Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Every program crashing and getting Blue Screen

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Every program crashing and getting Blue Screen

Unread postby Eldest » February 19th, 2013, 4:21 pm

Everything in my computer crashes. Problem started arising without any particular cause, can't remember downloading or installing anything specific. Crashes includes individual Chrome tabs, Chrome extensions, World of Warcraft, Steam (and every game installed via Steam), hardware drivers and my OS as I get Blue Screens. Additionally Microsoft Security Essentials turns itself off sometimes and needs to be restarted. The crashes does not happen with any specific regularity. Sometimes I can go a whole day without experience any problem. Sometimes I need to start a program up to five times before it stops crashing. Sometimes programs crashes after an hour or so of use. Usually I get a Blue Screen per day, but sometimes I get two and sometimes I get none.

Also getting reports of corrupted files with recommendation of using Check Disk utility. Which I tried using, and it seemed to help temporarily. Do not know if this is a coincidence.

Additionally I notice I have issues downloading larger files via browser. Torrent is no problem, but often external downloading has to be done twice because the file is corrupt when download is finished.

The reason I come to you fine people is that I used the Resource and Performance Monitor and it found two problems that makes me suspect malware. The first one is that I get an error message saying the device NTIOLib_1_0_3 is not working correctly. Googling that device name lead me here, and every other hit is malware related.

Secondly, Resource and Performance Monitor says that The Security Center has not recorded an anti-virus product. I do have Microsoft Security Essentials installed, which was working when I ran the monitor. I also have Malwarebytes Anti-Malware installed and I've run it several times. The same with MSE full scans.

Lastly, when checking in Action Center I noticed that for a short second the computers security status went to unprotected and back to normal again.


System:

Processor: Intel Core i5 3570K 3,4Ghz (Ivy Bridge)
Motherboard: MSI Z77A-GD65 ATX
Memory: Corsair 16GB (4x4096MB) CL9 1600Mhz VENGEANCE LP
Hard Drive: For OS: Samsung SSD Basic 830-Series 128GB
For programs: 2TB WD Caviar Green
Graphics: AMD Radeon HD 7900 Series
Power Supply: Corsair AX 750W 80+ Gold
Case: NZXT Phantom Special Edition Red Stripes


Full Performance and Resource Monitor error:

Symptom: Device is not present, not working properly, or does not have all of its drivers installed.
Cause: A device has a configuration problem that prevents it from working properly.
Details: The device, NTIOLib_1_0_3, is reporting "tv_ConfigMgrErr24". This device will not be available until the issue is resolved. The Plug and Play ID for this device is ROOT\LEGACY_NTIOLIB_1_0_3\0000.
Resolution: 1. Verify the correct driver is installed.
2. Try updating the drivers using Windows Update.
3. Check with the manufacturer for an updated driver.
4. Attempt to uninstall and then reinstall the device using Device Manager.
Related: Explanation of Error Codes Generated by Device Manager
Manage Devices in Windows


Latest Blue Screen problem signature:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.48
Locale ID: 1053

Additional information about the problem:
BCCode: 1a
BCP1: 0000000000041790
BCP2: FFFFFA80055A50E0
BCP3: 000000000000FFFF
BCP4: 0000000000000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\021913-7706-01.dmp
C:\Windows\Temp\WER-9781-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt


DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464
Run by Eldest at 20:52:18 on 2013-02-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1033.18.16337.12699 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\MSI\OTPService\OTPService.exe
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Eldest\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\mshta.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\perfmon.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eldest\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3220468
uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
uRun: [Google Update] "C:\Users\Eldest\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "C:\Users\Eldest\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xportera till Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
IE: Ski&cka till OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 84.246.88.10 84.246.88.20
TCP: Interfaces\{E3D756C6-771A-4D6A-A363-943883E55FDB} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E3D756C6-771A-4D6A-A363-943883E55FDB} : DHCPNameServer = 84.246.88.10 84.246.88.20
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eldest\AppData\Roaming\Mozilla\Firefox\Profiles\sg21ynug.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.ownit.se/owa/auth/logon.as ... e%2fowa%2f
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl64.dll
FF - plugin: C:\Users\Eldest\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Eldest\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
FF - ExtSQL: 2012-12-24 02:38; {5384767E-00D9-40E9-B72F-9CC39D655D6F}; C:\Users\Eldest\AppData\Roaming\Mozilla\Firefox\Profiles\sg21ynug.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF - ExtSQL: 2013-01-26 17:34; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Eldest\AppData\Roaming\Mozilla\Firefox\Profiles\sg21ynug.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 57244d45-bb53-47d2-8711-5c83face7a99
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2011-3-2 36448]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-17 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-9-17 189608]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-9-17 161560]
R2 MSI_OTPService;MSI_OTPService;C:\Program Files (x86)\MSI\OTPService\OTPService.exe [2012-9-17 252432]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2012-9-17 138768]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-9-17 363800]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-17 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-17 787736]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-9-17 32344]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-2-17 115272]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2012-9-18 33592]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2012-9-18 14136]
R3 NTIOLib_1_0_T;NTIOLib_1_0_T;C:\Program Files (x86)\MSI\OTPService\NTIOLib_X64.sys [2012-9-17 14136]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-19 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-19 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-18 1255736]
S4 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2012-9-17 14136]
.
=============== Created Last 30 ================
.
2013-02-19 17:54:49 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EEBF3EF2-DC80-41DD-8552-DAA5C2EBF053}\mpengine.dll
2013-02-19 17:42:34 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-02-19 17:42:34 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-02-19 17:42:34 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-02-19 17:42:33 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-02-19 17:42:33 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-02-19 17:42:33 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-02-19 17:42:33 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-02-18 17:32:37 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-17 17:19:52 74960 ----a-w- C:\Windows\System32\drivers\xusb21.sys
2013-02-17 17:19:52 328712 ----a-w- C:\Windows\System32\MijFrc.dll
2013-02-17 17:19:52 115272 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2013-02-17 17:19:52 -------- d-----w- C:\Users\Eldest\AppData\Roaming\MotioninJoy
2013-02-17 17:19:52 -------- d-----w- C:\Program Files\MotioninJoy
2013-02-17 16:53:55 40960 ----a-r- C:\Users\Eldest\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2013-02-17 16:53:55 40960 ----a-r- C:\Users\Eldest\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2013-02-17 16:53:54 -------- d-----w- C:\Program Files (x86)\Project64 1.6
2013-02-16 01:03:47 15088 ----a-w- C:\Users\Eldest\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2013-02-16 00:56:01 -------- d-----w- C:\Windows\SysWow64\xlive
2013-02-16 00:56:00 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-02-13 05:15:38 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 05:15:37 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 05:15:37 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 05:15:35 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 05:15:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 05:15:35 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 05:15:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 05:15:34 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 05:15:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 05:15:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 05:15:33 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 05:15:33 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-12 00:41:57 -------- d-----w- C:\Program Files (x86)\uTorrent
2013-02-11 15:07:12 -------- d-----w- C:\Users\Eldest\AppData\Local\ElevatedDiagnostics
2013-02-08 00:00:55 -------- d-----w- C:\Users\Eldest\AppData\Local\My Games
2013-02-06 23:23:17 -------- d-----w- C:\Program Files (x86)\StarCraft II 2012 Beta
2013-02-05 01:03:33 -------- d-----w- C:\Users\Eldest\AppData\Roaming\System
2013-02-05 01:03:32 -------- d-sh--w- C:\Users\Eldest\AppData\Roaming\wyUpdate AU
2013-02-05 01:03:32 -------- d-----w- C:\Users\Eldest\AppData\Local\Universe Sandbox
2013-02-04 23:20:44 -------- d-----w- C:\Users\Eldest\AppData\Roaming\Personal
2013-02-04 23:20:42 -------- d-----w- C:\Program Files (x86)\Personal
2013-02-04 22:15:13 -------- d-sh--w- C:\found.000
2013-02-03 19:54:37 -------- d-----w- C:\Users\Eldest\AppData\Roaming\LucasArts
2013-02-03 13:06:08 -------- d--h--r- C:\ESD
2013-01-31 22:12:43 -------- d-----w- C:\Users\Eldest\AppData\Local\Unity
2013-01-24 09:30:05 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-01-24 09:30:03 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-01-23 01:17:32 -------- d-----w- C:\Users\Eldest\AppData\Roaming\Malwarebytes
2013-01-23 01:17:23 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-23 01:17:22 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-23 01:17:03 -------- d-----w- C:\Users\Eldest\AppData\Local\Programs
.
==================== Find3M ====================
.
2013-02-15 12:15:34 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-15 12:15:34 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-20 14:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 14:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll
2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll
2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-12-19 20:17:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-12-19 20:17:40 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-12-19 20:13:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-12-19 20:12:44 18982400 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-12-19 20:09:52 960512 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-12-19 20:08:04 1151488 ----a-w- C:\Windows\System32\aticfx64.dll
2012-12-19 20:06:00 6681088 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-12-19 19:59:44 5087744 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2012-12-19 19:56:46 550912 ----a-w- C:\Windows\System32\atieclxx.exe
2012-12-19 19:56:00 240640 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-12-19 19:54:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-12-19 19:54:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-12-19 19:54:18 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-12-19 19:54:12 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-12-19 19:49:00 7370752 ----a-w- C:\Windows\System32\atidxx64.dll
2012-12-19 19:44:28 4162048 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-12-19 19:44:12 6786560 ----a-w- C:\Windows\System32\atiumd64.dll
2012-12-19 19:34:28 79360 ----a-w- C:\Windows\System32\amdave64.dll
2012-12-19 19:34:22 78336 ----a-w- C:\Windows\SysWow64\amdave32.dll
2012-12-19 19:34:10 74240 ----a-w- C:\Windows\System32\atisamu64.dll
2012-12-19 19:34:04 71168 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-12-19 19:33:42 619008 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-12-19 19:33:32 421888 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-12-19 19:33:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-12-19 19:33:14 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-12-19 19:33:14 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-12-19 19:33:10 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-12-19 19:33:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-12-19 19:32:54 552960 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-12-19 19:31:14 130048 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-12-19 19:31:08 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-12-19 19:31:00 104448 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-12-19 19:30:52 83968 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-12-19 19:30:16 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-12-19 14:45:12 222720 ----a-w- C:\Windows\System32\clinfo.exe
2012-12-19 14:44:48 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-12-19 14:44:42 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-12-19 14:44:36 64000 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-12-19 14:44:32 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-12-19 14:44:20 34518016 ----a-w- C:\Windows\System32\amdocl64.dll
2012-12-19 14:38:48 28732928 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-12-19 14:34:40 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-12-19 14:34:38 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
.
============= FINISH: 20:52:34,62 ===============


Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2012-09-17 19:51:49
System Uptime: 2013-02-19 19:14:24 (1 hours ago)
.
Motherboard: MSI | | Z77A-GD65 (MS-7751)
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | SOCKET 0 | 3400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 11,796 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1325,911 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: NTIOLib_1_0_3
Device ID: ROOT\LEGACY_NTIOLIB_1_0_3\0000
Manufacturer:
Name: NTIOLib_1_0_3
PNP Device ID: ROOT\LEGACY_NTIOLIB_1_0_3\0000
Service: NTIOLib_1_0_3
.
==== System Restore Points ===================
.
RP88: 2013-02-16 01:55:30 - Installed DirectX
RP89: 2013-02-16 01:56:01 - Installed DirectX
RP90: 2013-02-16 02:04:51 - Installed Microsoft Games for Windows - LIVE Redistributable
RP91: 2013-02-17 17:53:51 - Installed Project64 1.6
RP92: 2013-02-17 18:20:28 - Device Driver Package Install: http://www.MotioninJoy.com Microsoft Common Controller For Windows Class
RP93: 2013-02-18 18:32:31 - Windows Update
RP94: 2013-02-19 18:42:39 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5) - Svenska
Alan Wake
Alice: Madness Returns
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple-programstöd
Apple Mobile Device Support
Apple Software Update
Application Profiles
Asmedia ASM106x SATA Host Controller Driver
µTorrent
AudioGenie
BankID säkerhetsprogram
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Counter-Strike: Global Offensive
Counter-Strike: Source
CPUID HWMonitor 1.20
D3DX10
Dark Souls: Prepare to Die Edition
Dead Space
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dota 2
Dragon Age: Origins - Ultimate Edition
Google Chrome
Grand Theft Auto: Episodes from Liberty City
Heroes of Newerth
Hitman: Absolution
HydraVision
Intel(R) Management Engine Components
Intel(R) Network Connections 16.8.46.0
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Left 4 Dead 2
Live Update 5
Magicka
Malwarebytes Anti-Malware version 1.70.0.1100
Max Payne 3
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Swedish) 2010
Microsoft Office Excel MUI (Swedish) 2010
Microsoft Office Groove MUI (Swedish) 2010
Microsoft Office InfoPath MUI (Swedish) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Swedish) 2010
Microsoft Office Outlook MUI (Swedish) 2010
Microsoft Office PowerPoint MUI (Swedish) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Finnish) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Swedish) 2010
Microsoft Office Proofing (Swedish) 2010
Microsoft Office Publisher MUI (Swedish) 2010
Microsoft Office Shared 32-bit MUI (Swedish) 2010
Microsoft Office Shared MUI (Swedish) 2010
Microsoft Office Word MUI (Swedish) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Monopoly
MotioninJoy DS3 driver version 0.6.0005
Mozilla Firefox 19.0 (x86 sv-SE)
Mozilla Maintenance Service
MSVCRT
OTPService
Project64 1.6
QuickTime
Realtek High Definition Audio Driver
Resident Evil 5
Rockstar Games Social Club
Sanctum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Sid Meier's Civilization IV
Sid Meier's Civilization V
Sid Meier's Civilization V SDK
Skype™ 5.10
Source SDK Base 2007
Spec Ops: The Line
Spotify
StarCraft II
StarCraft II Beta
Steam
Super-Charger
Team Fortress 2
The Secret of Monkey Island: Special Edition
The Secret World
The Walking Dead
Unity Web Player
Universe Sandbox
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
uTorrentControl_v2 Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Winki
WinRAR 4.20 (64-bit)
VLC media player 2.0.5
World of Warcraft
Yontoo 1.10.03
.
==== Event Viewer Messages From Past Week ========
.
2013-02-19 19:14:36, Error: Service Control Manager [7000] - The NTIOLib_1_0_3 service failed to start due to the following error: Cannot create a file when that file already exists.
2013-02-19 19:14:33, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041790, 0xfffffa80055a50e0, 0x000000000000ffff, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021913-7706-01.
2013-02-19 18:43:58, Error: Service Control Manager [7000] - The NTIOLib_1_0_T service failed to start due to the following error: Cannot create a file when that file already exists.
2013-02-19 18:42:11, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.2622.0).
2013-02-19 18:42:06, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2540.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80070643 Error description: Fatal error during installation.
2013-02-19 18:42:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.143.2622.0 Previous Signature Version: 1.143.2540.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.9103.0 Previous Engine Version: 1.1.9103.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2013-02-19 18:42:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.143.2622.0 Previous Signature Version: 1.143.2540.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.9103.0 Previous Engine Version: 1.1.9103.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2013-02-19 18:30:53, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041790, 0xfffffa80055a50e0, 0x000000000000ffff, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021913-8205-01.
2013-02-19 02:30:03, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{bed50839-00ef-11e2-a947-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{76336D56-3959-4256-B0FB-6D4CA5EE949F}' was corrupted and it has been recovered. Some data might have been lost.
2013-02-16 01:54:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80002ff69bc, 0xfffff88009dd47a0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021613-8486-01.
2013-02-16 01:12:57, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
2013-02-16 01:12:57, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
2013-02-16 01:12:57, Error: Ntfs [131] - The file system structure on volume D: cannot be corrected. Please run the chkdsk utility on the volume D:.
2013-02-15 13:14:20, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041790, 0xfffffa80055a50b0, 0x000000000000ffff, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 021513-9999-01.
2013-02-15 02:29:01, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.2313.0).
2013-02-15 02:28:58, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.2229.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80070643 Error description: Fatal error during installation.
2013-02-15 02:18:09, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Microsoft Antimalware Service service, but this action failed with the following error: An instance of the service is already running.
2013-02-15 02:17:54, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
2013-02-15 02:17:47, Error: Microsoft Antimalware [5008] - Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Users\Eldest\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\AEC3.tmp
2013-02-14 07:05:06, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2790655).
2013-02-14 07:05:06, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2790113).
2013-02-14 07:05:06, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2797052).
2013-02-14 07:05:06, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2792100).
2013-02-14 03:03:23, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2013-02-14 03:00:39, Error: Microsoft Antimalware [5008] - Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
2013-02-13 01:15:48, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signature version: 1.143.1988.0;1.143.1988.0 Engine version: 1.1.9103.0
2013-02-13 01:15:36, Error: Microsoft Antimalware [5008] - Microsoft Antimalware engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Users\Eldest\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\60FF.tmp
2013-02-12 16:20:56, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.143.2126.0).
2013-02-12 16:20:51, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.1988.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x80070643 Error description: Fatal error during installation.
2013-02-12 16:20:48, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.143.2126.0 Previous Signature Version: 1.143.1988.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.9103.0 Previous Engine Version: 1.1.9103.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
2013-02-12 16:20:48, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.143.2126.0 Previous Signature Version: 1.143.1988.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.9103.0 Previous Engine Version: 1.1.9103.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
.
==== End Of File ===========================
Eldest
Regular Member
 
Posts: 26
Joined: February 19th, 2013, 3:50 pm
Advertisement
Register to Remove

Re: Every program crashing and getting Blue Screen

Unread postby Gary R » February 20th, 2013, 5:59 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Every program crashing and getting Blue Screen

Unread postby Gary R » February 20th, 2013, 6:13 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "malware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Eldest

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There are definite signs of undesirable/malicious entries in your DDS logs, and we can definitely remove them, whether that will resolve all your issues is another matter altogether.

NTIOLib_1_0_3 is a Service/Driver for MSI Super Charger which I see you have installed, if it is giving problems then the quickest way to resolve them is probably going to be by uninstalling your current copy of Super Charger, then re-installing a clean copy. Don't do that for the moment, we need to clean the signs of infection from your computer first.

To start that process, please run the following scan for me ....

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Every program crashing and getting Blue Screen

Unread postby Eldest » February 20th, 2013, 7:07 am

Hello Gary.

The download link for Tweaking.com Registry Backup (TCRB) is dead. As you specified that I should not install anything new and only use your programs, I will not google for another download link and wait for you to reply with an accepted replacement.

Then I will continue with the other tool.

Thanks alot for the help.
Eldest
Regular Member
 
Posts: 26
Joined: February 19th, 2013, 3:50 pm

Re: Every program crashing and getting Blue Screen

Unread postby Gary R » February 20th, 2013, 7:36 am

Sorry about that BC has recently updated and some things have been moved, try this link instead ... http://www.bleepingcomputer.com/downloa ... ry-backup/
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Every program crashing and getting Blue Screen

Unread postby Eldest » February 20th, 2013, 8:02 am

Hello Gary.

I've done the registry backup with the new link. The OTL logs will follow.


OTL:

OTL logfile created on: 2013-02-20 12:56:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Nedladdat
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

15,95 Gb Total Physical Memory | 12,43 Gb Available Physical Memory | 77,89% Memory free
31,91 Gb Paging File | 28,05 Gb Available in Paging File | 87,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 11,35 Gb Free Space | 9,53% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1325,91 Gb Free Space | 71,17% Space Free | Partition Type: NTFS

Computer Name: NORMANDY | User Name: Eldest | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-02-20 12:55:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Nedladdat\OTL.exe
PRC - [2013-02-19 17:20:13 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-02-15 13:08:24 | 001,597,864 | ---- | M] (Valve Corporation) -- D:\Install\Steam\steam.exe
PRC - [2013-02-12 01:41:58 | 001,051,984 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012-12-18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-11-28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012-11-15 13:11:48 | 001,358,784 | ---- | M] (Technology Nexus AB) -- C:\Program Files (x86)\Personal\bin\Personal.exe
PRC - [2012-10-26 12:39:53 | 007,880,664 | ---- | M] (Spotify Ltd) -- C:\Users\Eldest\AppData\Roaming\Spotify\spotify.exe
PRC - [2012-10-26 12:39:48 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Eldest\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012-10-18 17:02:12 | 001,952,312 | ---- | M] (Micro-Star International) -- C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
PRC - [2012-08-09 22:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012-07-27 20:35:52 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2012-02-23 13:33:32 | 000,071,464 | ---- | M] (Valve Corporation) -- D:\Install\Steam\gameoverlayui.exe
PRC - [2012-01-26 18:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012-01-20 09:35:24 | 000,363,800 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012-01-20 09:35:22 | 000,277,784 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012-01-20 09:35:08 | 000,161,560 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012-01-03 12:34:20 | 000,138,768 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
PRC - [2012-01-03 12:34:16 | 000,502,288 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
PRC - [2011-12-09 09:15:24 | 000,252,432 | ---- | M] () -- C:\Program Files (x86)\MSI\OTPService\OTPService.exe


========== Modules (No Company Name) ==========

MOD - [2013-02-19 17:20:00 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-02-15 13:08:20 | 000,988,584 | ---- | M] () -- D:\Install\Steam\bin\chromehtml.dll
MOD - [2013-02-14 23:24:25 | 012,638,576 | ---- | M] () -- C:\Users\Eldest\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
MOD - [2013-01-26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Users\Eldest\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013-01-26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Users\Eldest\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013-01-26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Users\Eldest\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013-01-26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Users\Eldest\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013-01-26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Users\Eldest\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013-01-22 04:22:06 | 020,320,680 | ---- | M] () -- D:\Install\Steam\bin\libcef.dll
MOD - [2012-12-18 18:28:50 | 000,647,168 | ---- | M] () -- D:\Install\Steam\sdl.dll
MOD - [2012-12-11 09:51:10 | 001,100,800 | ---- | M] () -- D:\Install\Steam\bin\avcodec-53.dll
MOD - [2012-12-11 09:51:10 | 000,192,000 | ---- | M] () -- D:\Install\Steam\bin\avformat-53.dll
MOD - [2012-12-11 09:51:10 | 000,124,416 | ---- | M] () -- D:\Install\Steam\bin\avutil-51.dll
MOD - [2012-10-26 12:39:48 | 020,220,376 | ---- | M] () -- C:\Users\Eldest\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012-08-27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012-08-27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011-03-16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV:64bit: - [2013-01-27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013-01-27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012-12-19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012-01-10 20:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2011-11-09 16:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013-02-19 17:20:12 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-02-15 13:15:34 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-12-18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-11-05 00:26:12 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-07-13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-01-20 09:35:24 | 000,363,800 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-01-20 09:35:22 | 000,277,784 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-01-20 09:35:08 | 000,161,560 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012-01-03 12:34:20 | 000,138,768 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger)
SRV - [2011-12-09 09:15:24 | 000,252,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MSI\OTPService\OTPService.exe -- (MSI_OTPService)
SRV - [2010-03-18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-01-20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012-12-19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-12-19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012-11-06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012-09-28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012-08-23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-08-23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-08-21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012-07-17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-01-26 18:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012-01-26 18:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012-01-26 18:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011-11-30 08:09:34 | 000,358,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011-11-10 18:32:02 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011-03-11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-03-02 16:58:58 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2010-11-20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-08-19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009-11-18 00:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010-10-22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
DRV - [2010-05-10 10:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010-01-18 09:36:44 | 000,014,136 | ---- | M] (MSI) [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
DRV - [2009-10-05 23:10:14 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\OTPService\NTIOLib_X64.sys -- (NTIOLib_1_0_T)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-178671379-1301378200-1053161076-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3220468
IE - HKU\S-1-5-21-178671379-1301378200-1053161076-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-178671379-1301378200-1053161076-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
IE - HKU\S-1-5-21-178671379-1301378200-1053161076-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D CE C4 4B 46 98 CD 01 [binary data]
IE - HKU\S-1-5-21-178671379-1301378200-1053161076-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-178671379-1301378200-1053161076-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-178671379-1301378200-1053161076-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-178671379-1301378200-1053161076-1000\..\SearchScopes\{CD08E47C-98EA-46FD-B9FC-156885F3E11E}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
IE - HKU\S-1-5-21-178671379-1301378200-1053161076-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-178671379-1301378200-1053161076-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.ownit.se/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.ownit.se%2fowa%2f"
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..browser.startup.homepage: "http://en.wikipedia.org/wiki/Special:Random"
FF - prefs.js..searchreset.backup.keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eldest\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eldest\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Eldest\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-02-19 17:20:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012-09-25 14:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eldest\AppData\Roaming\Mozilla\Extensions
[2013-02-15 11:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eldest\AppData\Roaming\Mozilla\Firefox\Profiles\sg21ynug.default\extensions
[2012-12-24 02:38:38 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Eldest\AppData\Roaming\Mozilla\Firefox\Profiles\sg21ynug.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013-02-15 11:25:12 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Eldest\AppData\Roaming\Mozilla\Firefox\Profiles\sg21ynug.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-02-19 17:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013-02-19 17:20:13 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-12-05 02:15:42 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2012-09-06 03:42:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-12-05 02:15:42 | 000,002,883 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2012-12-05 02:15:42 | 000,001,161 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2012-09-06 03:42:44 | 000,001,387 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2012-09-06 03:42:45 | 000,001,164 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-sv-SE.xml

========== Chrome ==========

CHR - homepage: http://en.wikipedia.org/wiki/Special:Random
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://en.wikipedia.org/wiki/Special:Random
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eldest\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Eldest\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Eldest\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Eldest\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Eldest\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Adblock Plus = C:\Users\Eldest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Dark Vibe = C:\Users\Eldest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj\1.1_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Eldest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.5_0\
CHR - Extension: Cuevana Stream = C:\Users\Eldest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg\5.1_0\

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-178671379-1301378200-1053161076-1000\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-178671379-1301378200-1053161076-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-178671379-1301378200-1053161076-1000..\Run: [Spotify Web Helper] C:\Users\Eldest\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-178671379-1301378200-1053161076-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-178671379-1301378200-1053161076-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.246.88.10 84.246.88.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3D756C6-771A-4D6A-A363-943883E55FDB}: DhcpNameServer = 84.246.88.10 84.246.88.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3D756C6-771A-4D6A-A363-943883E55FDB}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-02-20 12:54:18 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013-02-20 12:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013-02-20 12:54:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013-02-19 18:43:02 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013-02-19 18:43:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013-02-19 18:43:02 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013-02-19 18:43:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013-02-19 18:43:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013-02-19 18:43:01 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013-02-19 18:43:01 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013-02-19 18:43:01 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013-02-19 18:43:01 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013-02-19 18:43:01 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013-02-19 18:43:01 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013-02-19 18:43:01 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013-02-19 18:43:01 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013-02-19 18:43:01 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013-02-19 18:43:01 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013-02-19 18:43:01 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013-02-19 18:43:01 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013-02-19 18:43:01 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013-02-19 18:43:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013-02-19 18:43:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013-02-19 18:43:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013-02-19 18:43:01 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013-02-19 18:43:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013-02-19 18:43:00 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013-02-19 18:42:33 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013-02-19 17:19:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-02-17 18:19:52 | 000,328,712 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\MijFrc.dll
[2013-02-17 18:19:52 | 000,115,272 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys
[2013-02-17 18:19:52 | 000,074,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xusb21.sys
[2013-02-17 18:19:52 | 000,000,000 | ---D | C] -- C:\Users\Eldest\AppData\Roaming\MotioninJoy
[2013-02-17 18:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2013-02-17 18:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2013-02-17 17:53:55 | 000,000,000 | ---D | C] -- C:\Users\Eldest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2013-02-17 17:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6
[2013-02-16 01:56:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013-02-16 01:56:45 | 000,000,000 | ---D | C] -- C:\Users\Eldest\Documents\CAPCOM
[2013-02-16 01:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2013-02-16 01:56:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013-02-16 01:56:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013-02-14 03:00:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013-02-14 03:00:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013-02-14 03:00:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013-02-14 03:00:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013-02-14 03:00:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013-02-14 03:00:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013-02-14 03:00:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013-02-14 03:00:19 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-02-14 03:00:19 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013-02-14 03:00:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013-02-14 03:00:19 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-02-14 03:00:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013-02-14 03:00:18 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-02-14 03:00:18 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-02-14 03:00:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013-02-13 06:15:38 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-02-13 06:15:37 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013-02-13 06:15:37 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013-02-13 06:15:35 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013-02-13 06:15:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013-02-13 06:15:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013-02-13 06:15:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013-02-13 06:15:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013-02-13 06:15:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013-02-13 06:15:33 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013-02-12 01:41:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2013-02-11 16:07:12 | 000,000,000 | ---D | C] -- C:\Users\Eldest\AppData\Local\ElevatedDiagnostics
[2013-02-08 01:00:55 | 000,000,000 | ---D | C] -- C:\Users\Eldest\AppData\Local\My Games
[2013-02-07 01:42:11 | 000,000,000 | ---D | C] -- C:\Users\Eldest\Documents\Remedy
[2013-02-07 00:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II Beta
[2013-02-07 00:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II 2012 Beta
[2013-02-06 16:10:36 | 000,000,000 | ---D | C] -- C:\Users\Eldest\Documents\Backup
[2013-02-05 02:03:33 | 000,000,000 | ---D | C] -- C:\Users\Eldest\AppData\Roaming\System
[2013-02-05 02:03:32 | 000,000,000 | -HSD | C] -- C:\Users\Eldest\AppData\Roaming\wyUpdate AU
[2013-02-05 02:03:32 | 000,000,000 | ---D | C] -- C:\Users\Eldest\Documents\Universe Sandbox
[2013-02-05 02:03:32 | 000,000,000 | ---D | C] -- C:\Users\Eldest\AppData\Local\Universe Sandbox
[2013-02-05 00:20:44 | 000,000,000 | ---D | C] -- C:\Users\Eldest\AppData\Roaming\Personal
[2013-02-05 00:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BankID säkerhetsprogram
[2013-02-05 00:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Personal
[2013-02-04 23:15:13 | 000,000,000 | -HSD | C] -- C:\found.000
[2013-02-03 21:06:44 | 000,000,000 | ---D | C] -- C:\Users\Eldest\Documents\My Games
[2013-02-03 20:54:37 | 000,000,000 | ---D | C] -- C:\Users\Eldest\AppData\Roaming\LucasArts
[2013-02-03 14:06:08 | 000,000,000 | RH-D | C] -- C:\ESD
[2013-01-31 23:12:43 | 000,000,000 | ---D | C] -- C:\Users\Eldest\AppData\Local\Unity
[2013-01-29 18:30:56 | 000,000,000 | ---D | C] -- C:\Users\Eldest\Documents\Telltale Games
[2013-01-24 10:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013-01-24 10:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013-01-24 10:30:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013-01-24 10:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013-01-23 02:17:32 | 000,000,000 | ---D | C] -- C:\Users\Eldest\AppData\Roaming\Malwarebytes
[2013-01-23 02:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-01-23 02:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-01-23 02:17:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013-01-23 02:17:03 | 000,000,000 | ---D | C] -- C:\Users\Eldest\AppData\Local\Programs

========== Files - Modified Within 30 Days ==========

[2013-02-20 12:54:29 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-NORMANDY-Microsoft-Windows-7-Professional-(64-bit).dat
[2013-02-20 12:54:04 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013-02-20 12:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-02-20 12:05:00 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-178671379-1301378200-1053161076-1000UA.job
[2013-02-20 10:05:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-178671379-1301378200-1053161076-1000Core.job
[2013-02-19 19:35:33 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-02-19 19:35:33 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-02-19 19:18:55 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-02-19 19:18:55 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-02-19 19:18:55 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-02-19 19:14:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-02-19 19:14:30 | 4258,254,846 | -HS- | M] () -- C:\hiberfil.sys
[2013-02-19 18:42:57 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013-02-17 18:20:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2013-02-17 18:20:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2013-02-17 18:19:52 | 000,000,947 | ---- | M] () -- C:\Users\Eldest\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk
[2013-02-15 13:15:34 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-02-15 13:15:34 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-02-14 07:21:24 | 000,416,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-02-05 00:20:43 | 000,001,165 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk

========== Files Created - No Company Name ==========

[2013-02-20 12:54:29 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-NORMANDY-Microsoft-Windows-7-Professional-(64-bit).dat
[2013-02-20 12:54:04 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013-02-17 18:20:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2013-02-17 18:20:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2013-02-17 18:19:52 | 000,000,947 | ---- | C] () -- C:\Users\Eldest\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk
[2013-02-05 00:20:43 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk
[2012-09-17 19:43:41 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-09-17 19:14:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-07-28 02:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-07-28 02:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-05-02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012-01-10 19:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-09-12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013-02-03 20:54:37 | 000,000,000 | ---D | M] -- C:\Users\Eldest\AppData\Roaming\LucasArts
[2013-02-17 18:19:52 | 000,000,000 | ---D | M] -- C:\Users\Eldest\AppData\Roaming\MotioninJoy
[2013-02-05 00:20:44 | 000,000,000 | ---D | M] -- C:\Users\Eldest\AppData\Roaming\Personal
[2013-02-20 12:21:39 | 000,000,000 | ---D | M] -- C:\Users\Eldest\AppData\Roaming\Spotify
[2013-02-05 02:03:33 | 000,000,000 | ---D | M] -- C:\Users\Eldest\AppData\Roaming\System
[2013-02-20 12:59:36 | 000,000,000 | ---D | M] -- C:\Users\Eldest\AppData\Roaming\uTorrent
[2013-02-05 02:32:23 | 000,000,000 | -HSD | M] -- C:\Users\Eldest\AppData\Roaming\wyUpdate AU

========== Purity Check ==========



< End of report >


Extras:

OTL Extras logfile created on: 2013-02-20 12:56:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Nedladdat
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

15,95 Gb Total Physical Memory | 12,43 Gb Available Physical Memory | 77,89% Memory free
31,91 Gb Paging File | 28,05 Gb Available in Paging File | 87,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 11,35 Gb Free Space | 9,53% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1325,91 Gb Free Space | 71,17% Space Free | Partition Type: NTFS

Computer Name: NORMANDY | User Name: Eldest | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B64227D-67A1-4DB8-AF8A-49184BBCBD42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0C54D2D6-CA80-4C85-9261-BDAE1DE4542B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18C99D2F-A606-4447-A79E-18F3B9D4709B}" = rport=445 | protocol=6 | dir=out | app=system |
"{1A810339-1511-4049-9BB8-DB29BB1615DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BBB1351-DB0D-4D22-8DE0-1401F7986622}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{301B5895-BF41-4ADB-94E8-A4EB389E8DB6}" = rport=139 | protocol=6 | dir=out | app=system |
"{40105BCF-3DCA-45D8-B909-83E6290A43F9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{4CC68C3D-0EAF-481D-B889-E8B862F6A399}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4CD54B7D-4E19-4684-8AFD-20C210B60EF9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4EFD04B5-646B-4CB8-8ACB-55A6C342D528}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5D7516A6-F35B-4425-B67D-762AD1C4E01B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5DCB2CBD-25E6-4978-AFE3-CE7345FD1E14}" = lport=137 | protocol=17 | dir=in | app=system |
"{5E34F645-5521-4417-910E-394E5156C6C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A2B3591-4D29-4C87-9419-AD482BC35FC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8176ECE1-9631-4AEC-B7FD-0AE13C1FAEB3}" = lport=139 | protocol=6 | dir=in | app=system |
"{A9DD4A7F-0FAE-49A3-93EB-90ED2EA4ACAB}" = rport=138 | protocol=17 | dir=out | app=system |
"{ABA322F2-1C50-47C3-A7E5-1C13F26D2690}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B06149CB-9BF1-4282-8E03-4E6D3952D5D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B35E3EB6-43DD-4B93-95D5-B8F3B3217D86}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE0D40C7-1575-4601-AB87-4F631C7D1E99}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C92E7AE0-2EBD-4A2E-ADD4-E34D44214A76}" = lport=445 | protocol=6 | dir=in | app=system |
"{D512CF29-E5D0-4255-A60B-0A0F1E0CC061}" = lport=138 | protocol=17 | dir=in | app=system |
"{D6B2246F-79A7-4B46-A6A0-CD50C4964EA9}" = rport=137 | protocol=17 | dir=out | app=system |
"{DC4277CF-E4CA-4F95-9366-D1D5876028A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0217A196-1440-40F6-BA1A-F0AB614A9B4A}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{03F8726E-529F-4033-94A3-0C2CCA8673FE}" = protocol=6 | dir=in | app=c:\users\eldest\appdata\roaming\spotify\spotify.exe |
"{07B0A131-BCD8-4A3B-B27E-7793EC887C0E}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\dota 2 beta\dota.exe |
"{07F8C1EE-046D-4EEB-BFFC-3C9F04F6F4A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09025085-82A3-4D02-9B15-62A738930E25}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\mjobring\source sdk base 2007\hl2.exe |
"{09A905AF-D494-4FD2-949F-DF3745ECB398}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{09D6355A-E215-4772-B7C9-C029E00F6A12}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{0A7BC0F1-1452-4935-BBA7-23074E2EED08}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{0B62784C-E828-446F-9435-B2298DA53485}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{0B8E0048-7C88-420C-A0A9-5BA17D62CE6B}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{0BE6C23F-229C-4948-AA3F-E7114718880B}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{0C813984-97E2-4A24-ADB2-506808EFFFFA}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{128A18F2-8280-4836-8FE0-F2D34EE58443}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{15DD06F1-5A1E-4406-A34E-1745FDB7A0DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1777A9BB-77AB-4D13-9B98-60B1AFA7627E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19BBF51A-A6ED-436E-B476-20ADBFCA7EA8}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\dota 2 beta\dota.exe |
"{19D31908-5843-41B3-AF6F-B6EE0E72A8CC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{1EAB2A1E-B2DC-4A2D-B256-6E3EEF0DEBFD}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe |
"{1EFE00F0-960A-44DE-9B2C-05B1B165F8C8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{226D41AC-C872-4071-A043-053C8367141D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{22797BF9-1181-4B7F-B7F4-B0975A9B3573}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{26472A85-AF45-4DF0-A6F5-03D4A0A89A09}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D10CE8E-F957-4092-B28F-C0A6BAE681F1}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\alan wake\alanwake.exe |
"{303D5478-4D69-4561-8774-9C400DDC0259}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\monopoly\monopolywin.exe |
"{313EB6DE-B7F6-4C41-9EA7-AA2BD3E2244A}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\dead space\dead space.exe |
"{33B682AF-3D3A-4751-B3C5-55A259F2CBF6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{344C3A02-2C73-417C-BBCF-5E87362FE115}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\dead space\dead space.exe |
"{3774594D-5087-4C99-BD37-89F44CABCF0B}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe |
"{38F764BE-E1CF-42B3-9B4C-D6D8AD500F51}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3E0F1BBB-7EA7-46D0-9BF8-A33A46607CD5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{41DB932E-27EC-4BF7-90A8-FAEABC87C191}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{42A95BD5-8600-49BF-BED1-4E6A8BE38919}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{434CA5DC-4C02-4AFE-BED5-B40D018E870D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{440CCDF1-7950-4453-97D0-9EBBF43CDCF7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{44238377-E41B-4853-B522-4164EBC98D14}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{447698FF-53C0-4D51-ADC9-8A8BD0B84BA1}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{4B236264-3055-46BC-9720-8DFFA0163CC7}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe |
"{4C26DCD7-00DE-42D3-A10A-E3B14006CEE5}" = protocol=6 | dir=in | app=d:\install\starcraft ii\starcraft ii public test.exe |
"{4CDB870D-AB02-4F4B-B4F1-98B59F83F4E8}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{50FAF602-3261-461C-9B6D-0717EC6A7846}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{517EDF5B-A595-46E0-8697-51CDDCA1F67E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53D5FFFD-3D94-4934-B71B-268267A2BAE5}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{5446DF75-8060-4D5A-A96D-07D2C9B4B5B8}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{55AC366B-576D-472D-9803-BCB86B3F15EB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{57A00B79-F315-4DAA-9339-10F031AC4033}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5AA5A4E8-E0AA-44B8-9BEE-BABD5C0D27ED}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{5AB5F142-659A-4867-9A43-8AD207C166C7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{5DB29C8C-11F1-44BF-A83E-C5C2077FD316}" = protocol=17 | dir=in | app=c:\users\eldest\appdata\roaming\spotify\spotify.exe |
"{60C0F212-E138-4812-A9A0-ED0EF018EE70}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\magicka\magicka.exe |
"{62C85573-C77A-43B8-8A5B-70C5DF3B3663}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\hitman absolution\hma.exe |
"{6A168711-4543-4E58-BF5A-F3DD3E7313CB}" = protocol=6 | dir=in | app=d:\install\starcraft ii\starcraft ii.exe |
"{6B8A66E5-BED1-4E9B-9A10-9EA9258D5A2F}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{75CB89F8-D9BF-4081-B150-2E33539DD794}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{7AE349DB-C373-437F-9788-FC51892AF7B9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{7C155072-0A44-42A1-BDF8-127D5ADA46E4}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\alan wake\alanwake.exe |
"{812B4E23-D0F5-4867-BA51-AC606F7FBA7E}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\resident evil 5\launcher.exe |
"{813CD0B9-7BC6-4A4F-9C56-FED0F8C605C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{814937AA-3167-4314-B206-23AF5454113A}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{8297261B-B586-493D-899E-2D86D6A2F1C2}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\dota 2 beta\dota.exe |
"{85D7CDBD-78F6-4565-AE63-A3800FAB5389}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{871912DF-6A33-42B5-A614-DE3DFBA235FE}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{8B23152E-9320-42B8-94DD-C2B93BA1358E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8C138597-35C5-4639-9A4E-31FCC62FDE6F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8E128C76-9DCE-4A74-AA6E-4D909714E098}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{8F2147D0-E9BF-492B-8232-1209E499DDE6}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe |
"{8FF44261-9D2D-4C62-9897-E0F7B76EEE61}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{910C63FE-5A99-47B6-9E09-BB755502DA7E}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{92225062-DB89-4546-AB68-3FC8C2CBE5C1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{9763F68B-EC67-47BB-85BD-1E6A35282CC4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9B286585-D38C-4A5D-846B-4ADDA264ADE9}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii 2012 beta\starcraft ii beta.exe |
"{9B4B8AE5-C390-42BD-B814-7E2FBB02542A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{9C5B007F-5059-4F79-B4CD-7DDD48E53F1C}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\alice madness returns\binaries\win32\alicemadnessreturns.exe |
"{9DB9580B-89FE-451D-95A4-857FC5C040F6}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{9F10445F-4E31-4264-923F-CC883E2F2DF8}" = protocol=17 | dir=in | app=d:\install\starcraft ii\versions\base23260\sc2.exe |
"{A45FAAA8-0FDD-4152-9231-BE041460B250}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe |
"{A8E34CDE-9F05-4124-AB60-3445684371B7}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A8ED0812-DA14-4A34-9794-B268B1FB9803}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A8F4E2A2-1EA9-406F-98CE-E513E611A699}" = protocol=17 | dir=in | app=d:\install\starcraft ii\starcraft ii.exe |
"{A9BE02EB-7447-4D8F-93BC-A004CB3B8BE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AF22149E-F869-4EB5-94CC-07113C388EA2}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe |
"{AF6CB4EB-9CCB-416D-8413-73BDF8140FE9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{B46330B1-F1F2-46E1-B7F0-74BD8D7F2E4D}" = protocol=6 | dir=out | app=system |
"{B5A3994E-3813-4273-97BD-850E795CDA7A}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\hitman absolution\hma.exe |
"{B6728245-FEF9-44A6-80AC-89F60CEE44AF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{BC1F354F-FD8C-49C2-8F99-93212CA8898A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BD776000-4634-443D-A81B-3C6B79651410}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{C9D1C0CE-5269-45CF-BBD6-D1A2670A23C1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{CB210099-B5CA-4BE1-9CA3-1C0ADF7EABA9}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{CD303FDC-08AF-4AA0-B950-B1A32142B4FA}" = protocol=58 | dir=in | app=system |
"{CEFCEA7A-4802-4EB4-A8C5-D0C593907726}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{CF79FF0B-14EF-45C3-8767-383BE22F7F6E}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{D30C3FEE-6623-4053-A96A-DA59F9FE658B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{D6EE28DA-A7DB-46EF-99EA-65746D19B3D9}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\sid meier's civilization iv\civilization4.exe |
"{D7DA0467-7130-4EDB-98CE-1FF0315520FC}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{D88765CB-CD6F-4B26-9D20-03484D87BB67}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\universe sandbox\universe sandbox.exe |
"{D90B9F3A-AE39-4C17-8BC8-3385B4F7DEF7}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\resident evil 5\launcher.exe |
"{DA4114C4-87F9-4A50-AFF6-F2E02741D7E0}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii 2012 beta\starcraft ii beta.exe |
"{DD43A918-F134-4346-9DB0-DCD8F835EE71}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DDA9C5D3-8499-4B35-8C34-1A90A80B1E80}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DEACE87F-EACA-44CB-88BD-3B5EB2F75CE7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1CEBE25-BABF-432F-AD1D-86372D8133E7}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe |
"{E6641834-AE7B-48A0-9119-642871F7E188}" = protocol=17 | dir=in | app=c:\users\eldest\appdata\roaming\spotify\spotify.exe |
"{E6D9109B-4989-42C2-97FB-FB1FE77B48C5}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\mjobring\source sdk base 2007\hl2.exe |
"{E91D5FC8-4E7E-4471-BCF1-0A41C3DF854F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E92D3E1D-0C37-4CEF-8F2B-949AAF3C037A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{EA46D32D-3819-41F0-BB63-DEC56CA1C3EE}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\alice madness returns\binaries\win32\alicemadnessreturns.exe |
"{EB845F56-C09E-4D86-B0D9-6B87A4594FB0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ED297CBF-0EC4-4337-BB1B-A50041B8C4EA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{EE0AC697-5825-4F4E-B010-45E43847CB0C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EFFECEC0-9388-4742-8409-DAA39E609190}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{F1CD8B97-CE6D-4699-8029-2EB067575C07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F2596C4D-8357-43EB-9908-1AA67B1C4F96}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe |
"{F3BD0B95-7E8E-4B61-BC8A-8BDF32CEED2C}" = protocol=6 | dir=in | app=d:\install\starcraft ii\versions\base23260\sc2.exe |
"{F676A75D-FF9F-49E3-B982-3CCBF482152D}" = protocol=6 | dir=in | app=c:\users\eldest\appdata\roaming\spotify\spotify.exe |
"{F6ACCAE2-13AF-4E5F-A8C2-C1EDA6656C70}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\magicka\magicka.exe |
"{F98B133B-EBBD-4BE2-A44D-BAE42DE5F1EE}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm |
"{F9FBBAF2-9328-4606-A64B-094F088A5F5C}" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\dota 2 beta\dota.exe |
"{FBB1C393-DA70-48E3-91A5-B62329D2077B}" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\monopoly\monopolywin.exe |
"{FBB5197C-2CFA-487E-BF7A-AE31383AD878}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{FE3D5463-ED0B-47C3-8E03-DC7CCDECE2AE}" = protocol=17 | dir=in | app=d:\install\starcraft ii\starcraft ii public test.exe |
"TCP Query User{05880F0A-5DB6-48BC-B3D2-17C06F5CDE15}D:\install\steam\steamapps\mjobring\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\install\steam\steamapps\mjobring\counter-strike source\hl2.exe |
"TCP Query User{21574CCE-D500-4478-BF8B-79A4D76664FD}D:\install\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\install\warcraft iii\war3.exe |
"TCP Query User{422F8668-9394-4779-A7F5-C7B971F220FB}D:\install\steam\steamapps\common\resident evil 5\re5dx10.exe" = protocol=6 | dir=in | app=d:\install\steam\steamapps\common\resident evil 5\re5dx10.exe |
"TCP Query User{6B50F7B3-04C9-458B-BA94-A4EF3C4644CC}D:\install\steam\steam.exe" = protocol=6 | dir=in | app=d:\install\steam\steam.exe |
"TCP Query User{9267212E-63D2-4221-8416-6471E9C51577}D:\install\steam\steamapps\mjobring\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\install\steam\steamapps\mjobring\team fortress 2\hl2.exe |
"UDP Query User{B08BB265-95FA-4EAD-A464-868607023223}D:\install\steam\steamapps\mjobring\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\install\steam\steamapps\mjobring\team fortress 2\hl2.exe |
"UDP Query User{B4783E12-21E4-41C7-9A6C-881DACC09FD1}D:\install\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\install\warcraft iii\war3.exe |
"UDP Query User{BCC3437B-B654-4889-B472-72C125F4BFFD}D:\install\steam\steamapps\common\resident evil 5\re5dx10.exe" = protocol=17 | dir=in | app=d:\install\steam\steamapps\common\resident evil 5\re5dx10.exe |
"UDP Query User{D9182221-B7FD-48CA-BD14-103658310335}D:\install\steam\steamapps\mjobring\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\install\steam\steamapps\mjobring\counter-strike source\hl2.exe |
"UDP Query User{F95A8C0D-EF5B-4EAF-905A-9B3BACE45F46}D:\install\steam\steam.exe" = protocol=17 | dir=in | app=d:\install\steam\steam.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}" = Intel(R) Network Connections 16.8.46.0
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-041D-1000-0000000FF1CE}" = Microsoft Office Access MUI (Swedish) 2010
"{90140000-0015-041D-1000-0000000FF1CE}_Office14.PROPLUS_{8CD9D6D6-B232-48F6-9C47-F4D8449C5BC2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-041D-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Swedish) 2010
"{90140000-0016-041D-1000-0000000FF1CE}_Office14.PROPLUS_{8CD9D6D6-B232-48F6-9C47-F4D8449C5BC2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-041D-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Swedish) 2010
"{90140000-0018-041D-1000-0000000FF1CE}_Office14.PROPLUS_{8CD9D6D6-B232-48F6-9C47-F4D8449C5BC2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-041D-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Swedish) 2010
"{90140000-0019-041D-1000-0000000FF1CE}_Office14.PROPLUS_{8CD9D6D6-B232-48F6-9C47-F4D8449C5BC2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-041D-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Swedish) 2010
"{90140000-001A-041D-1000-0000000FF1CE}_Office14.PROPLUS_{8CD9D6D6-B232-48F6-9C47-F4D8449C5BC2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-041D-1000-0000000FF1CE}" = Microsoft Office Word MUI (Swedish) 2010
"{90140000-001B-041D-1000-0000000FF1CE}_Office14.PROPLUS_{8CD9D6D6-B232-48F6-9C47-F4D8449C5BC2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040B-1000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2010
"{90140000-001F-040B-1000-0000000FF1CE}_Office14.PROPLUS_{57652F4A-E8F7-4FE2-8FA9-97731AD0D184}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041D-1000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
"{90140000-001F-041D-1000-0000000FF1CE}_Office14.PROPLUS_{735E1B03-44E8-4D55-A553-EA9E32C96F7C}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-041D-1000-0000000FF1CE}" = Microsoft Office Proofing (Swedish) 2010
"{90140000-002C-041D-1000-0000000FF1CE}_Office14.PROPLUS_{4209FECD-F119-4FE0-AAA6-8F8F9030C2B1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-041D-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Swedish) 2010
"{90140000-0043-041D-1000-0000000FF1CE}_Office14.PROPLUS_{6BF8BD7F-2425-4780-B9FC-004FD721BA74}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-041D-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Swedish) 2010
"{90140000-0044-041D-1000-0000000FF1CE}_Office14.PROPLUS_{8CD9D6D6-B232-48F6-9C47-F4D8449C5BC2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-041D-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Swedish) 2010
"{90140000-006E-041D-1000-0000000FF1CE}_Office14.PROPLUS_{8DE9F23B-C17D-465F-B0C2-B83CAEE0998D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-041D-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Swedish) 2010
"{90140000-00A1-041D-1000-0000000FF1CE}_Office14.PROPLUS_{8CD9D6D6-B232-48F6-9C47-F4D8449C5BC2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-041D-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Swedish) 2010
"{90140000-00BA-041D-1000-0000000FF1CE}_Office14.PROPLUS_{8CD9D6D6-B232-48F6-9C47-F4D8449C5BC2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F55458B0-DCA9-38C9-6C8D-829F22463A55}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PROSetDX" = Intel(R) Network Connections 16.8.46.0
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CF63D66-56F0-0224-6C62-FBCB4C68578C}" = Application Profiles
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{81CF5153-38CF-41e2-AC3C-3D477C987D96}_is1" = Winki
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{929E7499-4B50-4C7A-8F15-D21E4061E046}" = BankID säkerhetsprogram
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1053-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Svenska
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B05F7750-8800-4520-9732-9C841246C8E2}_is1" = OTPService
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C35BBC64-E7B7-B699-E5D8-CE5989061F93}" = HydraVision
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple-programstöd
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudioGenie_is1" = AudioGenie
"hon" = Heroes of Newerth
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 sv-SE)" = Mozilla Firefox 19.0 (x86 sv-SE)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Rockstar Games Social Club" = Rockstar Games Social Club
"StarCraft II" = StarCraft II
"StarCraft II Beta" = StarCraft II Beta
"Steam App 108710" = Alan Wake
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 16830" = Sid Meier's Civilization V SDK
"Steam App 17470" = Dead Space
"Steam App 19680" = Alice: Madness Returns
"Steam App 203140" = Hitman: Absolution
"Steam App 204100" = Max Payne 3
"Steam App 207610" = The Walking Dead
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 21690" = Resident Evil 5
"Steam App 218" = Source SDK Base 2007
"Steam App 221300" = Monopoly
"Steam App 240" = Counter-Strike: Source
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 3900" = Sid Meier's Civilization IV
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 47810" = Dragon Age: Origins - Ultimate Edition
"Steam App 50300" = Spec Ops: The Line
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 72200" = Universe Sandbox
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91600" = Sanctum
"The Secret World_is1" = The Secret World
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"uTorrent" = µTorrent
"uTorrentControl_v2 Toolbar" = uTorrentControl_v2 Toolbar
"WinLiveSuite" = Windows Live Essentials
"VLC media player" = VLC media player 2.0.5
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-178671379-1301378200-1053161076-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013-02-09 15:58:20 | Computer Name = Normandy | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.5.0, time stamp:
0x50c91d8b Faulting module name: vlc.exe, version: 2.0.5.0, time stamp: 0x50c91d8b
Exception
code: 0xc0000005 Fault offset: 0x00001665 Faulting process id: 0x1488 Faulting application
start time: 0x01ce06ff5ba27de5 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: 0d35380f-72f3-11e2-bdaa-8c89a5c15538

Error - 2013-02-11 07:50:38 | Computer Name = Normandy | Source = Application Error | ID = 1000
Description = Faulting application name: MsMpEng.exe, version: 4.1.522.0, time stamp:
0x50515c57 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000005324e Faulting process
id: 0x378 Faulting application start time: 0x01ce08480a456b09 Faulting application
path: C:\Program Files\Microsoft Security Client\MsMpEng.exe Faulting module path:
C:\Windows\SYSTEM32\ntdll.dll Report Id: 407d9f55-7441-11e2-94a1-8c89a5c15538

Error - 2013-02-12 20:15:37 | Computer Name = Normandy | Source = Application Error | ID = 1000
Description = Faulting application name: MsMpEng.exe, version: 4.1.522.0, time stamp:
0x50515c57 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x000000000c0f027f Faulting process id: 0x380 Faulting
application start time: 0x01ce0869d33b0633 Faulting application path: C:\Program
Files\Microsoft Security Client\MsMpEng.exe Faulting module path: unknown Report
Id: 7d930e9f-7572-11e2-964e-8c89a5c15538

Error - 2013-02-13 22:00:39 | Computer Name = Normandy | Source = Application Error | ID = 1000
Description = Faulting application name: MsMpEng.exe, version: 4.1.522.0, time stamp:
0x50515c57 Faulting module name: mpengine.dll, version: 1.1.9103.0, time stamp:
0x50ebae98 Exception code: 0xc0000005 Fault offset: 0x000000000002388e Faulting process
id: 0x1284 Faulting application start time: 0x01ce097f45f28bd1 Faulting application
path: C:\Program Files\Microsoft Security Client\MsMpEng.exe Faulting module path:
C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{95042B14-8400-4B3E-82B2-DE4AE19563C2}\mpengine.dll
Report
Id: 544482ea-764a-11e2-964e-8c89a5c15538

Error - 2013-02-13 22:03:22 | Computer Name = Normandy | Source = Application Error | ID = 1000
Description = Faulting application name: TrustedInstaller.exe, version: 6.1.7601.17514,
time stamp: 0x4ce7989b Faulting module name: wcp.dll, version: 6.1.7601.17592, time
stamp: 0x4da00342 Exception code: 0xc0000005 Fault offset: 0x000000000025594c Faulting
process id: 0x1510 Faulting application start time: 0x01ce0a5704e688ef Faulting application
path: C:\Windows\servicing\TrustedInstaller.exe Faulting module path: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\wcp.dll
Report
Id: b5711e0a-764a-11e2-964e-8c89a5c15538

Error - 2013-02-14 21:17:49 | Computer Name = Normandy | Source = Application Error | ID = 1000
Description = Faulting application name: MsMpEng.exe, version: 4.1.522.0, time stamp:
0x50515c57 Faulting module name: mpengine.dll, version: 1.1.9103.0, time stamp:
0x50ebae98 Exception code: 0xc0000005 Fault offset: 0x0000000000041113 Faulting process
id: 0x37c Faulting application start time: 0x01ce0a7b82df823e Faulting application
path: C:\Program Files\Microsoft Security Client\MsMpEng.exe Faulting module path:
C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{95042B14-8400-4B3E-82B2-DE4AE19563C2}\mpengine.dll
Report
Id: 827e903a-770d-11e2-87e4-8c89a5c15538

Error - 2013-02-15 06:33:57 | Computer Name = Normandy | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.10.0.116, time stamp:
0x50001496 Faulting module name: Skype.exe, version: 5.10.0.116, time stamp: 0x50001496
Exception
code: 0xc0000005 Fault offset: 0x001cb932 Faulting process id: 0xed4 Faulting application
start time: 0x01ce0b67f5207577 Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe
Faulting
module path: C:\Program Files (x86)\Skype\Phone\Skype.exe Report Id: 335cf60b-775b-11e2-87e4-8c89a5c15538

Error - 2013-02-15 19:00:14 | Computer Name = Normandy | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.5.0, time stamp:
0x50c91d8b Faulting module name: vlc.exe, version: 2.0.5.0, time stamp: 0x50c91d8b
Exception
code: 0xc0000005 Fault offset: 0x00001665 Faulting process id: 0x678 Faulting application
start time: 0x01ce0bcb07209a20 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: 7488dd88-77c3-11e2-9f76-8c89a5c15538

Error - 2013-02-15 19:31:00 | Computer Name = Normandy | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.5.0, time stamp:
0x50c91d8b Faulting module name: vlc.exe, version: 2.0.5.0, time stamp: 0x50c91d8b
Exception
code: 0xc0000005 Fault offset: 0x00001665 Faulting process id: 0x13e0 Faulting application
start time: 0x01ce0bd079b97b72 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: c0d485ae-77c7-11e2-9f76-8c89a5c15538

Error - 2013-02-15 20:04:08 | Computer Name = Normandy | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.0.5.0, time stamp:
0x50c91d8b Faulting module name: vlc.exe, version: 2.0.5.0, time stamp: 0x50c91d8b
Exception
code: 0xc0000005 Fault offset: 0x00001665 Faulting process id: 0x1510 Faulting application
start time: 0x01ce0bd491560a1c Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: 61c70904-77cc-11e2-9f76-8c89a5c15538

[ System Events ]
Error - 2012-12-08 17:24:43 | Computer Name = Normandy | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 2012-12-08 17:24:43 | Computer Name = Normandy | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 2012-12-08 17:24:44 | Computer Name = Normandy | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 2012-12-08 17:31:16 | Computer Name = Normandy | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.

Error - 2012-12-08 17:31:17 | Computer Name = Normandy | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.

Error - 2012-12-08 17:31:17 | Computer Name = Normandy | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.

Error - 2012-12-08 17:31:18 | Computer Name = Normandy | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR3.

Error - 2012-12-09 16:54:59 | Computer Name = Normandy | Source = Service Control Manager | ID = 7000
Description = The NTIOLib_1_0_3 service failed to start due to the following error:
%%183

Error - 2012-12-10 07:47:14 | Computer Name = Normandy | Source = Service Control Manager | ID = 7000
Description = The NTIOLib_1_0_3 service failed to start due to the following error:
%%183

Error - 2012-12-11 05:02:30 | Computer Name = Normandy | Source = Service Control Manager | ID = 7000
Description = The NTIOLib_1_0_3 service failed to start due to the following error:
%%183


< End of report >
Eldest
Regular Member
 
Posts: 26
Joined: February 19th, 2013, 3:50 pm

Re: Every program crashing and getting Blue Screen

Unread postby Gary R » February 20th, 2013, 8:31 am

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

µTorrent
uTorrentControl_v2 Toolbar
Yontoo 1.10.03
Super-Charger


Reboot your computer when they've all been uninstalled.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-178671379-1301378200-1053161076-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3220468
IE - HKU\S-1-5-21-178671379-1301378200-1053161076-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-178671379-1301378200-1053161076-1000\..\SearchScopes\{CD08E47C-98EA-46FD-B9FC-156885F3E11E}: "URL" = http://search.conduit.com/ResultsExt.aspx?q= {searchTerms}&SearchSource=4&ctid=CT3220468
FF - prefs.js..searchreset.backup.keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2"
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-178671379-1301378200-1053161076-1000\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-178671379-1301378200-1053161076-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
[2013-02-12 01:41:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2013-02-20 12:59:36 | 000,000,000 | ---D | M] -- C:\Users\Eldest\AppData\Roaming\uTorrent

:Files
msconfig /flushdns /c

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C813984-97E2-4A24-ADB2-506808EFFFFA}"=-
"{50FAF602-3261-461C-9B6D-0717EC6A7846}"=-

:commands
[emptytemp]
[resethosts]
[createrestorepoint]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL fix log
  • JRT.txt
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Every program crashing and getting Blue Screen

Unread postby Eldest » February 20th, 2013, 9:52 am

Hello Gary.

I uninstalled the programs you asked for and rebooted my computer.

I followed your instructions on the OTL fix. I've pasted the log below. I will post the other two logs in two different posts.


OTL Fix log:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\ not found.
File C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll not found.
HKU\S-1-5-21-178671379-1301378200-1053161076-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-178671379-1301378200-1053161076-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\ not found.
File C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll not found.
Registry key HKEY_USERS\S-1-5-21-178671379-1301378200-1053161076-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CD08E47C-98EA-46FD-B9FC-156885F3E11E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD08E47C-98EA-46FD-B9FC-156885F3E11E}\ not found.
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2" removed from searchreset.backup.keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\ not found.
File C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
File C:\Program Files (x86)\Yontoo\YontooIEClient.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7473b6bd-4691-4744-a82b-7854eb3d70b6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\ not found.
File C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-178671379-1301378200-1053161076-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7473B6BD-4691-4744-A82B-7854EB3D70B6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}\ not found.
File C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-178671379-1301378200-1053161076-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent not found.
File C:\Program Files (x86)\uTorrent\uTorrent.exe not found.
Folder C:\Program Files (x86)\uTorrent\ not found.
Folder C:\Users\Eldest\AppData\Roaming\uTorrent\ not found.
========== FILES ==========
< msconfig /flushdns /c >
D:\Nedladdat\OTL\cmd.bat deleted successfully.
D:\Nedladdat\OTL\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0C813984-97E2-4A24-ADB2-506808EFFFFA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C813984-97E2-4A24-ADB2-506808EFFFFA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{50FAF602-3261-461C-9B6D-0717EC6A7846} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50FAF602-3261-461C-9B6D-0717EC6A7846}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Eldest
->Temp folder emptied: 450159755 bytes
->Temporary Internet Files folder emptied: 76474692 bytes
->FireFox cache emptied: 71248126 bytes
->Google Chrome cache emptied: 227529763 bytes
->Flash cache emptied: 1427 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 196928881 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46403118 bytes
RecycleBin emptied: 752452401 bytes

Total Files Cleaned = 1 737,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 02202013_134345

Files\Folders moved on Reboot...
C:\Users\Eldest\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Eldest
Regular Member
 
Posts: 26
Joined: February 19th, 2013, 3:50 pm

Re: Every program crashing and getting Blue Screen

Unread postby Eldest » February 20th, 2013, 9:54 am

I followed the instructions on for the Junkware Removal Tool and disabled my Microsoft Security Essential real time protections, as per the guide you linked for the ESET Online Scanner. I've pasted the log below.


JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Professional x64
Ran by Eldest on 2013-02-20 at 13:50:43,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3220468
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Eldest\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Eldest\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"



~~~ FireFox

Successfully deleted: [File] C:\Users\Eldest\AppData\Roaming\mozilla\firefox\profiles\sg21ynug.default\user.js
Successfully deleted the following from C:\Users\Eldest\AppData\Roaming\mozilla\firefox\profiles\sg21ynug.default\prefs.js

user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1356642853996,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI");
user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&q=&SearchSource=2");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
Emptied folder: C:\Users\Eldest\AppData\Roaming\mozilla\firefox\profiles\sg21ynug.default\minidumps [1 files]



~~~ Chrome

Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\ejpbbhjlbipncjklfjjaedaieimbmdda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2013-02-20 at 13:54:37,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Eldest
Regular Member
 
Posts: 26
Joined: February 19th, 2013, 3:50 pm

Re: Every program crashing and getting Blue Screen

Unread postby Eldest » February 20th, 2013, 9:55 am

I followed your instructions regarding ESET Online Scanner, still with my Microsoft Security Essentials disabled. The log is pasted below.


ESET Online Scanner log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=
# engine=13199
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-20 01:40:15
# local_time=2013-02-20 02:40:15 (+0100, W. Europe Standard Time)
# country="Sweden"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 13186803 112997465 0 0
# scanned=309596
# found=0
# cleaned=0
# scan_time=2580
Eldest
Regular Member
 
Posts: 26
Joined: February 19th, 2013, 3:50 pm

Re: Every program crashing and getting Blue Screen

Unread postby Gary R » February 20th, 2013, 12:03 pm

Everything in the logs looks OK, how is your computer behaving now ?

If it appears to be running OK, try re-installing a new copy of Super-Charger.

If not, hold off from installing Super Charger, and let me know what kind of problems you're still suffering with.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Every program crashing and getting Blue Screen

Unread postby Eldest » February 20th, 2013, 12:20 pm

Great to hear that the logs look ok!

After the OTL reboot individual Chrome tabs still crash. Adblock Plus and Shockwave Flash-extensions in Chrome have both crashed, Shockwave Flash up to three times.

What I haven't experienced yet is Blue Screen or any other program crashing, but this doesn't happen with enough consistency to rule out just yet.
Eldest
Regular Member
 
Posts: 26
Joined: February 19th, 2013, 3:50 pm

Re: Every program crashing and getting Blue Screen

Unread postby Eldest » February 20th, 2013, 12:24 pm

As you posted I started World of Warcraft, and it crashed within a minute. I tried it earlier and it didn't crash though. Hopefully the BSOD-symptom is gone, but the other symptoms seem to remain.
Eldest
Regular Member
 
Posts: 26
Joined: February 19th, 2013, 3:50 pm

Re: Every program crashing and getting Blue Screen

Unread postby Gary R » February 20th, 2013, 2:29 pm

Let's see if we can find anything in your Error logs to find out why WoW crashed.

Download VEW.exe (by Vino Rosso) to your Desktop.

  • If using XP double click VEW.exe to launch the programme.
  • If using Vista or Windows 7 right click VEW.exe and select Run as Administrator.
    • Check the following boxes.
      • Application
      • System
      • Error
    • Check the Number of Events button.
    • Input 10 into the box to the right.
    • Click on Run
  • The programme will run and a log VEW.txt will be produced.
  • Post me the log please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21863
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Every program crashing and getting Blue Screen

Unread postby Eldest » February 20th, 2013, 2:44 pm

Hey Gary, and thanks for sticking with it despite the malware being gone.

When doing as instructed with VEW.exe I get the following error message:

"VEW has not been coded for your language (Swedish)"

As far as I know though my Windows 7 installation should be in English. I tried checking for any similar information in Windows Event Viewer, but could not find it.
Eldest
Regular Member
 
Posts: 26
Joined: February 19th, 2013, 3:50 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware