Jump to content

Shvensk

Members
 View Profile  See their activity

  • Posts

    41

  • Joined

  • Last visited

About Shvensk

  • Birthday 6/25/1995

Personal Information

  • Occupation
    Student

Tech Info

  • Experience
    beginner
  • System: windows_7_home_premium

Shvensk's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. Shvensk
    Cool beans. Thanks for the help, and I would try to get rid of those 'orphan' entries, but unfortunately I'm too lazy. If they're not that important, I'll just ignore them.
  2. Shvensk
    It seems as though my latest post never showed up here. Anyways, what I wrote was that my computer seems to be working perfectly now. I don't understand why, but it seems as though it fixed itself, or something I did worked. My CPU isn't all getting used up anymore, and anything I run runs smoothly. I also want to know if there's anything I still need to do now, or if this is considered fixed.
  3. Shvensk
    I actually ran OTL a long time ago, so I have no idea if I still have that old Extras.txt, can I make a new one? And I think the problem is svchost, since when I open task manager, several svchost processes will be using up 20-ish% of my CPU each, adding up to around 80-90%. I know the general idea of what the svchost processes are. They're in charge of vital Windows services, I think. Finally, the stopped items are due to me thinking that if I stop the stuff that's not all too important, it might speed up my computer a little. This was probably done before I really understood anything, so if you want me to make them run, just let me know.
  4. Shvensk
    Okay, I completed the OTL scan. However, the Extras.txt didn't show up, but I did get the OTL.txt: ========================================================== OTL logfile created on: 1/20/2013 12:21:55 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Henrik Lindholm\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 6.23 Gb Available Physical Memory | 78.01% Memory free 15.96 Gb Paging File | 13.99 Gb Available in Paging File | 87.65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 227.23 Gb Total Space | 154.72 Gb Free Space | 68.09% Space Free | Partition Type: NTFS Drive S: | 698.63 Gb Total Space | 524.39 Gb Free Space | 75.06% Space Free | Partition Type: NTFS Computer Name: TORCHWOOD-PC | User Name: Henrik Lindholm | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Henrik Lindholm\Downloads\OTL.scr (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Users\Henrik Lindholm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe () PRC - C:\Program Files (x86)\AlienRespawn\SftService.exe (SoftThinks SAS) PRC - C:\Program Files (x86)\AlienRespawn\Toaster.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files\Alienware\Command Center\AlienFusionController.exe () PRC - C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision ) PRC - C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe (Sensible Vision ) PRC - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe (Sensible Vision ) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\07ea9ea39e1fddc8e4fe8850c849309e\System.WorkflowServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.53.0__bebb3c8816410241\AlienLabsTools.dll () MOD - C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.53.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe () MOD - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe () MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll () MOD - C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll () MOD - C:\Program Files\Alienware\Command Center\AlienFusionController.exe () MOD - C:\Windows\SysWOW64\FAIEExtension.dll () MOD - C:\Windows\SysWOW64\FAib.dll () MOD - C:\Windows\SysWOW64\FACrashRpt.dll () ========== Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) SRV:64bit: - (AlienFusionService) -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Alienware) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (FAService) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe (Sensible Vision ) SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (SftService) -- C:\Program Files (x86)\AlienRespawn\SftService.exe (SoftThinks SAS) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys () DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (EMSC) -- C:\Windows\SysNative\drivers\EMSC.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (FACAP) -- C:\Windows\SysNative\drivers\facap.sys (Sensible Vision ) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (EMSC) -- C:\Windows\SysWOW64\drivers\EMSC.sys (Windows ® Win 7 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [string data over 1000 bytes] IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms} IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 18:34:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 18:34:54 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Iminent (Enabled) = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\4.43.0_0\npIminent.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Java Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Privacy SafeGuard = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\ CHR - Extension: Iminent = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\4.43.0_0\ CHR - Extension: Gmail = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012/07/27 08:00:29 | 000,000,808 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision ) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found. O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe () O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [FAStartup] File not found O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision ) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKCU..\Run: [C3] File not found O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Henrik Lindholm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O1364bit: - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A857DA1-26BF-4528-8E0E-F63C9AA3EA0B}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AF6957B-66E4-4A9C-AF41-7B491B64CBC9}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AF6957B-66E4-4A9C-AF41-7B491B64CBC9}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAF5E964-6261-4D67-A780-29E52408DAC9}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAF5E964-6261-4D67-A780-29E52408DAC9}: NameServer = 8.26.56.26,156.154.70.22 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll () O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AlienFX Controller - hkey= - key= - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Iminent - hkey= - key= - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) MsConfig:64bit - StartUpReg: IminentMessenger - hkey= - key= - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) MsConfig:64bit - StartUpReg: Integrated Webcam Live! Central - hkey= - key= - C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Logitech Download Assistant - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: PrivitizeVPNInstaller - hkey= - key= - File not found MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Henrik Lindholm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/01/18 19:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/18 19:25:27 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/01/18 19:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/01/18 19:25:00 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\Programs [2013/01/16 15:40:22 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013/01/16 15:32:25 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/01/16 15:32:24 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/01/16 15:32:24 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/01/12 13:32:38 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013/01/12 13:32:38 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013/01/12 13:32:38 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013/01/12 13:32:37 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013/01/12 13:32:37 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013/01/12 13:32:37 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013/01/12 13:32:37 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013/01/12 13:32:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013/01/12 13:32:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013/01/12 13:32:36 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013/01/12 13:32:36 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013/01/12 13:32:36 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013/01/12 13:32:36 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013/01/12 13:32:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013/01/12 13:32:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013/01/12 13:32:35 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013/01/12 13:32:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013/01/12 13:32:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013/01/12 13:32:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013/01/12 13:32:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013/01/12 13:32:34 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013/01/12 13:32:34 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013/01/12 13:32:34 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013/01/12 13:32:34 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013/01/12 13:32:29 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013/01/12 13:32:29 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013/01/12 13:32:29 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013/01/12 13:32:28 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013/01/12 13:32:28 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013/01/12 13:32:28 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013/01/12 13:32:28 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013/01/12 13:32:28 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013/01/12 13:30:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/01/12 13:30:40 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/01/12 13:30:40 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/01/12 13:28:46 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013/01/12 13:12:06 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/01/12 13:12:02 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/01/12 13:11:59 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/01/12 13:11:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/01/12 13:11:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/01/12 13:11:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/01/12 13:11:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/01/12 13:11:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/01/12 13:11:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/01/12 13:11:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/01/12 13:11:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/01/12 13:11:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/01/12 13:11:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/01/12 13:11:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/12 13:11:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/01/12 13:11:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/01/12 13:11:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/01/12 13:11:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/01/12 13:11:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/12 13:11:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/01/12 13:11:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/12 13:11:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/12 13:11:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/01/12 13:11:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/01/12 13:11:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/01/12 13:11:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/12 13:11:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/12 13:11:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/01/12 13:11:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/01/12 13:11:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/12 13:11:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/12 13:11:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/12 13:11:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/12 13:11:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/01/12 13:11:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/12 13:11:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/01/12 13:11:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/01/12 13:11:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/01/12 13:11:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/12 13:11:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/12 13:11:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/12 13:11:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/12 13:11:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/12 13:11:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/01/12 13:11:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/01/12 13:11:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/12 13:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/01/12 13:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/01/12 13:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/01/12 13:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/01/12 13:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/01/12 13:11:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/01/12 13:11:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/12 13:11:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/01/12 13:11:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/01/12 13:11:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/01/12 13:11:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/01/12 13:11:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/01/12 13:11:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/01/12 13:11:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/12 13:11:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/01/12 13:11:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/01/12 13:11:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/12 13:11:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/01/12 13:11:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/01/12 13:11:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/01/12 13:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/01/12 13:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/01/12 13:11:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/01/12 13:07:02 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013/01/10 15:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity [2013/01/10 15:16:41 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Roaming\Audacity [2013/01/10 15:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2013/01/09 16:14:51 | 002,712,200 | ---- | C] (Sysinternals - http://www.sysinternals.com) -- C:\Users\Henrik Lindholm\Desktop\procexp.exe [2013/01/02 20:24:05 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\Mumble [2013/01/01 19:15:20 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Roaming\Mumble [2013/01/01 19:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble [2013/01/01 19:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble [2012/12/31 19:00:41 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\dxhr [2012/12/31 18:35:42 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\28050 [2012/12/30 14:33:27 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\My Games [2012/12/27 12:50:18 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\Darksiders2 [2012/12/27 12:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/12/27 12:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/12/27 12:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/12/27 12:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/12/27 12:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/12/26 23:57:25 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\Documents\Thief - Deadly Shadows [2012/12/26 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\Documents\Eidos [2012/12/26 21:34:40 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Roaming\System [2012/12/26 21:34:35 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\Documents\Universe Sandbox [2012/12/26 21:34:35 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\Universe Sandbox [2012/12/26 21:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Henrik Lindholm\AppData\Roaming\wyUpdate AU [2012/12/23 14:07:36 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Roaming\Beat Hazard [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/20 12:19:13 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/20 12:19:13 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/20 12:16:03 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/20 12:16:03 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/20 12:16:03 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/20 12:12:55 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/20 12:11:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/20 12:11:25 | 2133,188,607 | -HS- | M] () -- C:\hiberfil.sys [2013/01/19 13:57:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/19 13:49:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/18 19:25:41 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/14 19:33:50 | 000,002,285 | ---- | M] () -- C:\Users\Henrik Lindholm\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/14 16:02:00 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/01/13 12:00:15 | 000,463,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/13 02:22:36 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/01/12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/01/10 15:16:17 | 000,001,013 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Audacity.lnk [2013/01/08 16:51:16 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/01/08 16:51:15 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/01/02 22:11:03 | 000,000,208 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Awesomenauts.url [2013/01/01 19:27:34 | 000,000,976 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Guild Wars.lnk [2013/01/01 19:27:04 | 000,000,999 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Guild Wars 2.lnk [2013/01/01 19:26:48 | 000,001,090 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\StarCraft II.lnk [2013/01/01 19:26:18 | 000,001,131 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Diablo III Launcher.lnk [2013/01/01 19:23:29 | 000,002,379 | ---- | M] () -- C:\Users\Henrik Lindholm\Documents\MumbleAutomaticCertificateBackup.p12 [2013/01/01 19:13:31 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk [2013/01/01 10:52:57 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Deus Ex Human Revolution.url [2012/12/30 18:16:30 | 000,000,208 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\The Binding of Isaac.url [2012/12/30 14:11:31 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/12/30 14:11:16 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/12/30 14:11:15 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2012/12/30 13:41:27 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Far Cry 2.url [2012/12/29 13:05:52 | 000,000,206 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Warhammer 40,000 Dawn of War - Game of the Year Edition.url [2012/12/29 13:05:22 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\The Witcher 2 Assassins of Kings Enhanced Edition.url [2012/12/29 13:04:02 | 000,000,206 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Tomb Raider Underworld.url [2012/12/29 13:03:58 | 000,000,206 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Titan Quest.url [2012/12/29 13:03:54 | 000,000,206 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Thief Deadly Shadows.url [2012/12/29 13:03:46 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Metro 2033.url [2012/12/29 13:03:41 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Darksiders II.url [2012/12/29 13:03:31 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Borderlands 2.url [2012/12/29 13:03:27 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Beat Hazard.url [2012/12/29 13:03:22 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Universe Sandbox.url [2012/12/29 13:02:07 | 000,000,208 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Terraria.url [2012/12/29 13:02:02 | 000,000,192 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Sven Co-op.url [2012/12/29 13:01:58 | 000,000,208 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Super Monday Night Combat.url [2012/12/29 13:01:55 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Super Meat Boy.url [2012/12/29 13:01:51 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Spiral Knights.url [2012/12/29 13:01:48 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Saints Row The Third.url [2012/12/29 13:01:41 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Red Faction Armageddon.url [2012/12/29 13:00:26 | 000,000,208 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Realm of the Mad God.url [2012/12/29 13:00:22 | 000,000,205 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Portal.url [2012/12/29 13:00:15 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Pirates, Vikings, & Knights II.url [2012/12/29 12:59:00 | 000,000,204 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Half-Life.url [2012/12/29 12:58:56 | 000,000,206 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Garry's Mod.url [2012/12/29 12:58:45 | 000,000,205 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Dota 2.url [2012/12/29 12:58:35 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Darksiders.url [2012/12/29 12:58:31 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Company of Heroes Tales of Valor.url [2012/12/29 12:58:23 | 000,000,206 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Company of Heroes Opposing Fronts.url [2012/12/29 12:57:09 | 000,000,206 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Company of Heroes.url [2012/12/29 12:57:05 | 000,000,208 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Castle Crashers.url [2012/12/29 12:56:52 | 000,000,205 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Alien Swarm.url [2012/12/27 12:31:37 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/12/26 18:47:58 | 000,000,956 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Steam.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/01/18 19:25:41 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/10 15:16:17 | 000,001,013 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Audacity.lnk [2013/01/10 15:16:16 | 000,001,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2013/01/02 22:11:03 | 000,000,208 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Awesomenauts.url [2013/01/01 19:27:36 | 000,000,976 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Guild Wars.lnk [2013/01/01 19:27:06 | 000,000,999 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Guild Wars 2.lnk [2013/01/01 19:26:50 | 000,001,090 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\StarCraft II.lnk [2013/01/01 19:26:24 | 000,001,131 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Diablo III Launcher.lnk [2013/01/01 19:23:29 | 000,002,379 | ---- | C] () -- C:\Users\Henrik Lindholm\Documents\MumbleAutomaticCertificateBackup.p12 [2013/01/01 19:13:31 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk [2013/01/01 10:52:57 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Deus Ex Human Revolution.url [2012/12/30 18:16:30 | 000,000,208 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\The Binding of Isaac.url [2012/12/30 14:11:16 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/12/30 14:11:15 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012/12/30 14:11:15 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/12/30 13:41:27 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Far Cry 2.url [2012/12/29 13:05:22 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\The Witcher 2 Assassins of Kings Enhanced Edition.url [2012/12/29 13:04:06 | 000,000,206 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Warhammer 40,000 Dawn of War - Game of the Year Edition.url [2012/12/29 13:03:58 | 000,000,206 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Titan Quest.url [2012/12/29 13:03:46 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Metro 2033.url [2012/12/29 13:03:31 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Borderlands 2.url [2012/12/29 13:03:27 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Beat Hazard.url [2012/12/29 13:02:12 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Universe Sandbox.url [2012/12/29 13:02:07 | 000,000,208 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Terraria.url [2012/12/29 13:02:02 | 000,000,192 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Sven Co-op.url [2012/12/29 13:01:58 | 000,000,208 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Super Monday Night Combat.url [2012/12/29 13:01:55 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Super Meat Boy.url [2012/12/29 13:01:51 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Spiral Knights.url [2012/12/29 13:01:48 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Saints Row The Third.url [2012/12/29 13:00:31 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Red Faction Armageddon.url [2012/12/29 13:00:26 | 000,000,208 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Realm of the Mad God.url [2012/12/29 13:00:22 | 000,000,205 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Portal.url [2012/12/29 12:59:05 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Pirates, Vikings, & Knights II.url [2012/12/29 12:59:00 | 000,000,204 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Half-Life.url [2012/12/29 12:58:56 | 000,000,206 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Garry's Mod.url [2012/12/29 12:58:45 | 000,000,205 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Dota 2.url [2012/12/29 12:58:35 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Darksiders.url [2012/12/29 12:58:31 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Company of Heroes Tales of Valor.url [2012/12/29 12:57:13 | 000,000,206 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Company of Heroes Opposing Fronts.url [2012/12/29 12:57:09 | 000,000,206 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Company of Heroes.url [2012/12/29 12:57:05 | 000,000,208 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Castle Crashers.url [2012/12/29 12:56:52 | 000,000,205 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Alien Swarm.url [2012/12/27 12:31:37 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/12/27 12:10:35 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Darksiders II.url [2012/12/26 18:58:14 | 000,000,206 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Tomb Raider Underworld.url [2012/12/26 18:54:42 | 000,000,206 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Thief Deadly Shadows.url [2012/12/26 18:48:05 | 000,000,956 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Steam.lnk [2012/12/14 23:27:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2012/07/06 10:07:39 | 000,007,626 | ---- | C] () -- C:\Users\Henrik Lindholm\AppData\Local\Resmon.ResmonCfg [2012/06/26 22:06:02 | 000,000,784 | ---- | C] () -- C:\Users\Henrik Lindholm\AppData\Roaming\result.db [2012/03/14 18:32:14 | 000,202,807 | ---- | C] () -- C:\Windows\hpoins18.dat [2012/03/14 18:32:14 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat [2012/03/10 23:30:25 | 000,005,120 | ---- | C] () -- C:\Users\Henrik Lindholm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/28 23:19:30 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2012/02/09 16:22:08 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2012/02/09 16:22:08 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011/02/10 11:10:51 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/18 17:59:03 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\.minecraft [2013/01/10 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\Audacity [2012/07/02 18:09:36 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\Azureus [2012/12/28 14:02:48 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\Beat Hazard [2012/12/16 16:19:42 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\GZero [2012/02/09 21:20:27 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\IDT [2012/03/04 18:15:54 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\Iminent [2012/05/09 14:14:15 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\JCreator [2013/01/17 18:56:46 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\KeeperData [2012/05/02 17:10:58 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\LolClient [2012/05/23 15:45:28 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\LolClient2 [2012/02/25 20:13:55 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\MoreTerra [2013/01/10 20:20:32 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\Mumble [2012/02/18 14:04:28 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\PCDr [2012/02/24 00:26:58 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\RotMG.Production [2012/12/27 16:29:16 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\Spotify [2012/12/26 21:34:40 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\System [2012/12/15 00:16:41 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\Tunngle [2012/12/26 22:20:05 | 000,000,000 | -HSD | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\wyUpdate AU ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/06/03 07:05:33 | 000,050,989 | ---- | M] () -- C:\aaw7boot.log [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2013/01/20 12:11:25 | 2133,188,607 | -HS- | M] () -- C:\hiberfil.sys [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2012/02/02 21:04:20 | 000,028,219 | RH-- | M] () -- C:\mfg.sdr [2013/01/20 12:11:31 | 4275,908,607 | -HS- | M] () -- C:\pagefile.sys [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/02/02 20:54:07 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/02/02 20:54:07 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/02/02 20:54:07 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/02/02 20:54:07 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/02/02 20:54:07 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/02/02 20:54:07 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) < End of report >
  5. Shvensk
    I took that log from before I did anything, since I didn't know it would generate one afterwards. I did actually delete the 5 files, but not the registry keys, since the selection boxes were automatically checked for the files. Since the registry keys weren't checked already, I thought it might be bad to delete them. If you want me to delete them as well, then there's another problem. My MBAM says that the trial is up, and I don't want to have to buy it. Another thing, for some reason when I try to uninstall MBAM, I blue screen.
  6. Shvensk
    Ok, it took a while, but here's the log: ============================= Malwarebytes Anti-Malware 1.70.0.1100 http://www.malwarebytes.org Database version: v2013.01.18.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Anonymous :: TORCHWOOD-PC [administrator] 1/18/2013 7:28:03 PM MBAM-log-2013-01-19 (00-02-02).txt Scan type: Full scan (C:\|D:\|S:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 428555 Time elapsed: 4 hour(s), 33 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Users\Anonymous\AppData\Local\Temp\wtf5803.tmp (Malware.NSPack) -> No action taken. C:\Users\Anonymous\AppData\Local\Temp\wtf7478.tmp (Malware.NSPack) -> No action taken. C:\Users\Anonymous\AppData\Local\Temp\wtf84F.tmp (Malware.NSPack) -> No action taken. C:\Users\Anonymous\AppData\Local\Temp\wtfE60F.tmp (Malware.NSPack) -> No action taken. C:\Users\Anonymous\AppData\Local\Temp\wtfE812.tmp (Malware.NSPack) -> No action taken. (end)
  7. Shvensk
    Basically, the problem is that my CPU usage will constantly spike up to 80-90%, and when I check the task manager the culprit is svchost. However, I can't pinpoint any specific service that's using up the CPU, since several of the svchost processes are to blame, not just one.
  8. Shvensk
    Ah, thanks for that KenB. Every single 0x80070005 problem disappeared, but the other "Make sure the binary is stored at the specific path or debug it to check for problems with the binary or dependent .DLL files" errors still persist. I was, however able to complete the fix and I'll see if the CPU problem is fixed or not. By the way, I've done PLENTY of scans and checks, and I'm almost certain that malware is not the issue. EDIT: I found that svchost is still acting up, so that fix didn't work. I still don't know how to fix svchost, and I've already tried disabling Windows Update in the past, but that hasn't worked.
  9. Shvensk
    So I've had trouble with svchost for a while, and I've looked at some fixes that have worked for others, like disabling Task Scheduler or Windows Update. I tried both, but no success. I recently stumbled across this website --> http://www.windowsanswers.net/articles/fix-svchost-exe, and I tried to go through the steps. However, I get some error messages along the way, and I'm thinking that they might help pinpoint what the problem is. I started getting the problems when I started typing into the command prompt. I'll list every error message, since I don't want to miss something. When I typed in: regsvr32 wuaueng.dll - "The module 'wuaueng.dll' was loaded but the call to DllRegisterServer failed with the error code 0x80070005." regsvr32 wuaueng1.dll - "The module 'wuaueng1.dll' failed to load. Make sure the binary is stored at the specific path or debug it to check for problems with the binary or dependent .DLL files." regsvr32 wucltui.dll - "The module 'wucltui.dll' failed to load. Make sure the binary is stored at the specific path or debug it to check for problems with the binary or dependent .DLL files." regsvr32 wups.dll - "The module 'wups.dll' was loaded but the call to DllRegisterServer failed with the error code 0x80070005." regsvr32 wups2.dll - "The module 'wups2.dll' was loaded but the call to DllRegisterServer failed with the error code 0x80070005." regsvr32 wuweb.dll - "The module 'wuweb.dll' failed to load. Make sure the binary is stored at the specific path or debug it to check for problems with the binary or dependent .DLL files." Note that the regsvr32 atl.dll worked, which is why it isn't there. When I got to the bottom with the deletion of corrupted windows update files, when I typed in the first command there, I got the error - System error 5 has occured. Access is denied. In the end, I don't know what the problem is, but I'm hoping someone who knows their stuff can help me out. I'm not skilled with the inner workings of computers, so if you can help, then please keep it simple. Thank you for your time, I hope I can fix this problem soon.
  10. Shvensk
    The scan just finished. It took quite a while, but here's the report. OTL.scr;C:\Documents and Settings\Henrik Lindholm\Desktop\Computer Fix Stuff;Trojan.Siggen4.4395;Incurable.Moved.; OTL.scr;C:\Documents and Settings\Henrik Lindholm\DoctorWeb\Quarantine;Trojan.Siggen4.4395;Incurable.Moved.;
  11. Shvensk
    I just want to say that I'm back. However, the Dr.Web CureIt has been running for just a bit more than a day, and so far I got through the initial scan, but it's only about 10% done the complete scan. If it doesn't speed up, it won't finish for about a week. xD
  12. Shvensk
    Sorry, I've been busy with stuff lately. I'll try to do it right away though. I'm off to a camp soon, so I'll be gone for a while. I'll report if I can complete this before I leave.
  13. Shvensk
    Sorry, nothing was generated. I couldn't find a text file anywhere.
  14. Shvensk
    Problem. I installed/renamed ComboFix, disabled my antivirus, and then ran ComboFix, but after a short scan, my PC blue-screened and shut down. I've just turned it back on, and I don't know how to counter that. It's running fine now, but I don't think I should run ComboFix again unnecessarily unless we can stop that blue screen.
  15. Shvensk
    So far, I haven't heard anything abnormal. I probably would've heard something if the problem's with the machinery, so I guess that's another dead end.
×
×
  • Create New...