D4C8B-D8BF-7E06-C094-26B4CE84BF8C}" = CCC Help Dutch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)
"{FB474A6C-CB62-AA42-A618-2EA58F0F2504}" = Catalyst Control Center Localization All
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FFB3193B-D922-DD38-B218-EB86DD3F3FAD}" = CCC Help Thai
"3D Ripper DX_is1" = 3D Ripper DX v1.8
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 3.0.0 Beta 16
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"CMIUSB&1B1C&1C00" = Corsair Link™ USB Dongle (Driver Removal)
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Dxtory2.0_is1" = Dxtory version 2.0.119
"ESN Sonar-0.70.4" = ESN Sonar
"FL Studio 11" = FL Studio 11
"FlowStone" = FlowStone FL 3.0
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"IconPackager" = IconPackager
"IL Shared Libraries" = IL Shared Libraries
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{A27FDB06-60C8-4D5A-BB2F-8038FD151E3C}" = Trapcode Suite 64-bit
"InstallShield_{B7765C3D-27EE-4AA8-BB54-D88285D128A0}" = Effects Suite 64-bit
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"InstallShield_{D376D654-CBBB-4601-8496-D1A54D4D80EA}" = Magic Bullet Suite 64-bit
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"IObitUninstall" = IObit Uninstaller
"LocK-A-FoLdeR" = LocK-A-FoLdeR
"LOLReplay" = LOLReplay
"MagniDriver" = marvell 91xx driver
"NewBlue 3D Explosions for Windows" = NewBlue 3D Explosions for Windows
"NewBlue 3D Transformations for Windows" = NewBlue 3D Transformations for Windows
"NewBlue Art Blends for Windows" = NewBlue Art Blends for Windows
"NewBlue Art Effects for Windows" = NewBlue Art Effects for Windows
"NewBlue Film Effects for Windows" = NewBlue Film Effects for Windows
"NewBlue Light Effects for Windows" = NewBlue Light Effects for Windows
"NewBlue Motion Blends for Windows" = NewBlue Motion Blends for Windows
"NewBlue Motion Effects for Windows" = NewBlue Motion Effects for Windows
"NewBlue Paint Blends for Windows" = NewBlue Paint Blends for Windows
"NewBlue Paint Effects for Windows" = NewBlue Paint Effects for Windows
"NewBlue Sampler Pack for Windows" = NewBlue Sampler Pack for Windows
"Notepad++" = Notepad++
"Office14.OMUI.nb-no" = Microsoft Office Language Pack 2010 - Norwegian/norsk
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Origin" = Origin
"oZone3D Fur Rendering Benchmark_is1" = oZone3D Fur Rendering Benchmark v1.0.0
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"Razer Core" = Razer Core
"ReelSmart Motion Blur 4, After Effects-compatible plugin set" = ReelSmart Motion Blur 4, After Effects-compatible plugin set
"RightMark Audio Analyzer 6.0.6" = RightMark Audio Analyzer 6.0.6
"RTSS" = RivaTuner Statistics Server 5.4.0
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 108710" = Alan Wake
"Steam App 1250" = Killing Floor
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 204300" = Awesomenauts
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 215" = Source SDK Base 2006
"Steam App 218330" = Smashmuck Champions
"Steam App 219540" = ARMA 2: Operation Arrowhead Beta
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 220" = Half-Life 2
"Steam App 22380" = Fallout: New Vegas
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 47830" = Medal of Honor™ Multiplayer
"Steam App 49520" = Borderlands 2
"Steam App 50650" = Darksiders II
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 7940" = Call of Duty 4: Modern Warfare
"Steam App 80" = Counter-Strike: Condition Zero
"theHunter" = theHunter (remove only)
"Twixtor 5, After Effects-compatible plugin set" = Twixtor 5, After Effects-compatible plugin set
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.97
"World of Warcraft" = World of Warcraft
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"x264vfw64" = x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only)
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-372863723-2970391944-1656933904-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent

< End of report >
  • 0

#5
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
What is Drive A?

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CreateRestorePoint]
    
    :OTL
    O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No CLSID value found.
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O4 - HKU\S-1-5-21-372863723-2970391944-1656933904-1000..\Run: [AdobeBridge] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    [2013.11.30 21:49:49 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

ESET Online Scanner

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Question

Still Internet Issues?
  • 0

#6
Konaci

Konaci

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I have an SSD (C drive) for my operating system, and an HDD (A drive) for other stuff.

I'm stil having some internet issues.



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_USERS\S-1-5-21-372863723-2970391944-1656933904-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
C:\ProgramData\DP45977C.lfl moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Haavard
->Temp folder emptied: 15379681 bytes
->Temporary Internet Files folder emptied: 12674098 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 366133629 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1049 bytes

User: Public

User: ÅËÅÍÇ

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6734 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 376,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12012013_224949

Files\Folders moved on Reboot...
C:\Users\Haavard\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Haavard\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Haavard :: HAAVARD-PC [limited]

Protection: Enabled

01.12.2013 22:54:33
mbam-log-2013-12-01 (22-54-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218840
Time elapsed: 1 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\39aa630.msi (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.

(end)





A:\HAAVARD-PC\Backup Set 2013-01-13 190000\Backup Files 2013-01-20 190000\Backup files 1.zip Win32/Adware.MultiPlug.H application
A:\HAAVARD-PC\Backup Set 2013-01-13 190000\Backup Files 2013-01-27 190000\Backup files 1.zip Win32/Adware.MultiPlug.H application
A:\HAAVARD-PC\Backup Set 2013-01-13 190000\Backup Files 2013-02-03 190000\Backup files 2.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-02-10 190000\Backup Files 2013-02-10 190000\Backup files 4.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-02-10 190000\Backup Files 2013-02-24 190000\Backup files 1.zip Win32/Adware.AddLyrics.F application
A:\HAAVARD-PC\Backup Set 2013-02-10 190000\Backup Files 2013-02-24 190000\Backup files 2.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-02-10 190000\Backup Files 2013-03-03 190000\Backup files 1.zip Win32/Adware.AddLyrics.F application
A:\HAAVARD-PC\Backup Set 2013-02-10 190000\Backup Files 2013-03-03 190000\Backup files 2.zip Win32/Adware.AddLyrics.F application
A:\HAAVARD-PC\Backup Set 2013-03-10 190000\Backup Files 2013-03-10 190000\Backup files 1.zip Win32/Adware.AddLyrics.F application
A:\HAAVARD-PC\Backup Set 2013-03-10 190000\Backup Files 2013-03-10 190000\Backup files 4.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-03-10 190000\Backup Files 2013-03-31 194829\Backup files 2.zip Win32/Adware.MultiPlug.H application
A:\HAAVARD-PC\Backup Set 2013-03-10 190000\Backup Files 2013-04-14 190008\Backup files 2.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-04-21 190001\Backup Files 2013-04-21 190001\Backup files 1.zip Win32/Adware.AddLyrics.F application
A:\HAAVARD-PC\Backup Set 2013-04-21 190001\Backup Files 2013-04-21 190001\Backup files 4.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-04-21 190001\Backup Files 2013-05-05 190000\Backup files 1.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-04-21 190001\Backup Files 2013-05-19 190000\Backup files 1.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-05-26 190000\Backup Files 2013-05-26 190000\Backup files 1.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-05-26 190000\Backup Files 2013-05-26 190000\Backup files 2.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-05-26 190000\Backup Files 2013-05-26 190000\Backup files 3.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-07-14 190000\Backup Files 2013-07-14 190000\Backup files 1.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-07-14 190000\Backup Files 2013-07-14 190000\Backup files 2.zip Win32/Adware.AddLyrics.F application
A:\HAAVARD-PC\Backup Set 2013-07-14 190000\Backup Files 2013-07-14 190000\Backup files 4.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-08-25 190000\Backup Files 2013-08-25 190000\Backup files 1.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-08-25 190000\Backup Files 2013-08-25 190000\Backup files 2.zip Win32/Adware.AddLyrics.F application
A:\HAAVARD-PC\Backup Set 2013-08-25 190000\Backup Files 2013-08-25 190000\Backup files 4.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-08-25 190000\Backup Files 2013-09-01 190000\Backup files 2.zip Win32/Adware.MultiPlug.H application
A:\HAAVARD-PC\Backup Set 2013-09-29 190000\Backup Files 2013-09-29 190000\Backup files 1.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-09-29 190000\Backup Files 2013-09-29 190000\Backup files 2.zip Win32/Adware.AddLyrics.F application
A:\HAAVARD-PC\Backup Set 2013-09-29 190000\Backup Files 2013-09-29 190000\Backup files 4.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-10-27 190000\Backup Files 2013-10-27 190000\Backup files 1.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-10-27 190000\Backup Files 2013-10-27 190000\Backup files 2.zip Win32/Adware.AddLyrics.F application
A:\HAAVARD-PC\Backup Set 2013-10-27 190000\Backup Files 2013-10-27 190000\Backup files 4.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-11-24 190000\Backup Files 2013-11-24 190000\Backup files 1.zip multiple threats
A:\HAAVARD-PC\Backup Set 2013-11-24 190000\Backup Files 2013-11-24 190000\Backup files 2.zip Win32/Adware.AddLyrics.F application
A:\HAAVARD-PC\Backup Set 2013-11-24 190000\Backup Files 2013-11-24 190000\Backup files 3.zip multiple threats
A:\_OTL\MovedFiles\11302013_214907\C_Users\Haavard\AppData\Roaming\miner.dll a variant of Win32/BitCoinMiner.H application
A:\_OTL\MovedFiles\11302013_214907\C_Users\Haavard\AppData\Roaming\nsdiuyeir.exe a variant of Win32/BitCoinMiner.P application
C:\AdwCleaner\Quarantine\C\ProgramData\BrooWseu2savee\5155e7866367e.dll.vir a variant of Win32/Adware.MultiPlug.I application
C:\AdwCleaner\Quarantine\C\ProgramData\continuetosave\511590cb5ac89.dll.vir a variant of Win32/Adware.MultiPlug.I application
C:\AdwCleaner\Quarantine\C\ProgramData\Download and Sa\5081676b8a07f.html.vir Win32/Adware.MultiPlug.H application
C:\AdwCleaner\Quarantine\C\ProgramData\Download and Sa\bhaheoceohmmfbdhppplnkambklnjnhf.crx.vir Win32/Adware.MultiPlug.H application
C:\AdwCleaner\Quarantine\C\ProgramData\saaveansharee\52233a787121b.dll.vir a variant of Win32/Adware.MultiPlug.I application
C:\AdwCleaner\Quarantine\C\ProgramData\SEEaorcha-NewTTAeb\5155e7ac8fd4b.dll.vir a variant of Win32/Adware.MultiPlug.I application
C:\AdwCleaner\Quarantine\C\Users\Haavard\AppData\Local\AddLyrics\contentscript.js.vir Win32/Adware.AddLyrics.F application
C:\AdwCleaner\Quarantine\C\Users\Haavard\AppData\Local\Smartbar\Application\1Extension.crx.vir Win32/Toolbar.Linkury.D application
C:\AdwCleaner\Quarantine\C\Users\Haavard\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir a variant of MSIL/Toolbar.Linkury.A application
C:\AdwCleaner\Quarantine\C\Users\Haavard\AppData\Local\Smartbar\Application\QuickShare.exe.vir a variant of Win32/Toolbar.Linkury.A application
C:\AdwCleaner\Quarantine\C\Users\Haavard\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettings.dll.vir a variant of MSIL/Toolbar.Linkury.C application
C:\AdwCleaner\Quarantine\C\Users\Haavard\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_16.dll.vir Win32/Toolbar.Linkury.D application
C:\AdwCleaner\Quarantine\C\Users\Haavard\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_17.dll.vir Win32/Toolbar.Linkury.D application
C:\AdwCleaner\Quarantine\C\Users\Haavard\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_18.dll.vir Win32/Toolbar.Linkury.D application
C:\AdwCleaner\Quarantine\C\Users\Haavard\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_19.dll.vir Win32/Toolbar.Linkury.D application
C:\AdwCleaner\Quarantine\C\Users\Haavard\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_20.dll.vir Win32/Toolbar.Linkury.D application
C:\AdwCleaner\Quarantine\C\Users\Haavard\AppData\Local\Smartbar\Application\[email protected]\components\SmartbarFireFoxRemotePlugin_21.dll.vir Win32/Toolbar.Linkury.D application
C:\Windows\AutoKMS\AutoKMS.exe MSIL/HackKMS.A application




Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Wise Disk Cleaner 7.97
Java™ 6 Update 29
Java 7 Update 45
Adobe Flash Player 11.9.900.152
Adobe Reader XI
Google Chrome 31.0.1650.48
Google Chrome 31.0.1650.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
  • 0

#7
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
SideBar Advice

In your logs I see that Windows SideBar is running! At the moment Windows Sidebar has a security vulnerability and so I recommend you to disable it for a while. More information is here so far I noticed.

To disable Windows Sidebar please follow the instructions below:

  • Download the FixIt from here to your Desktop
  • Double click on MicrosoftFixit50906.msi and follow the prompts to disable Windows Sidebar and gadgets. Once finished, reboot your computer if not advised to do so.

Illegal Software Warning

I see some files which are related to Cracks, Keygens etc. :) Below I list you which files are illegal and please remove them. Using illegal software is against the rules and we can't support (also if I love to help you!). :) Don't understand that wrong but I have to warn you about that.

Illegal files/folders:

  • C:\Windows\AutoKMS\AutoKMS.exe

This is related to a cracked office. Please remove the file and the software yourself.

Warning

Also, you should be informed that your BackUp is infected! Maybe it would be prudent deleting the backups ...

MiniTool Box

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

CKScanner

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Question

Still issues?
  • 1

#8
Konaci

Konaci

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you for all your help, but i think I'm just going to to a reformat and wipe my harddisk's :)
  • 0

#9
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
OK , in my opinion a very good decision. :thumbsup: I'll let my teacher know and if you haven't any question etc. we will close the topic here.
  • 0

#10
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP