Shvensk Posted January 15, 2013 Posted January 15, 2013 So I've had trouble with svchost for a while, and I've looked at some fixes that have worked for others, like disabling Task Scheduler or Windows Update. I tried both, but no success. I recently stumbled across this website --> http://www.windowsanswers.net/articles/fix-svchost-exe, and I tried to go through the steps. However, I get some error messages along the way, and I'm thinking that they might help pinpoint what the problem is. I started getting the problems when I started typing into the command prompt. I'll list every error message, since I don't want to miss something. When I typed in: regsvr32 wuaueng.dll - "The module 'wuaueng.dll' was loaded but the call to DllRegisterServer failed with the error code 0x80070005." regsvr32 wuaueng1.dll - "The module 'wuaueng1.dll' failed to load. Make sure the binary is stored at the specific path or debug it to check for problems with the binary or dependent .DLL files." regsvr32 wucltui.dll - "The module 'wucltui.dll' failed to load. Make sure the binary is stored at the specific path or debug it to check for problems with the binary or dependent .DLL files." regsvr32 wups.dll - "The module 'wups.dll' was loaded but the call to DllRegisterServer failed with the error code 0x80070005." regsvr32 wups2.dll - "The module 'wups2.dll' was loaded but the call to DllRegisterServer failed with the error code 0x80070005." regsvr32 wuweb.dll - "The module 'wuweb.dll' failed to load. Make sure the binary is stored at the specific path or debug it to check for problems with the binary or dependent .DLL files." Note that the regsvr32 atl.dll worked, which is why it isn't there. When I got to the bottom with the deletion of corrupted windows update files, when I typed in the first command there, I got the error - System error 5 has occured. Access is denied. In the end, I don't know what the problem is, but I'm hoping someone who knows their stuff can help me out. I'm not skilled with the inner workings of computers, so if you can help, then please keep it simple. Thank you for your time, I hope I can fix this problem soon. Quote
Plastic Nev Posted January 15, 2013 Posted January 15, 2013 Hi Shvensk, I looked up that error code for you and it just may be tied to a security update, have a look at this Microsoft help page, see if any of it applies. Check out also other things that are linked in that write up too. http://support.microsoft.com/kb/904423 Being also tied to SCVHost, it may also be a possible malware problem, but we will worry about that if the Microsft article doesn't help. Nev. Quote Need help with your computer problems? Then why not join Free PC Help. Register here. If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. -------------------------------------------------------------------- I have installed Windows, now how do I install the curtains? 😄
KenB Posted January 15, 2013 Posted January 15, 2013 Hi ......was loaded but the call to DllRegisterServer failed with the error code 0x80070005 You can get this error if you try registering the .dll without admin permissions. Try the following : Start .....type in .....cmd.......right click on the cmd.exe that appears top left > now click on "Run as Administrator" Try the regsvr32 wuaueng.dll..... etcfrom here. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Shvensk Posted January 16, 2013 Author Posted January 16, 2013 (edited) Ah, thanks for that KenB. Every single 0x80070005 problem disappeared, but the other "Make sure the binary is stored at the specific path or debug it to check for problems with the binary or dependent .DLL files" errors still persist. I was, however able to complete the fix and I'll see if the CPU problem is fixed or not. By the way, I've done PLENTY of scans and checks, and I'm almost certain that malware is not the issue. EDIT: I found that svchost is still acting up, so that fix didn't work. I still don't know how to fix svchost, and I've already tried disabling Windows Update in the past, but that hasn't worked. Edited January 16, 2013 by Shvensk Quote
KenB Posted January 17, 2013 Posted January 17, 2013 I found that svchost is still acting up, Can you give us some more details as to what the exact problem is please ? Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Shvensk Posted January 17, 2013 Author Posted January 17, 2013 Basically, the problem is that my CPU usage will constantly spike up to 80-90%, and when I check the task manager the culprit is svchost. However, I can't pinpoint any specific service that's using up the CPU, since several of the svchost processes are to blame, not just one. Quote
KenB Posted January 18, 2013 Posted January 18, 2013 Run MBAM from here: click here You want the free version. It will produce a log - copy this and post it here please. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Shvensk Posted January 19, 2013 Author Posted January 19, 2013 Ok, it took a while, but here's the log: ============================= Malwarebytes Anti-Malware 1.70.0.1100 http://www.malwarebytes.org Database version: v2013.01.18.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Anonymous :: TORCHWOOD-PC [administrator] 1/18/2013 7:28:03 PM MBAM-log-2013-01-19 (00-02-02).txt Scan type: Full scan (C:\|D:\|S:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 428555 Time elapsed: 4 hour(s), 33 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 5 C:\Users\Anonymous\AppData\Local\Temp\wtf5803.tmp (Malware.NSPack) -> No action taken. C:\Users\Anonymous\AppData\Local\Temp\wtf7478.tmp (Malware.NSPack) -> No action taken. C:\Users\Anonymous\AppData\Local\Temp\wtf84F.tmp (Malware.NSPack) -> No action taken. C:\Users\Anonymous\AppData\Local\Temp\wtfE60F.tmp (Malware.NSPack) -> No action taken. C:\Users\Anonymous\AppData\Local\Temp\wtfE812.tmp (Malware.NSPack) -> No action taken. (end) Quote
KenB Posted January 19, 2013 Posted January 19, 2013 Hi I am unsure what the implications of what has been found are. I will ask one of our security experts to take a look and advise as to where we go from here :) Please be patient - they are busy guys. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Starbuck Posted January 19, 2013 Posted January 19, 2013 Hi Shvensk Can you please explain why the items in the MBAM report are marked as... No action taken Please update MBAM and run another scan: Start MBAM Click on the Update tab http://img.photobucket.com/albums/v708/starbuck50/new/mbamnew.png Click Check for Updates The latest Database Version is: v2013.01.19.09 If it says that MBAM needs to close to update it... let it close and then restart. Then click the Scan button. Don't forget: When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Thanks Quote Member of:UNITE
Shvensk Posted January 19, 2013 Author Posted January 19, 2013 I took that log from before I did anything, since I didn't know it would generate one afterwards. I did actually delete the 5 files, but not the registry keys, since the selection boxes were automatically checked for the files. Since the registry keys weren't checked already, I thought it might be bad to delete them. If you want me to delete them as well, then there's another problem. My MBAM says that the trial is up, and I don't want to have to buy it. Another thing, for some reason when I try to uninstall MBAM, I blue screen. Quote
Starbuck Posted January 19, 2013 Posted January 19, 2013 My MBAM says that the trial is up All this means is that you will no longer have MBAM running in Realtime. It will still function.... you don't have to buy it. You will have to update it manually and run a scan manually..... that's the only difference. Removing the registry items will cause no ill effect to your system. Another thing, for some reason when I try to uninstall MBAM, I blue screen. There's no need to uninstall MBAM. I have it installed and only run it manually. Let's try and get a better look at what's happening here. Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. Thanks Quote Member of:UNITE
Shvensk Posted January 20, 2013 Author Posted January 20, 2013 Okay, I completed the OTL scan. However, the Extras.txt didn't show up, but I did get the OTL.txt: ========================================================== OTL logfile created on: 1/20/2013 12:21:55 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Henrik Lindholm\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 6.23 Gb Available Physical Memory | 78.01% Memory free 15.96 Gb Paging File | 13.99 Gb Available in Paging File | 87.65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 227.23 Gb Total Space | 154.72 Gb Free Space | 68.09% Space Free | Partition Type: NTFS Drive S: | 698.63 Gb Total Space | 524.39 Gb Free Space | 75.06% Space Free | Partition Type: NTFS Computer Name: TORCHWOOD-PC | User Name: Henrik Lindholm | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Henrik Lindholm\Downloads\OTL.scr (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Users\Henrik Lindholm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe () PRC - C:\Program Files (x86)\AlienRespawn\SftService.exe (SoftThinks SAS) PRC - C:\Program Files (x86)\AlienRespawn\Toaster.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files\Alienware\Command Center\AlienFusionController.exe () PRC - C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision ) PRC - C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe (Sensible Vision ) PRC - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe (Sensible Vision ) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\07ea9ea39e1fddc8e4fe8850c849309e\System.WorkflowServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.53.0__bebb3c8816410241\AlienLabsTools.dll () MOD - C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.53.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe () MOD - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe () MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () MOD - C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll () MOD - C:\Program Files\Alienware\Command Center\AlienFusionDomain.dll () MOD - C:\Program Files\Alienware\Command Center\AlienFusionController.exe () MOD - C:\Windows\SysWOW64\FAIEExtension.dll () MOD - C:\Windows\SysWOW64\FAib.dll () MOD - C:\Windows\SysWOW64\FACrashRpt.dll () ========== Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) SRV:64bit: - (AlienFusionService) -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Alienware) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (FAService) -- C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe (Sensible Vision ) SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (SftService) -- C:\Program Files (x86)\AlienRespawn\SftService.exe (SoftThinks SAS) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys () DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (EMSC) -- C:\Windows\SysNative\drivers\EMSC.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (FACAP) -- C:\Windows\SysNative\drivers\facap.sys (Sensible Vision ) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (EMSC) -- C:\Windows\SysWOW64\drivers\EMSC.sys (Windows ® Win 7 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://AlienwareArena.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [string data over 1000 bytes] IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&oe=utf-8&rlz=1V4IPYX&q={searchTerms} IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 18:34:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/14 18:34:54 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Iminent (Enabled) = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\4.43.0_0\npIminent.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Java Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Privacy SafeGuard = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\ CHR - Extension: Iminent = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\4.43.0_0\ CHR - Extension: Gmail = C:\Users\Henrik Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012/07/27 08:00:29 | 000,000,808 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision ) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found. O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe () O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [FAStartup] File not found O4 - HKLM..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe (Sensible Vision ) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKCU..\Run: [C3] File not found O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Henrik Lindholm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O1364bit: - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A857DA1-26BF-4528-8E0E-F63C9AA3EA0B}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AF6957B-66E4-4A9C-AF41-7B491B64CBC9}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AF6957B-66E4-4A9C-AF41-7B491B64CBC9}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAF5E964-6261-4D67-A780-29E52408DAC9}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAF5E964-6261-4D67-A780-29E52408DAC9}: NameServer = 8.26.56.26,156.154.70.22 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll () O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AlienFX Controller - hkey= - key= - C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Iminent - hkey= - key= - C:\Program Files (x86)\Iminent\Iminent.exe (Iminent) MsConfig:64bit - StartUpReg: IminentMessenger - hkey= - key= - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent) MsConfig:64bit - StartUpReg: Integrated Webcam Live! Central - hkey= - key= - C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Logitech Download Assistant - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: PrivitizeVPNInstaller - hkey= - key= - File not found MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Henrik Lindholm\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/01/18 19:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/18 19:25:27 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/01/18 19:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/01/18 19:25:00 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\Programs [2013/01/16 15:40:22 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013/01/16 15:32:25 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/01/16 15:32:24 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/01/16 15:32:24 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/01/12 13:32:38 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013/01/12 13:32:38 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013/01/12 13:32:38 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013/01/12 13:32:37 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013/01/12 13:32:37 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013/01/12 13:32:37 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013/01/12 13:32:37 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013/01/12 13:32:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013/01/12 13:32:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013/01/12 13:32:36 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013/01/12 13:32:36 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013/01/12 13:32:36 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013/01/12 13:32:36 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013/01/12 13:32:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013/01/12 13:32:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013/01/12 13:32:35 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013/01/12 13:32:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013/01/12 13:32:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013/01/12 13:32:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013/01/12 13:32:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013/01/12 13:32:34 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013/01/12 13:32:34 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013/01/12 13:32:34 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013/01/12 13:32:34 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013/01/12 13:32:29 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013/01/12 13:32:29 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013/01/12 13:32:29 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013/01/12 13:32:28 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013/01/12 13:32:28 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013/01/12 13:32:28 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013/01/12 13:32:28 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013/01/12 13:32:28 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013/01/12 13:30:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/01/12 13:30:40 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/01/12 13:30:40 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/01/12 13:28:46 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013/01/12 13:12:06 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/01/12 13:12:02 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/01/12 13:11:59 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/01/12 13:11:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/01/12 13:11:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/01/12 13:11:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/01/12 13:11:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/01/12 13:11:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/01/12 13:11:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/01/12 13:11:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/01/12 13:11:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/01/12 13:11:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/01/12 13:11:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/01/12 13:11:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/12 13:11:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/01/12 13:11:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/01/12 13:11:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/01/12 13:11:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/01/12 13:11:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/12 13:11:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/01/12 13:11:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/12 13:11:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/12 13:11:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/01/12 13:11:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/01/12 13:11:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/01/12 13:11:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/12 13:11:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/12 13:11:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/01/12 13:11:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/01/12 13:11:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/12 13:11:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/12 13:11:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/12 13:11:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/12 13:11:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/01/12 13:11:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/12 13:11:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/01/12 13:11:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/01/12 13:11:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/01/12 13:11:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/12 13:11:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/12 13:11:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/12 13:11:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/12 13:11:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/12 13:11:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/01/12 13:11:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/01/12 13:11:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/12 13:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/01/12 13:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/01/12 13:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/01/12 13:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/01/12 13:11:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/01/12 13:11:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/01/12 13:11:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/12 13:11:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/01/12 13:11:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/01/12 13:11:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/01/12 13:11:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/01/12 13:11:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/01/12 13:11:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/01/12 13:11:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/12 13:11:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/01/12 13:11:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/01/12 13:11:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/12 13:11:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/01/12 13:11:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/01/12 13:11:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/01/12 13:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/01/12 13:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/01/12 13:11:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/01/12 13:07:02 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013/01/10 15:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity [2013/01/10 15:16:41 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Roaming\Audacity [2013/01/10 15:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2013/01/09 16:14:51 | 002,712,200 | ---- | C] (Sysinternals - http://www.sysinternals.com) -- C:\Users\Henrik Lindholm\Desktop\procexp.exe [2013/01/02 20:24:05 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\Mumble [2013/01/01 19:15:20 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Roaming\Mumble [2013/01/01 19:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble [2013/01/01 19:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble [2012/12/31 19:00:41 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\dxhr [2012/12/31 18:35:42 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\28050 [2012/12/30 14:33:27 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\My Games [2012/12/27 12:50:18 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\Darksiders2 [2012/12/27 12:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/12/27 12:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/12/27 12:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/12/27 12:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/12/27 12:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/12/26 23:57:25 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\Documents\Thief - Deadly Shadows [2012/12/26 22:34:31 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\Documents\Eidos [2012/12/26 21:34:40 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Roaming\System [2012/12/26 21:34:35 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\Documents\Universe Sandbox [2012/12/26 21:34:35 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Local\Universe Sandbox [2012/12/26 21:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Henrik Lindholm\AppData\Roaming\wyUpdate AU [2012/12/23 14:07:36 | 000,000,000 | ---D | C] -- C:\Users\Henrik Lindholm\AppData\Roaming\Beat Hazard [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/20 12:19:13 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/20 12:19:13 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/20 12:16:03 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/20 12:16:03 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/20 12:16:03 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/20 12:12:55 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/20 12:11:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/20 12:11:25 | 2133,188,607 | -HS- | M] () -- C:\hiberfil.sys [2013/01/19 13:57:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/19 13:49:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/18 19:25:41 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/14 19:33:50 | 000,002,285 | ---- | M] () -- C:\Users\Henrik Lindholm\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/14 16:02:00 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/01/13 12:00:15 | 000,463,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/13 02:22:36 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/01/12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/01/10 15:16:17 | 000,001,013 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Audacity.lnk [2013/01/08 16:51:16 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/01/08 16:51:15 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/01/02 22:11:03 | 000,000,208 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Awesomenauts.url [2013/01/01 19:27:34 | 000,000,976 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Guild Wars.lnk [2013/01/01 19:27:04 | 000,000,999 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Guild Wars 2.lnk [2013/01/01 19:26:48 | 000,001,090 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\StarCraft II.lnk [2013/01/01 19:26:18 | 000,001,131 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Diablo III Launcher.lnk [2013/01/01 19:23:29 | 000,002,379 | ---- | M] () -- C:\Users\Henrik Lindholm\Documents\MumbleAutomaticCertificateBackup.p12 [2013/01/01 19:13:31 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk [2013/01/01 10:52:57 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Deus Ex Human Revolution.url [2012/12/30 18:16:30 | 000,000,208 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\The Binding of Isaac.url [2012/12/30 14:11:31 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/12/30 14:11:16 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/12/30 14:11:15 | 002,250,024 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe [2012/12/30 13:41:27 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Far Cry 2.url [2012/12/29 13:05:52 | 000,000,206 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Warhammer 40,000 Dawn of War - Game of the Year Edition.url [2012/12/29 13:05:22 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\The Witcher 2 Assassins of Kings Enhanced Edition.url [2012/12/29 13:04:02 | 000,000,206 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Tomb Raider Underworld.url [2012/12/29 13:03:58 | 000,000,206 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Titan Quest.url [2012/12/29 13:03:54 | 000,000,206 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Thief Deadly Shadows.url [2012/12/29 13:03:46 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Metro 2033.url [2012/12/29 13:03:41 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Darksiders II.url [2012/12/29 13:03:31 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Borderlands 2.url [2012/12/29 13:03:27 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Beat Hazard.url [2012/12/29 13:03:22 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Universe Sandbox.url [2012/12/29 13:02:07 | 000,000,208 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Terraria.url [2012/12/29 13:02:02 | 000,000,192 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Sven Co-op.url [2012/12/29 13:01:58 | 000,000,208 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Super Monday Night Combat.url [2012/12/29 13:01:55 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Super Meat Boy.url [2012/12/29 13:01:51 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Spiral Knights.url [2012/12/29 13:01:48 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Saints Row The Third.url [2012/12/29 13:01:41 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Red Faction Armageddon.url [2012/12/29 13:00:26 | 000,000,208 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Realm of the Mad God.url [2012/12/29 13:00:22 | 000,000,205 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Portal.url [2012/12/29 13:00:15 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Pirates, Vikings, & Knights II.url [2012/12/29 12:59:00 | 000,000,204 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Half-Life.url [2012/12/29 12:58:56 | 000,000,206 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Garry's Mod.url [2012/12/29 12:58:45 | 000,000,205 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Dota 2.url [2012/12/29 12:58:35 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Darksiders.url [2012/12/29 12:58:31 | 000,000,207 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Company of Heroes Tales of Valor.url [2012/12/29 12:58:23 | 000,000,206 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Company of Heroes Opposing Fronts.url [2012/12/29 12:57:09 | 000,000,206 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Company of Heroes.url [2012/12/29 12:57:05 | 000,000,208 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Castle Crashers.url [2012/12/29 12:56:52 | 000,000,205 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Alien Swarm.url [2012/12/27 12:31:37 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/12/26 18:47:58 | 000,000,956 | ---- | M] () -- C:\Users\Henrik Lindholm\Desktop\Steam.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/01/18 19:25:41 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/10 15:16:17 | 000,001,013 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Audacity.lnk [2013/01/10 15:16:16 | 000,001,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2013/01/02 22:11:03 | 000,000,208 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Awesomenauts.url [2013/01/01 19:27:36 | 000,000,976 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Guild Wars.lnk [2013/01/01 19:27:06 | 000,000,999 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Guild Wars 2.lnk [2013/01/01 19:26:50 | 000,001,090 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\StarCraft II.lnk [2013/01/01 19:26:24 | 000,001,131 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Diablo III Launcher.lnk [2013/01/01 19:23:29 | 000,002,379 | ---- | C] () -- C:\Users\Henrik Lindholm\Documents\MumbleAutomaticCertificateBackup.p12 [2013/01/01 19:13:31 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk [2013/01/01 10:52:57 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Deus Ex Human Revolution.url [2012/12/30 18:16:30 | 000,000,208 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\The Binding of Isaac.url [2012/12/30 14:11:16 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/12/30 14:11:15 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012/12/30 14:11:15 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/12/30 13:41:27 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Far Cry 2.url [2012/12/29 13:05:22 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\The Witcher 2 Assassins of Kings Enhanced Edition.url [2012/12/29 13:04:06 | 000,000,206 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Warhammer 40,000 Dawn of War - Game of the Year Edition.url [2012/12/29 13:03:58 | 000,000,206 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Titan Quest.url [2012/12/29 13:03:46 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Metro 2033.url [2012/12/29 13:03:31 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Borderlands 2.url [2012/12/29 13:03:27 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Beat Hazard.url [2012/12/29 13:02:12 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Universe Sandbox.url [2012/12/29 13:02:07 | 000,000,208 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Terraria.url [2012/12/29 13:02:02 | 000,000,192 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Sven Co-op.url [2012/12/29 13:01:58 | 000,000,208 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Super Monday Night Combat.url [2012/12/29 13:01:55 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Super Meat Boy.url [2012/12/29 13:01:51 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Spiral Knights.url [2012/12/29 13:01:48 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Saints Row The Third.url [2012/12/29 13:00:31 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Red Faction Armageddon.url [2012/12/29 13:00:26 | 000,000,208 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Realm of the Mad God.url [2012/12/29 13:00:22 | 000,000,205 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Portal.url [2012/12/29 12:59:05 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Pirates, Vikings, & Knights II.url [2012/12/29 12:59:00 | 000,000,204 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Half-Life.url [2012/12/29 12:58:56 | 000,000,206 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Garry's Mod.url [2012/12/29 12:58:45 | 000,000,205 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Dota 2.url [2012/12/29 12:58:35 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Darksiders.url [2012/12/29 12:58:31 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Company of Heroes Tales of Valor.url [2012/12/29 12:57:13 | 000,000,206 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Company of Heroes Opposing Fronts.url [2012/12/29 12:57:09 | 000,000,206 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Company of Heroes.url [2012/12/29 12:57:05 | 000,000,208 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Castle Crashers.url [2012/12/29 12:56:52 | 000,000,205 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Alien Swarm.url [2012/12/27 12:31:37 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/12/27 12:10:35 | 000,000,207 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Darksiders II.url [2012/12/26 18:58:14 | 000,000,206 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Tomb Raider Underworld.url [2012/12/26 18:54:42 | 000,000,206 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Thief Deadly Shadows.url [2012/12/26 18:48:05 | 000,000,956 | ---- | C] () -- C:\Users\Henrik Lindholm\Desktop\Steam.lnk [2012/12/14 23:27:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2012/07/06 10:07:39 | 000,007,626 | ---- | C] () -- C:\Users\Henrik Lindholm\AppData\Local\Resmon.ResmonCfg [2012/06/26 22:06:02 | 000,000,784 | ---- | C] () -- C:\Users\Henrik Lindholm\AppData\Roaming\result.db [2012/03/14 18:32:14 | 000,202,807 | ---- | C] () -- C:\Windows\hpoins18.dat [2012/03/14 18:32:14 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat [2012/03/10 23:30:25 | 000,005,120 | ---- | C] () -- C:\Users\Henrik Lindholm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/02/28 23:19:30 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2012/02/09 16:22:08 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2012/02/09 16:22:08 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011/02/10 11:10:51 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/18 17:59:03 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\.minecraft [2013/01/10 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\Audacity [2012/07/02 18:09:36 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\Azureus [2012/12/28 14:02:48 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\Beat Hazard [2012/12/16 16:19:42 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\GZero [2012/02/09 21:20:27 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\IDT [2012/03/04 18:15:54 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\Iminent [2012/05/09 14:14:15 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\JCreator [2013/01/17 18:56:46 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\KeeperData [2012/05/02 17:10:58 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\LolClient [2012/05/23 15:45:28 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\LolClient2 [2012/02/25 20:13:55 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\MoreTerra [2013/01/10 20:20:32 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\Mumble [2012/02/18 14:04:28 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\PCDr [2012/02/24 00:26:58 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\RotMG.Production [2012/12/27 16:29:16 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\Spotify [2012/12/26 21:34:40 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\System [2012/12/15 00:16:41 | 000,000,000 | ---D | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\Tunngle [2012/12/26 22:20:05 | 000,000,000 | -HSD | M] -- C:\Users\Henrik Lindholm\AppData\Roaming\wyUpdate AU ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/06/03 07:05:33 | 000,050,989 | ---- | M] () -- C:\aaw7boot.log [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2013/01/20 12:11:25 | 2133,188,607 | -HS- | M] () -- C:\hiberfil.sys [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2012/02/02 21:04:20 | 000,028,219 | RH-- | M] () -- C:\mfg.sdr [2013/01/20 12:11:31 | 4275,908,607 | -HS- | M] () -- C:\pagefile.sys [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/02/02 20:54:07 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/02/02 20:54:07 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/02/02 20:54:07 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/01/07 19:06:24 | 001,248,360 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/02/02 20:54:07 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/02/02 20:54:07 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/02/02 20:54:07 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) < End of report > Quote
Starbuck Posted January 20, 2013 Posted January 20, 2013 Hi Shvensk Just a couple of things: However, the Extras.txt didn't show up, but I did get the OTL.txt: That is because the Extras.txt will only be produced by default on the first run. The report you posted is from a second run. The reports are saved in the same location as OTL. So in your case there should be an Extras.txt from the first run here: C:\Users\Henrik Lindholm\Downloads So I've had trouble with svchost for a while I should have asked this sooner, what makes you think you have problems with svchost? Do you understand what svchost does? Also there are quite a few items being stopped by msconfig..... alienware is being stopped, but a lot of alienware items are still loading. Please explain why you stopped these programs using msconfig. Thanks Quote Member of:UNITE
Shvensk Posted January 21, 2013 Author Posted January 21, 2013 I actually ran OTL a long time ago, so I have no idea if I still have that old Extras.txt, can I make a new one? And I think the problem is svchost, since when I open task manager, several svchost processes will be using up 20-ish% of my CPU each, adding up to around 80-90%. I know the general idea of what the svchost processes are. They're in charge of vital Windows services, I think. Finally, the stopped items are due to me thinking that if I stop the stuff that's not all too important, it might speed up my computer a little. This was probably done before I really understood anything, so if you want me to make them run, just let me know. Quote
Starbuck Posted January 21, 2013 Posted January 21, 2013 Hi Shvensk I have no idea if I still have that old Extras.txt, can I make a new one? Yes. Otl has to be run slightly differently to get the extras.txt to be displayed on another run. I'll explain later. the stopped items are due to me thinking that if I stop the stuff that's not all too important, it might speed up my computer a little. This was probably done before I really understood anything, so if you want me to make them run, just let me know. One of the reasons i asked is that i saw this in the report: Iminent.WebBooster If you didn't intentionally install it, it will need removing. Removing programs that have been stopped using msconfig can lead to problems with the uninstall. So if you are going to remove it ( which i do suggest) you will need to enable it again before removing it. ----------------- Double click on OTL to run it. Under the Extra Registry section, select Use SafeList. Don't check the boxes beside 'LOP Check' and 'Purity Check' this time. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. Thanks Quote Member of:UNITE
Shvensk Posted January 27, 2013 Author Posted January 27, 2013 It seems as though my latest post never showed up here. Anyways, what I wrote was that my computer seems to be working perfectly now. I don't understand why, but it seems as though it fixed itself, or something I did worked. My CPU isn't all getting used up anymore, and anything I run runs smoothly. I also want to know if there's anything I still need to do now, or if this is considered fixed. Quote
Starbuck Posted January 27, 2013 Posted January 27, 2013 Hi Shvensk If the system is running fine now, that's ok. There are some 'orphan' entries that can be removed from your OTL report.... but they're not really important. If you want them removed, just follow the 2nd part of my previous post and run OTL again with those instructions. Quote Member of:UNITE
Shvensk Posted January 29, 2013 Author Posted January 29, 2013 Cool beans. Thanks for the help, and I would try to get rid of those 'orphan' entries, but unfortunately I'm too lazy. If they're not that important, I'll just ignore them. Quote
Starbuck Posted January 29, 2013 Posted January 29, 2013 Hi Shvensk I would try to get rid of those 'orphan' entries, but unfortunately I'm too lazy. Well, at least you're honest. Orphan entries are just left over dead entries, they won't cause any problem. But you should remove OTL though. Please double-click OTL to run it. You should see a CleanUp! button, press that button, http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png This will cleanup an assortment of tools used during malware removal, plus itself Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.