Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old March 25th, 2013, 11:02 AM
DanielBN43 DanielBN43 is offline
Member
 
Join Date: Mar 2013
Posts: 39
Pop-up ads

Hello :P

I've had pop-up ads coming up everywhere, on all the different browsers, and even on the Steam client browser, I din't even know that was possible. It's always the same ads, at the same place, so I'm pretty sure it's a virus I have.
I have tried full virus scan with norton, avg, and Kaspersky's tdskiller.

Any tips on how to get rid of it? (adblocker doesn't work, also because there are no adblocker on Steam)
Reply With Quote


  #2  
Old March 25th, 2013, 04:50 PM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,451
Hello, DanielBN43
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Push the Quick Scan button.
  5. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Reply With Quote
  #3  
Old March 25th, 2013, 05:47 PM
DanielBN43 DanielBN43 is offline
Member
 
Join Date: Mar 2013
Posts: 39
Ok, thanks for the help!
Here is the report, it's a bit long, so I have to cut it into two replies:

OTL logfile created on: 25.03.2013 17:33:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\noda1302\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

3,93 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 24,09% Memory free
7,86 Gb Paging File | 3,18 Gb Available in Paging File | 40,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 40,71 Gb Free Space | 40,71% Space Free | Partition Type: NTFS
Drive D: | 198,09 Gb Total Space | 118,01 Gb Free Space | 59,57% Space Free | Partition Type: NTFS

Computer Name: PD1207623 | User Name: noda1302 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.25 17:31:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\noda1302\Downloads\OTL.exe
PRC - [2013.03.15 17:29:12 | 001,632,680 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013.03.15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.03.11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.03.06 09:59:12 | 002,569,168 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1cc b-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012.11.18 15:24:08 | 002,142,984 | ---- | M] (mixidj) -- C:\Users\noda1302\AppData\Local\Temp\5F416E86-BAB0-7891-A778-7732B9C6A160\Latest\MyBabylonTB.exe
PRC - [2012.10.16 10:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2012.10.08 16:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Programfiler\Tablet\Pen\WacomHost.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.04.04 06:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.02.16 15:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2010.02.25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe


========== Modules (No Company Name) ==========

MOD - [2013.03.24 14:26:23 | 000,010,752 | ---- | M] () -- C:\Users\noda1302\AppData\Local\Temp\nsq7FE9.tmp\T ime.dll
MOD - [2013.03.24 14:26:22 | 000,011,264 | ---- | M] () -- C:\Users\noda1302\AppData\Local\Temp\nsq7FE9.tmp\S ystem.dll
MOD - [2013.03.15 17:29:10 | 000,990,120 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.03.14 21:19:02 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013.03.12 17:10:10 | 000,649,216 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013.03.11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGo ogleNaClPluginChrome.dll
MOD - [2013.03.11 01:22:05 | 012,662,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Pepp erFlash\pepflashplayer.dll
MOD - [2013.03.11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf. dll
MOD - [2013.03.11 01:21:18 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libg lesv2.dll
MOD - [2013.03.11 01:21:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libe gl.dll
MOD - [2013.03.11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmp egsumo.dll
MOD - [2013.03.06 09:59:12 | 002,569,168 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1cc b-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.03.06 09:57:59 | 002,232,272 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1cc b-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2012.12.11 09:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 09:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 09:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.10.16 10:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MOD - [2012.05.30 15:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.0.36\wincfi39.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\of fice.odf


========== Services (SafeList) ==========

SRV:64bit: - [2012.02.28 13:15:16 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.13 10:17:10 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.06 09:59:12 | 002,569,168 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1cc b-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -- (N360)
SRV - [2012.12.11 13:07:04 | 000,619,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programfiler\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programfiler\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programfiler\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programfiler\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.04.21 02:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.01.27 10:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programfiler\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programfiler\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 11:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programfiler\IDT\WDM\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.03.14 17:10:49 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.01.31 04:18:18 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s ymnets.sys -- (SymNetS)
DRV:64bit: - [2013.01.31 04:18:06 | 001,139,800 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013.01.29 02:45:19 | 000,796,248 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s rtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.01.29 02:45:19 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s rtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.01.22 03:15:33 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymDS64.sys -- (SymDS)
DRV:64bit: - [2012.12.03 16:36:34 | 000,081,824 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012.12.03 16:36:34 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012.11.16 03:22:01 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\I ronx64.sys -- (SymIRON)
DRV:64bit: - [2012.11.16 03:18:04 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\c cSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012.11.15 09:41:06 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.28 13:15:16 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012.02.28 13:15:16 | 000,029,976 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.11.03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.03.29 05:07:46 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.26 08:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.09 09:26:52 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011.01.31 11:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011.01.27 10:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.01.13 17:55:46 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.11.20 14:33:57 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:11 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.20 10:57:43 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 00:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.02 08:41:18 | 003,037,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL564.SYS -- (BCM43XX)
DRV:64bit: - [2010.02.25 14:18:58 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.11.07 22:48:40 | 000,013,872 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse)
DRV:64bit: - [2009.11.07 22:46:24 | 000,086,576 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.08.01 00:32:24 | 000,058,880 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2013.03.14 11:14:39 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs \20130325.004\ex64.sys -- (NAVEX15)
DRV - [2013.03.14 11:14:39 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.03.14 11:14:39 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.03.14 11:14:39 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs \20130325.004\eng64.sys -- (NAVENG)
DRV - [2013.03.12 16:03:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\2 0130322.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013.01.16 03:57:37 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\ 20130301.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?f=1&a=dnldy...2067148209&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.searchya.com/?q={searchTerms}&f=4&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu 0A0CtCyCtB0DyDzyzy0DyByBzyzz0A0BtN0D0Tzu0CyEtBtDtN 1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1Q1G1I1Q2U1M1F&cr= 2067148209&ir=
IE:64bit: - HKLM\..\SearchScopes\{0CE38E13-449F-1043-9352-61FF61E8E789}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?f=1&a=dnldy...2067148209&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7C60CDCF-950E-4DC6-FDB3-604E8E551342}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://www.searchya.com/?q={searchTerms}&f=4&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu 0A0CtCyCtB0DyDzyzy0DyByBzyzz0A0BtN0D0Tzu0CyEtBtDtN 1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1Q1G1I1Q2U1M1F&cr= 2067148209&ir=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://mixidj.delta-search.com/?affI...6120107A3BC883
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portalen.akershus-fk.no
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mixidj.delta-search.com/?affI...6120107A3BC883
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0CE38E13-449F-1043-9352-61FF61E8E789}: "URL" = http://blekko.com/ws/?source=e0c8d0ad&tbp=rbox&u=1c6198ab00000000000020 107a3bc883&q={searchTerms}&r=685
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://mixidj.delta-search.com/?q={searchTerms}&affID=121136&babsrc=SP_ss&mntrId= 1C6120107A3BC883
IE - HKCU\..\SearchScopes\{700364A8-F8FB-4544-AB19-A125CD0BE367}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\..\SearchScopes\{96A369C4-9FDD-4105-A9BC-2B468E1F9703}: "URL" = http://www.searchya.com/?q={searchTerms}&f=4&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu 0A0CtCyCtB0DyDzyzy0DyByBzyzz0A0BtN0D0Tzu0CyEtBtDtN 1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1Q1G1I1Q2U1M1F&cr= 2067148209&ir=
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSSNAV&c hn=retail&geo=NO&ver=2013&locale=nb_NO&gct=kwd&qsr c=2869
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://www.bing.com/search?FORM=UP31DF&PC=UP31&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SearchYa!"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Mixi.DJ Search"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Mixi.DJ Search"
FF - prefs.js..browser.startup.homepage: "http://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=1C6120107A3BC883 "
FF - prefs.js..extensions.enabledAddons: ffxtlbr@searchya.com:1.6.0
FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source=e0c8d0ad&tbp=rbox&u=1c6198ab00000000000020 107a3bc883&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..sweetim.toolbar.previous.browser.search. defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search. defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search. selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_60 2_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_60 2_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.02.04 14:25:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013.03.14 17:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2013.03.24 14:13:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.03 14:30:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.03 14:30:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013.02.08 17:30:02 | 000,037,909 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1cc b-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.03.21 18:57:30 | 000,000,000 | ---D | M]

[2012.11.01 09:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\noda1302\AppData\Roaming\mozilla\Extensio ns
[2013.03.24 14:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\noda1302\AppData\Roaming\mozilla\Firefox\ Profiles\utkm1a81.default\extensions
[2013.02.27 13:49:44 | 000,000,000 | ---D | M] ("新しいタブ") -- C:\Users\noda1302\AppData\Roaming\mozilla\Firefox\ Profiles\utkm1a81.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
[2013.03.21 18:57:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\noda1302\AppData\Roaming\mozilla\Firefox\ Profiles\utkm1a81.default\extensions\ffxtlbr@babyl on.com
[2013.03.21 18:57:19 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\noda1302\AppData\Roaming\mozilla\Firefox\ Profiles\utkm1a81.default\extensions\ffxtlbr@delta .com
[2013.03.24 14:26:38 | 000,000,000 | ---D | M] (MixiDJ Toolbar) -- C:\Users\noda1302\AppData\Roaming\mozilla\Firefox\ Profiles\utkm1a81.default\extensions\ffxtlbr@mixid j.com
[2013.02.27 13:49:43 | 000,000,000 | ---D | M] (searchya.com) -- C:\Users\noda1302\AppData\Roaming\mozilla\Firefox\ Profiles\utkm1a81.default\extensions\ffxtlbr@searc hya.com
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\noda1302\AppData\Roaming\mozilla\firefox\ profiles\utkm1a81.default\extensions\movie2kdownlo ader@movie2kdownloader.com.xpi
[2013.02.27 13:51:55 | 000,053,939 | ---- | M] () (No name found) -- C:\Users\noda1302\AppData\Roaming\mozilla\firefox\ profiles\utkm1a81.default\extensions\pricepeep@get pricepeep.com.xpi
[2013.01.07 12:32:17 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\noda1302\AppData\Roaming\mozilla\firefox\ profiles\utkm1a81.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.11.12 09:56:41 | 000,002,273 | ---- | M] () -- C:\Users\noda1302\AppData\Roaming\mozilla\firefox\ profiles\utkm1a81.default\searchplugins\bingp.xml
[2013.03.24 14:26:01 | 000,006,476 | ---- | M] () -- C:\Users\noda1302\AppData\Roaming\mozilla\firefox\ profiles\utkm1a81.default\searchplugins\BrowserPro tect.xml
[2013.03.21 18:57:37 | 000,001,294 | ---- | M] () -- C:\Users\noda1302\AppData\Roaming\mozilla\firefox\ profiles\utkm1a81.default\searchplugins\delta.xml
[2013.03.24 14:27:04 | 000,001,296 | ---- | M] () -- C:\Users\noda1302\AppData\Roaming\mozilla\firefox\ profiles\utkm1a81.default\searchplugins\mixidj.xml
[2013.02.27 13:49:51 | 000,002,371 | ---- | M] () -- C:\Users\noda1302\AppData\Roaming\mozilla\firefox\ profiles\utkm1a81.default\searchplugins\SearchYa!. xml
[2013.03.10 09:19:20 | 000,001,435 | ---- | M] () -- C:\Users\noda1302\AppData\Roaming\mozilla\firefox\ profiles\utkm1a81.default\searchplugins\spamfreese arch.xml
[2012.11.12 09:55:23 | 000,003,915 | ---- | M] () -- C:\Users\noda1302\AppData\Roaming\mozilla\firefox\ profiles\utkm1a81.default\searchplugins\sweetim.xm l
[2012.11.12 09:56:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.12 09:56:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.21 02:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 04:21:29 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2013.03.24 14:26:01 | 000,006,476 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.04.21 04:21:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 04:21:30 | 000,001,218 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bok-NO.xml
[2012.04.21 04:21:30 | 000,000,968 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qxl-NO.xml
[2012.04.21 04:21:30 | 000,001,203 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\telefonkatalogen-NO.xml
[2012.04.21 04:21:30 | 000,001,176 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-NO.xml
[2012.04.21 04:21:30 | 000,001,192 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-NO.xml

========== Chrome ==========

CHR - default_search_provider: Mixi.DJ Search (Enabled)
CHR - default_search_provider: search_url = http://mixidj.delta-search.com/?q={searchTerms}&affID=121136&babsrc=SP_ss&mntrId= 1C6120107A3BC883
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}client=chrome&q={searchTerms}&{googl e:cursorPosition}sugkey={google:suggestAPIKeyParam eter},
CHR - homepage: http://mixidj.delta-search.com/?affI...6120107A3BC883
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Pepp erFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_40 2_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGo ogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf. dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Movie2kDownloader = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfo hpgekf\1.0_0\
CHR - Extension: YouTube = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengak jhkcbp\1.0\
CHR - Extension: Newtab = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdg feehoj\7.0.18_0\
CHR - Extension: Google Search = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_1\
CHR - Extension: Delta Toolbar = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmj bilmde\1.1_0\
CHR - Extension: AdBlock = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom\2.5.61_0\
CHR - Extension: Don't Starve = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfal nlfajc\1.0.0.37_0\
CHR - Extension: Wajam = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopd fpjfjp\1.24_0\
CHR - Extension: No name found = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpf edainn\1.0\
CHR - Extension: PricePeep = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihi cfbomb\2.1.0.22_0\
CHR - Extension: Skype Click to Call = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\6.3.0.11079_0\
CHR - Extension: Norton Identity Protection = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmn jhmcmk\2013.3.2.10_0\
CHR - Extension: Norton Identity Protection = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhka pjkeob\2013.3.0.26_0\
CHR - Extension: Blekko Search Bar = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaekbahncacnjgelnfjcjoelc glkhkj\1.0_0\
CHR - Extension: BrowserProtect = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdho moefph\1.0_0\
CHR - Extension: Gmail = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_1\
CHR - Extension: Movie2kDownloader = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfo hpgekf\1.0_0\
CHR - Extension: YouTube = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengak jhkcbp\1.0\
CHR - Extension: Newtab = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdg feehoj\7.0.18_0\
CHR - Extension: Google Search = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_1\
CHR - Extension: Delta Toolbar = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmj bilmde\1.1_0\
CHR - Extension: AdBlock = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom\2.5.61_0\
CHR - Extension: Don't Starve = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfal nlfajc\1.0.0.37_0\
CHR - Extension: Wajam = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopd fpjfjp\1.24_0\
CHR - Extension: No name found = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpf edainn\1.0\
CHR - Extension: PricePeep = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihi cfbomb\2.1.0.22_0\
CHR - Extension: Skype Click to Call = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\6.3.0.11079_0\
CHR - Extension: Norton Identity Protection = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmn jhmcmk\2013.3.2.10_0\
CHR - Extension: Norton Identity Protection = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhka pjkeob\2013.3.0.26_0\
CHR - Extension: Blekko Search Bar = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaekbahncacnjgelnfjcjoelc glkhkj\1.0_0\
CHR - Extension: BrowserProtect = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdho moefph\1.0_0\
CHR - Extension: Gmail = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_1\

O1 HOSTS File: ([2012.11.23 17:52:52 | 000,001,473 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.197.194.232 www.google-analytics.com.
O1 - Hosts: 66.197.194.232 ad-emea.doubleclick.net.
O1 - Hosts: 66.197.194.232 www.statcounter.com.
O1 - Hosts: 66.197.194.232 connect.facebook.net.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 93.115.241.27 connect.facebook.net.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Reply With Quote
  #4  
Old March 25th, 2013, 05:48 PM
DanielBN43 DanielBN43 is offline
Member
 
Join Date: Mar 2013
Posts: 39
Part two of report:

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programfiler\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SearchYa Helper Object) - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files (x86)\SearchYa!\1.8.8.0\bh\searchya.dll (Montera Technologeis LTD)
O2 - BHO: (IE AdBlock) - {46B37057-5BA8-4014-B28D-6448FD171A3E} - C:\Program Files (x86)\IE AdBlock\IE AdBlock.dll (CatenaLogic)
O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll (MixiDJ)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Blekko Search Bar Helper Object) - {BAE35237-8D73-44D0-905C-8A95EA1E7E69} - C:\Program Files (x86)\blekko\spamfreesearch\1.8.3.9\bh\spamfreesea rch.dll (Montera Technologeis LTD)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (SearchYa Toolbar) - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files (x86)\SearchYa!\1.8.8.0\searchyaTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (IE AdBlock) - {BE1B1F92-AC2E-4AFB-BC9D-07FE272C1373} - C:\Program Files (x86)\IE AdBlock\IE AdBlock.dll (CatenaLogic)
O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll (MixiDJ)
O3 - HKLM\..\Toolbar: (Blekko Search Bar Toolbar) - {EECF410C-006C-4A05-AD13-6741A0814DBF} - C:\Program Files (x86)\blekko\spamfreesearch\1.8.3.9\spamfreesearch Tlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programfiler\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DefaultLogonDomain = Akershus-FK
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: disablecad = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd til OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd til OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html ()
O9:64bit: - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Koblede OneNote-notater - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programfiler\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Koblede OneNote-notater - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programfiler\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programfiler\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programfiler\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: DirectEdit http://support.itsolutions.no/browse...DirectEdit.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.196.201.43 82.196.193.143
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = akershus-fk.no
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{01C3A10F-FF07-4637-8E71-1EE81DEBB0D8}: DhcpNameServer = 82.196.201.43 82.196.193.143
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{27F838E9-85EE-4C8D-8217-15E9EA0D8C4E}: DhcpNameServer = 148.83.249.75 148.83.249.50
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~ 1.dll) - c:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1cc b-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{56df6494-25a0-11e2-a984-20107a3bc883}\Shell - "" = AutoRun
O33 - MountPoints2\{56df6494-25a0-11e2-a984-20107a3bc883}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.24 14:26:52 | 000,000,000 | ---D | C] -- C:\Users\noda1302\AppData\Roaming\CRMixiDJTB
[2013.03.24 14:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mixidj
[2013.03.24 14:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Up
[2013.03.24 14:09:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BrowserProtect
[2013.03.24 14:06:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.03.23 18:14:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.03.23 18:13:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.03.21 18:57:32 | 000,000,000 | ---D | C] -- C:\Users\noda1302\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\BrowserProtect
[2013.03.21 18:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.03.21 18:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013.03.21 18:57:17 | 000,000,000 | ---D | C] -- C:\Users\noda1302\AppData\Roaming\BabSolution
[2013.03.21 18:57:12 | 000,000,000 | ---D | C] -- C:\Users\noda1302\AppData\Roaming\Delta
[2013.03.21 18:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.03.21 18:56:43 | 000,000,000 | ---D | C] -- C:\Users\noda1302\AppData\Roaming\Babylon
[2013.03.21 18:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.03.21 18:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie2KDownloader.com
[2013.03.21 18:55:37 | 000,000,000 | ---D | C] -- C:\Users\noda1302\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\hdvidcodec.com
[2013.03.21 18:55:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hdvidcodec.com
[2013.03.19 11:10:53 | 000,000,000 | ---D | C] -- D:\noda1302\Desktop\2013-03-19 mobilbilder20
[2013.03.14 17:10:49 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.03.14 17:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013.03.14 17:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013.03.14 17:10:41 | 001,139,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymEFA64.sys
[2013.03.14 17:10:41 | 000,796,248 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s rtsp64.sys
[2013.03.14 17:10:41 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymDS64.sys
[2013.03.14 17:10:41 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s ymnets.sys
[2013.03.14 17:10:41 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\I ronx64.sys
[2013.03.14 17:10:41 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s rtspx64.sys
[2013.03.14 17:10:41 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymELAM.sys
[2013.03.14 17:10:40 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\c cSetx64.sys
[2013.03.14 17:09:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013.03.14 17:09:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1403000.024
[2013.03.14 17:09:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013.03.14 17:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013.03.10 09:20:13 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013.03.10 09:20:13 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013.03.10 09:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trackingcookie Removal Tool
[2013.03.10 09:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trackingcookie Removal Tool
[2013.03.08 19:40:57 | 000,000,000 | ---D | C] -- D:\noda1302\Documents\Klei
[2013.03.08 19:28:01 | 000,000,000 | ---D | C] -- C:\Users\noda1302\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Steam
[2013.03.08 17:29:31 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2013.03.07 09:30:54 | 000,000,000 | ---D | C] -- D:\noda1302\Desktop\Rare Stilige Kryp
[2013.03.05 20:41:10 | 000,000,000 | ---D | C] -- D:\noda1302\Desktop\Johhny Depp Video Folder
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.03.25 17:14:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.25 17:04:31 | 000,000,996 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.25 16:19:01 | 000,000,447 | ---- | M] () -- D:\noda1302\Desktop\Google.website
[2013.03.25 14:04:02 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.25 13:25:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.25 10:02:50 | 000,012,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.25 10:02:50 | 000,012,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 14:09:36 | 3164,405,760 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.24 10:05:50 | 000,000,516 | ---- | M] () -- D:\noda1302\Desktop\The Planck scale relativity meets quantum mechanics meets gravity. (from Einstein Light).website
[2013.03.23 18:18:13 | 002,055,367 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\C at.DB
[2013.03.23 16:45:16 | 000,002,670 | ---- | M] () -- D:\noda1302\Desktop\Min film.wlmp
[2013.03.23 15:24:02 | 000,000,132 | ---- | M] () -- C:\Users\noda1302\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013.03.22 20:17:51 | 000,000,487 | ---- | M] () -- D:\noda1302\Desktop\YouTube - Broadcast Yourself..website
[2013.03.18 14:18:20 | 000,000,624 | ---- | M] () -- D:\noda1302\Desktop\Srumsand videregende skole - Hjem.website
[2013.03.18 10:37:33 | 000,000,506 | ---- | M] () -- D:\noda1302\Desktop\itslearning.website
[2013.03.15 10:45:17 | 003,290,212 | ---- | M] () -- D:\noda1302\Desktop\tegnebide2.png
[2013.03.15 10:39:56 | 003,751,898 | ---- | M] () -- D:\noda1302\Desktop\CAM00071.png
[2013.03.14 18:16:04 | 000,001,528 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2013.03.14 17:10:49 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.03.14 17:10:49 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.03.14 17:10:49 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.03.14 17:10:47 | 000,002,401 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013.03.11 19:31:45 | 000,000,052 | ---- | M] () -- D:\noda1302\Desktop\imgur_ the simple image sharer.url
[2013.03.11 19:13:00 | 000,532,601 | ---- | M] () -- D:\noda1302\Desktop\CAM00071.jpg
[2013.03.10 09:16:06 | 000,159,485 | ---- | M] () -- C:\Users\noda1302\AppData\Local\census.cache
[2013.03.10 09:15:46 | 000,099,342 | ---- | M] () -- C:\Users\noda1302\AppData\Local\ars.cache
[2013.03.08 19:28:01 | 000,000,222 | ---- | M] () -- D:\noda1302\Desktop\Don't Starve.url
[2013.03.08 17:29:00 | 000,000,036 | ---- | M] () -- C:\Users\noda1302\AppData\Local\housecall.guid.cac he
[2013.03.07 20:00:07 | 000,667,400 | ---- | M] () -- D:\noda1302\Desktop\ArbeidstegningRSSfullLiten.png
[2013.03.06 19:19:01 | 000,586,744 | ---- | M] () -- D:\noda1302\Desktop\PORTRETT.psd
[2013.03.06 12:25:26 | 000,000,419 | ---- | M] () -- D:\noda1302\Desktop\IBAN - finn ditt IBAN-nummer - DNB.website
[2013.03.06 12:24:53 | 000,000,719 | ---- | M] () -- D:\noda1302\Desktop\Google AdSense - maksimere inntektene fra det nettbaserte innholdet ditt.website
[2013.03.01 10:39:11 | 000,000,549 | ---- | M] () -- D:\noda1302\Desktop\Amanda Todd's Story Struggling, Bullying, Suicide, Self Harm - YouTube.website
[2013.02.26 15:03:16 | 001,375,856 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.26 15:03:16 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.26 15:03:16 | 000,492,744 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2013.02.26 15:03:16 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.26 15:03:16 | 000,094,502 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.03.23 16:45:16 | 000,002,670 | ---- | C] () -- D:\noda1302\Desktop\Min film.wlmp
[2013.03.15 10:44:56 | 003,290,212 | ---- | C] () -- D:\noda1302\Desktop\tegnebide2.png
[2013.03.15 10:39:35 | 003,751,898 | ---- | C] () -- D:\noda1302\Desktop\CAM00071.png
[2013.03.14 17:14:36 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\V T20130115.021
[2013.03.14 17:10:51 | 002,055,367 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\C at.DB
[2013.03.14 17:10:49 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.03.14 17:10:49 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.03.14 17:10:47 | 000,002,401 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013.03.14 17:10:08 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymEFA.inf
[2013.03.14 17:10:08 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymDS.inf
[2013.03.14 17:10:08 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymNet.inf
[2013.03.14 17:10:08 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s rtsp64.inf
[2013.03.14 17:10:08 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s rtspx64.inf
[2013.03.14 17:10:08 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s ymELAM.inf
[2013.03.14 17:10:08 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\c cSetx64.inf
[2013.03.14 17:10:08 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\I ron.inf
[2013.03.14 17:09:53 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymVTcer.dat
[2013.03.14 17:09:52 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymELAM64.cat
[2013.03.14 17:09:52 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\c csetx64.cat
[2013.03.14 17:09:52 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s ymnet64.cat
[2013.03.14 17:09:52 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\i ron.cat
[2013.03.14 17:09:52 | 000,007,589 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s rtspx64.cat
[2013.03.14 17:09:52 | 000,007,587 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymEFA64.cat
[2013.03.14 17:09:52 | 000,007,585 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s rtsp64.cat
[2013.03.14 17:09:52 | 000,007,581 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymDS64.cat
[2013.03.14 17:09:52 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\i solate.ini
[2013.03.11 19:31:46 | 000,000,052 | ---- | C] () -- D:\noda1302\Desktop\imgur_ the simple image sharer.url
[2013.03.11 19:27:20 | 000,532,601 | ---- | C] () -- D:\noda1302\Desktop\CAM00071.jpg
[2013.03.10 09:16:06 | 000,159,485 | ---- | C] () -- C:\Users\noda1302\AppData\Local\census.cache
[2013.03.10 09:15:46 | 000,099,342 | ---- | C] () -- C:\Users\noda1302\AppData\Local\ars.cache
[2013.03.08 19:28:01 | 000,000,222 | ---- | C] () -- D:\noda1302\Desktop\Don't Starve.url
[2013.03.08 17:29:00 | 000,000,036 | ---- | C] () -- C:\Users\noda1302\AppData\Local\housecall.guid.cac he
[2013.03.07 20:00:01 | 000,667,400 | ---- | C] () -- D:\noda1302\Desktop\ArbeidstegningRSSfullLiten.png
[2013.03.06 12:25:26 | 000,000,419 | ---- | C] () -- D:\noda1302\Desktop\IBAN - finn ditt IBAN-nummer - DNB.website
[2013.03.06 12:24:52 | 000,000,719 | ---- | C] () -- D:\noda1302\Desktop\Google AdSense - maksimere inntektene fra det nettbaserte innholdet ditt.website
[2013.02.27 13:53:42 | 000,001,851 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.02.23 17:08:14 | 000,338,815 | ---- | C] () -- C:\Users\noda1302\AppData\Local\speeddial.crx
[2012.11.13 12:53:14 | 000,000,132 | ---- | C] () -- C:\Users\noda1302\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012.10.11 08:16:14 | 000,005,012 | RHS- | C] () -- C:\Users\noda1302\ntuser.pol
[2012.10.11 00:04:09 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.10.11 00:03:53 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.10.11 00:03:53 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.10.11 00:03:52 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.10.10 14:32:01 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2012.10.10 14:30:53 | 000,013,761 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.04.26 14:19:00 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.04.26 11:32:46 | 001,335,250 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.02.09 15:49:17 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\.minecraft
[2013.02.18 13:42:18 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\Ambient Design
[2013.03.21 18:57:17 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\BabSolution
[2013.03.21 18:56:43 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\Babylon
[2013.03.24 14:26:52 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\CRMixiDJTB
[2013.03.21 18:57:12 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\Delta
[2012.11.22 09:57:15 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\Opera
[2012.11.27 10:12:55 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\PACE Anti-Piracy
[2013.02.23 17:08:16 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\Searchya
[2012.10.11 08:26:14 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\StageManager.BD0 92818F67280F4B42B04877600987F0111B594.1
[2013.02.18 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\Wacom
[2013.02.18 14:02:58 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7. 1
[2013.02.19 11:30:07 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1150 bytes -> D:\noda1302\Desktop\Facebook.website:TASKICON_3fri ends1551906305
@Alternate Data Stream - 1150 bytes -> D:\noda1302\Desktop\Facebook.website:TASKICON_2eve nts361836069
@Alternate Data Stream - 1150 bytes -> D:\noda1302\Desktop\Facebook.website:TASKICON_1mes sages-728500140
@Alternate Data Stream - 1150 bytes -> D:\noda1302\Desktop\Facebook.website:TASKICON_0new s-13198865
@Alternate Data Stream - 1044 bytes -> C:\Users\noda1302\AppData\Local\TempZ93mkEHVdcVs lqiid3ArxHdJqL

< End of report >
Reply With Quote
  #5  
Old March 26th, 2013, 07:43 AM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,451
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.



Also please post back with a fresh OTL logfile.
Reply With Quote
  #6  
Old March 26th, 2013, 10:30 AM
DanielBN43 DanielBN43 is offline
Member
 
Join Date: Mar 2013
Posts: 39
Ok, thank you
I clicked on "search", and this is the log:

# AdwCleaner v2.115 - Logfile created 03/26/2013 at 10:08:53
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
# User : noda1302 - PD1207623
# Boot Mode : Normal
# Running from : D:\noda1302\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfo hpgekf
Folder Found : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdg feehoj
Folder Found : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmj bilmde
Folder Found : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopd fpjfjp
Folder Found : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihi cfbomb
Folder Found : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaekbahncacnjgelnfjcjoelc glkhkj
Folder Found : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdho moefph

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (nb-NO)

File : C:\Users\noda1302\AppData\Roaming\Mozilla\Firefox\ Profiles\utkm1a81.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.14.1738.0

File : C:\Users\noda1302\AppData\Roaming\Opera\Opera\oper aprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [31351 octets] - [26/03/2013 10:01:42]
AdwCleaner[R2].txt - [1910 octets] - [26/03/2013 10:08:53]
AdwCleaner[S1].txt - [31132 octets] - [26/03/2013 10:03:57]

########## EOF - C:\AdwCleaner[R2].txt - [2031 octets] ##########


The log was much longer before, but since I had to do "search" over again after I used the "delete", it got much smaller.
Reply With Quote
  #7  
Old March 26th, 2013, 10:32 AM
DanielBN43 DanielBN43 is offline
Member
 
Join Date: Mar 2013
Posts: 39
I clicked on "Delete", here is the log:

# AdwCleaner v2.115 - Logfile created 03/26/2013 at 10:03:57
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (64 bits)
# User : noda1302 - PD1207623
# Boot Mode : Normal
# Running from : D:\noda1302\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : BrowserProtect

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\BrowserProtect
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.local storage
File Deleted : C:\Users\noda1302\AppData\Roaming\Mozilla\Firefox\ Profiles\utkm1a81.default\bprotector_extensions.sq lite
File Deleted : C:\Users\noda1302\AppData\Roaming\Mozilla\Firefox\ Profiles\utkm1a81.default\bprotector_prefs.js
File Deleted : C:\Users\noda1302\AppData\Roaming\Mozilla\Firefox\ Profiles\utkm1a81.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\noda1302\AppData\Roaming\Mozilla\Firefox\ Profiles\utkm1a81.default\extensions\pricepeep@get pricepeep.com.xpi
File Deleted : C:\Users\noda1302\AppData\Roaming\Mozilla\Firefox\ Profiles\utkm1a81.default\searchplugins\BrowserPro tect.xml
File Deleted : C:\Users\noda1302\AppData\Roaming\Mozilla\Firefox\ Profiles\utkm1a81.default\searchplugins\delta.xml
File Deleted : C:\Users\noda1302\AppData\Roaming\Mozilla\Firefox\ Profiles\utkm1a81.default\searchplugins\spamfreese arch.xml
File Deleted : C:\Users\noda1302\AppData\Roaming\Mozilla\Firefox\ Profiles\utkm1a81.default\searchplugins\SweetIm.xm l
Folder Deleted : C:\Program Files (x86)\blekko
Folder Deleted : C:\Program Files (x86)\Delta
Folder Deleted : C:\Program Files (x86)\hdvidcodec.com
Folder Deleted : C:\Program Files (x86)\Movie2KDownloader.com
Folder Deleted : C:\Program Files (x86)\PricePeep
Folder Deleted : C:\Program Files (x86)\SearchYa!
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfo hpgekf
Folder Deleted : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdg feehoj
Folder Deleted : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmj bilmde
Folder Deleted : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopd fpjfjp
Folder Deleted : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihi cfbomb
Folder Deleted : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaekbahncacnjgelnfjcjoelc glkhkj
Folder Deleted : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdho moefph
Folder Deleted : C:\Users\noda1302\AppData\Local\Wajam
Folder Deleted : C:\Users\noda1302\AppData\LocalLow\blekko
Folder Deleted : C:\Users\noda1302\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\noda1302\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\noda1302\AppData\Roaming\Babylon
Folder Deleted : C:\Users\noda1302\AppData\Roaming\Delta
Folder Deleted : C:\Users\noda1302\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Users\noda1302\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\hdvidcodec.com
Folder Deleted : C:\Users\noda1302\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\noda1302\AppData\Roaming\Mozilla\Firefox\ Profiles\utkm1a81.default\extensions\ffxtlbr@babyl on.com
Folder Deleted : C:\Users\noda1302\AppData\Roaming\Mozilla\Firefox\ Profiles\utkm1a81.default\extensions\ffxtlbr@delta .com
Folder Deleted : C:\Users\noda1302\AppData\Roaming\Mozilla\Firefox\ Profiles\utkm1a81.default\extensions\ffxtlbr@searc hya.com
Folder Deleted : C:\Users\noda1302\AppData\Roaming\SearchYa
Folder Deleted : C:\Windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Folder Deleted : C:\Windows\Installer\{5B58EF61-85F2-4977-97A5-84C19F926579}
Folder Deleted : C:\Windows\SysWOW64\BrowserProtect

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1 .dll
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\blekko
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkiceno llcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\searchya
Key Deleted : HKCU\Software\searchya.com
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\5a55d8d8bd34bd13
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\blekko
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED90EC38-E71B-4C05-8FC1-DE46D5E692F5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.spamfreesearchESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.spamfreesearchESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\Software\Classes\Installer\Features\16FE85B52 F587794795A481CF9295697
Key Deleted : HKLM\Software\Classes\Installer\Features\758F5690D AAD39F40845E0E23C8C5C0B
Key Deleted : HKLM\Software\Classes\Installer\Products\16FE85B52 F587794795A481CF9295697
Key Deleted : HKLM\Software\Classes\Installer\Products\758F5690D AAD39F40845E0E23C8C5C0B
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.Hlpr
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.Hlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.spamfreesearc happCore
Key Deleted : HKLM\SOFTWARE\Classes\spamfreesearch.spamfreesearc happCore.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolba rurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolba rurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{69332529-EEC8-4D0D-9FD3-202C4AE8E589}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA93826B-8DCE-40C3-9E31-07E449C0A979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED90EC38-E71B-4C05-8FC1-DE46D5E692F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekko_1311013_RAS API32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\blekko_1311013_RAS MANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI 32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMAN CS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateMa nager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateMa nager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAP I32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMA NCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5a55d8d8bd34bd13
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{441DDAAE-EE81-4DFF-B523-11D1A9134C3E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{54B24FA9-87E8-47FC-8589-F9D382D8B299}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{709CA6FC-5747-4C3C-A4B0-064AC86415ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8B0C188C-F6F3-484D-8225-E40262DDE633}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C2C8A5A6-1DFC-4ED1-A4DC-90EEC596AADC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E6026FA7-B9E5-4265-B22E-8EC40169C83D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7 085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27 395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A 696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2E9A2 DCB-F5DB-40D0-8E62-3B47DD476A77}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{43153 2BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59B23 951-2232-4AFB-81D4-64A8A16D457A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF4 16E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5 FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E52 2F1-9E90-47DD-A2CE-39B0C00274A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E096 DFB-6AB7-45C7-BF64-B313C7096529}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{996A9 940-2F2C-4486-A479-439C4A15F278}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9B7D4 4BA-376C-456F-B289-5034270322FD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BD8F F26-2C71-4D35-9FE2-AD8D25AECC36}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A4398 01C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCE6E 914-AEF0-4FEE-8FC8-06F9B42BF890}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BD8D5 FFA-4F92-48AD-BFBE-7896916656F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C92E6 D80-EC54-45CC-AC4B-A7CF42F11B52}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D1CB5 64E-F38A-4F2A-8257-60E3F8BE9F34}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C 358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C 359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C 35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F293B BC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB 1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FEFBC 559-C3C7-4287-B05B-49D489B80749}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \blaofbhgbmeikidhlkmjhbkbfohpgekf
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \ofaekbahncacnjgelnfjcjoelcglkhkj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{819DC4CA-4FFF-4C2E-800D-F346471D99BC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4729755-E1F9-48E4-BD9F-5B4D0202C16A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\{5B58EF61-85F2-4977-97A5-84C19F926579}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\PricePeep
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\searchya
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\spamfreesearch
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\Wajam
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Ap plication\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkiceno llcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sha redDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sha redDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{33AA308B-B565-4376-AC66-59EE9B6AD13E}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EECF410C-006C-4A05-AD13-6741A0814DBF}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=1C6120107A3BC883 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://blekko.com/ws/?source=e0c8d0ad&tbp=tab&u=1c6198ab000000000000201 07a3bc883 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?f=1&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyDzy zy0DyByBzyzz0A0BtN0D0Tzu0CyEtBtDtN1L2XzutBtFtBtFtC tFyDtDtAtN1L1Czu1Q1G1I1Q2U1M1F&cr=2067148209&ir= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?f=1&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyDzy zy0DyByBzyzz0A0BtN0D0Tzu0CyEtBtDtN1L2XzutBtFtBtFtC tFyDtDtAtN1L1Czu1Q1G1I1Q2U1M1F&cr=2067148209&ir= --> hxxp://www.google.com

-\\ Mozilla Firefox v12.0 (nb-NO)

File : C:\Users\noda1302\AppData\Roaming\Mozilla\Firefox\ Profiles\utkm1a81.default\prefs.js

C:\Users\noda1302\AppData\Roaming\Mozilla\Firefox\ Profiles\utkm1a81.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=1C[...]
Deleted : user_pref("browser.search.defaultenginename", "SearchYa!");
Deleted : user_pref("browser.startup.homepage", "hxxp://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mnt[...]
Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@searchya.com:1.6.0,{972ce4c6-7e08-4474-a285-3208198ce[...]
Deleted : user_pref("extensions.searchya.aflt", "dnldyho");
Deleted : user_pref("extensions.searchya.appId", "{1973277F-87B0-4EA3-9ED2-470A91D284CF}");
Deleted : user_pref("extensions.searchya.cntry", "NO");
Deleted : user_pref("extensions.searchya.dfltLng", "");
Deleted : user_pref("extensions.searchya.dfltSrch", true);
Deleted : user_pref("extensions.searchya.dnsErr", true);
Deleted : user_pref("extensions.searchya.excTlbr", false);
Deleted : user_pref("extensions.searchya.hdrMd5", "D4A0D7A7396CE6DDFD177596C41B877F");
Deleted : user_pref("extensions.searchya.hmpg", true);
Deleted : user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?f=1&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu[...]
Deleted : user_pref("extensions.searchya.id", "AC162D599D7798AB");
Deleted : user_pref("extensions.searchya.instlDay", "15759");
Deleted : user_pref("extensions.searchya.instlRef", "");
Deleted : user_pref("extensions.searchya.lastVrsnTs", "1.8.8.017:8:0");
Deleted : user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?f=2&a=dnldyho&cd=2XzuyEtN2Y1L1Q[...]
Deleted : user_pref("extensions.searchya.pnu_base", "{\"newVrsn\":\"35\",\"lastVrsn\":\"35\",\"vrsnLoa d\":\"\"[...]
Deleted : user_pref("extensions.searchya.prdct", "searchya");
Deleted : user_pref("extensions.searchya.prtnrId", "searchya");
Deleted : user_pref("extensions.searchya.sg", "none");
Deleted : user_pref("extensions.searchya.srchPrvdr", "SearchYa!");
Deleted : user_pref("extensions.searchya.tlbrId", "base");
Deleted : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?f=3&a=dnldyho&cd=2XzuyEtN2Y1L[...]
Deleted : user_pref("extensions.searchya.vrsn", "1.8.8.0");
Deleted : user_pref("extensions.searchya.vrsni", "1.8.8.0");
Deleted : user_pref("extensions.searchya_i.hmpg", true);
Deleted : user_pref("extensions.searchya_i.newTab", false);
Deleted : user_pref("extensions.searchya_i.smplGrp", "none");
Deleted : user_pref("extensions.searchya_i.vrsnTs", "1.8.8.017:8:0");
Deleted : user_pref("extensions.spamfreesearch.hmpgUrl", "hxxp://blekko.com/ws/?source=e0c8d0ad&tbp=homepage&u[...]
Deleted : user_pref("extensions.spamfreesearch.keyWordUrl", "hxxp://blekko.com/ws/?source=e0c8d0ad&tbp=rbox&u=[...]
Deleted : user_pref("extensions.spamfreesearch.prtnrId", "blekko");
Deleted : user_pref("extensions.spamfreesearch.srchPrvdr", "blekko");
Deleted : user_pref("extensions.spamfreesearch.tlbrSrchUrl", "hxxp://blekko.com/ws/?source=e0c8d0ad&tbp=main&u[...]
Deleted : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=e0c8d0ad&tbp=rbox&u=1c6198ab00000000000020 107[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search .defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search .defaulturl", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search .selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startu p.homepage", "");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");

-\\ Google Chrome v25.0.1364.172

File : C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.14.1738.0

File : C:\Users\noda1302\AppData\Roaming\Opera\Opera\oper aprefs.ini

Deleted : Home URL=hxxp://www.searchya.com/?f=1&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyDzy zy0DyByBzyzz0A0Bt[...]

*************************

AdwCleaner[R1].txt - [31351 octets] - [26/03/2013 10:01:42]
AdwCleaner[S1].txt - [31053 octets] - [26/03/2013 10:03:57]

########## EOF - C:\AdwCleaner[S1].txt - [31114 octets] ##########


After I used this, my "new tab" selection was gone :/ You don't happen to know how to get it back? :P It used to be that I opened a "new tab", and this blue screen shoved up where I put in my favorite sites, like youtube, google, etc. But now that is gone :/ There is something similar that comes now, but I can't ad more sites to it
Reply With Quote
  #8  
Old March 26th, 2013, 03:08 PM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,451
This will happen everytime when you delete temp files and cookies and stuff. It was needed to clean all of this.

In which browser?

Please post back with a fresh OTL logfile and let me know if there are any malware related issues left.
Reply With Quote
  #9  
Old March 26th, 2013, 03:50 PM
DanielBN43 DanielBN43 is offline
Member
 
Join Date: Mar 2013
Posts: 39
I use google chrome, but the pop-up ads come up on all of them, even the Steam client browser. The only reason I use google chrome is because its adblocker can block the ads if I tell it to (because the ads doesn't have X in the top right corner) :P

And yes the ads are still poping up

I'm afraid I don't know what you mean by fresh OTL logfile :/ I posted the two logfiles after "search" and "delete" on the adwcleaner :P
Reply With Quote
  #10  
Old March 26th, 2013, 06:57 PM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,451
Have a look here

http://www.cybertechhelp.com/forums/...46&postcount=2

You ran OTL earlier, just open it and hit the quick scan button.
Reply With Quote
  #11  
Old March 26th, 2013, 07:32 PM
DanielBN43 DanielBN43 is offline
Member
 
Join Date: Mar 2013
Posts: 39
Ah, ok
Here's the report: (cut into two posts)

OTL logfile created on: 26.03.2013 19:16:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\noda1302\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy

3,93 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 22,84% Memory free
7,86 Gb Paging File | 2,68 Gb Available in Paging File | 34,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 50,24 Gb Free Space | 50,24% Space Free | Partition Type: NTFS
Drive D: | 198,09 Gb Total Space | 117,74 Gb Free Space | 59,44% Space Free | Partition Type: NTFS

Computer Name: PD1207623 | User Name: noda1302 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.03.26 19:15:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\noda1302\Downloads\OTL.exe
PRC - [2013.03.15 17:29:12 | 001,632,680 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2013.03.15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.03.11 01:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.02.18 14:02:29 | 000,225,792 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
PRC - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012.10.16 10:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
PRC - [2012.10.08 16:15:50 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Programfiler\Tablet\Pen\WacomHost.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.04.04 06:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010.02.25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe


========== Modules (No Company Name) ==========

MOD - [2013.03.15 17:29:10 | 000,990,120 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.03.14 21:19:02 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013.03.12 17:10:10 | 000,649,216 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013.03.11 01:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGo ogleNaClPluginChrome.dll
MOD - [2013.03.11 01:22:05 | 012,662,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Pepp erFlash\pepflashplayer.dll
MOD - [2013.03.11 01:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf. dll
MOD - [2013.03.11 01:21:18 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libg lesv2.dll
MOD - [2013.03.11 01:21:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libe gl.dll
MOD - [2013.03.11 01:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmp egsumo.dll
MOD - [2013.02.18 14:02:29 | 000,225,792 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
MOD - [2012.12.11 09:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 09:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 09:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.10.16 10:39:02 | 000,060,504 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooWinTab.dll
MOD - [2012.10.16 10:39:00 | 000,646,744 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MOD - [2012.05.30 15:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.0.36\wincfi39.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\of fice.odf


========== Services (SafeList) ==========

SRV:64bit: - [2012.02.28 13:15:16 | 000,031,000 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.13 10:17:10 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.24 04:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -- (N360)
SRV - [2012.12.11 13:07:04 | 000,619,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programfiler\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programfiler\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programfiler\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programfiler\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.04.21 02:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.01.27 10:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programfiler\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programfiler\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 11:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programfiler\IDT\WDM\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.03.14 17:10:49 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.01.31 04:18:18 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s ymnets.sys -- (SymNetS)
DRV:64bit: - [2013.01.31 04:18:06 | 001,139,800 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013.01.29 02:45:19 | 000,796,248 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s rtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.01.29 02:45:19 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s rtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.01.22 03:15:33 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymDS64.sys -- (SymDS)
DRV:64bit: - [2012.12.03 16:36:34 | 000,081,824 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012.12.03 16:36:34 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012.11.16 03:22:01 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\I ronx64.sys -- (SymIRON)
DRV:64bit: - [2012.11.16 03:18:04 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403000.024\c cSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012.11.15 09:41:06 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.28 13:15:16 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012.02.28 13:15:16 | 000,029,976 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.11.03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.03.29 05:07:46 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.26 08:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.09 09:26:52 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011.01.31 11:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011.01.27 10:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.01.13 17:55:46 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.11.20 14:33:57 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:11 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.20 10:57:43 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 00:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.02 08:41:18 | 003,037,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL564.SYS -- (BCM43XX)
DRV:64bit: - [2010.02.25 14:18:58 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.11.07 22:48:40 | 000,013,872 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse)
DRV:64bit: - [2009.11.07 22:46:24 | 000,086,576 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.08.01 00:32:24 | 000,058,880 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2013.03.14 11:14:39 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs \20130325.024\ex64.sys -- (NAVEX15)
DRV - [2013.03.14 11:14:39 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.03.14 11:14:39 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.03.14 11:14:39 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs \20130325.024\eng64.sys -- (NAVENG)
DRV - [2013.03.12 16:03:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\2 0130323.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013.01.16 03:57:37 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\ 20130301.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.searchya.com/?q={searchTerms}&f=4&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu 0A0CtCyCtB0DyDzyzy0DyByBzyzz0A0BtN0D0Tzu0CyEtBtDtN 1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1Q1G1I1Q2U1M1F&cr= 2067148209&ir=
IE:64bit: - HKLM\..\SearchScopes\{0CE38E13-449F-1043-9352-61FF61E8E789}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7C60CDCF-950E-4DC6-FDB3-604E8E551342}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portalen.akershus-fk.no
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0CE38E13-449F-1043-9352-61FF61E8E789}
IE - HKCU\..\SearchScopes\{0CE38E13-449F-1043-9352-61FF61E8E789}: "URL" = http://blekko.com/ws/?source=e0c8d0ad&tbp=rbox&u=1c6198ab00000000000020 107a3bc883&q={searchTerms}&r=685
IE - HKCU\..\SearchScopes\{700364A8-F8FB-4544-AB19-A125CD0BE367}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\..\SearchScopes\{96A369C4-9FDD-4105-A9BC-2B468E1F9703}: "URL" = http://www.searchya.com/?q={searchTerms}&f=4&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu 0A0CtCyCtB0DyDzyzy0DyByBzyzz0A0BtN0D0Tzu0CyEtBtDtN 1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1Q1G1I1Q2U1M1F&cr= 2067148209&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Mixi.DJ Search"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Mixi.DJ Search"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_60 2_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_60 2_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.02.04 14:25:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013.03.14 17:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2013.03.26 10:10:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.03 14:30:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.03 14:30:52 | 000,000,000 | ---D | M]

[2012.11.01 09:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\noda1302\AppData\Roaming\mozilla\Extensio ns
[2013.03.26 10:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\noda1302\AppData\Roaming\mozilla\Firefox\ Profiles\utkm1a81.default\extensions
[2013.02.27 13:49:44 | 000,000,000 | ---D | M] ("新しいタブ") -- C:\Users\noda1302\AppData\Roaming\mozilla\Firefox\ Profiles\utkm1a81.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
[2013.03.24 14:26:38 | 000,000,000 | ---D | M] (MixiDJ Toolbar) -- C:\Users\noda1302\AppData\Roaming\mozilla\Firefox\ Profiles\utkm1a81.default\extensions\ffxtlbr@mixid j.com
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\noda1302\AppData\Roaming\mozilla\firefox\ profiles\utkm1a81.default\extensions\movie2kdownlo ader@movie2kdownloader.com.xpi
[2012.11.12 09:56:41 | 000,002,273 | ---- | M] () -- C:\Users\noda1302\AppData\Roaming\mozilla\firefox\ profiles\utkm1a81.default\searchplugins\bingp.xml
[2013.03.24 14:27:04 | 000,001,296 | ---- | M] () -- C:\Users\noda1302\AppData\Roaming\mozilla\firefox\ profiles\utkm1a81.default\searchplugins\mixidj.xml
[2013.02.27 13:49:51 | 000,002,371 | ---- | M] () -- C:\Users\noda1302\AppData\Roaming\mozilla\firefox\ profiles\utkm1a81.default\searchplugins\SearchYa!. xml
[2012.11.12 09:56:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.12 09:56:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\NODA1302\APPDATA\ROAMING\MOZILLA\FIREFOX\ PROFILES\UTKM1A81.DEFAULT\EXTENSIONS\FFXTLBR@SEARC HYA.COM
[2012.04.21 02:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 04:21:29 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.04.21 04:21:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 04:21:30 | 000,001,218 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bok-NO.xml
[2012.04.21 04:21:30 | 000,000,968 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qxl-NO.xml
[2012.04.21 04:21:30 | 000,001,203 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\telefonkatalogen-NO.xml
[2012.04.21 04:21:30 | 000,001,176 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-NO.xml
[2012.04.21 04:21:30 | 000,001,192 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-NO.xml

========== Chrome ==========

CHR - default_search_provider: SearchYa! (Enabled)
CHR - default_search_provider: search_url = http://www.searchya.com/?q={searchTerms}&f=4&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu 0A0CtCyCtB0DyDzyzy0DyByBzyzz0A0BtN0D0Tzu0CyEtBtDtN 1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1Q1G1I1Q2U1M1F&cr= 2067148209&ir=
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={la nguage}&q={searchTerms},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Pepp erFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_40 2_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGo ogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf. dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_1\
CHR - Extension: MixiDJ Toolbar = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengak jhkcbp\1.0_0\
CHR - Extension: Google Search = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom\2.5.61_0\
CHR - Extension: Don't Starve = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfal nlfajc\1.0.0.37_0\
CHR - Extension: Skype Click to Call = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\6.3.0.11079_0\
CHR - Extension: Norton Identity Protection = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmn jhmcmk\2013.3.2.10_1\
CHR - Extension: Norton Identity Protection = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhka pjkeob\2013.3.0.26_0\
CHR - Extension: Gmail = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_1\
CHR - Extension: YouTube = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_1\
CHR - Extension: MixiDJ Toolbar = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengak jhkcbp\1.0_0\
CHR - Extension: Google Search = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom\2.5.61_0\
CHR - Extension: Don't Starve = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfal nlfajc\1.0.0.37_0\
CHR - Extension: Skype Click to Call = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\6.3.0.11079_0\
CHR - Extension: Norton Identity Protection = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmn jhmcmk\2013.3.2.10_1\
CHR - Extension: Norton Identity Protection = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhka pjkeob\2013.3.0.26_0\
CHR - Extension: Gmail = C:\Users\noda1302\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_1\

O1 HOSTS File: ([2012.11.23 17:52:52 | 000,001,473 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.197.194.232 www.google-analytics.com.
O1 - Hosts: 66.197.194.232 ad-emea.doubleclick.net.
O1 - Hosts: 66.197.194.232 www.statcounter.com.
O1 - Hosts: 66.197.194.232 connect.facebook.net.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 93.115.241.27 connect.facebook.net.
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programfiler\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IE AdBlock) - {46B37057-5BA8-4014-B28D-6448FD171A3E} - C:\Program Files (x86)\IE AdBlock\IE AdBlock.dll (CatenaLogic)
O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll (MixiDJ)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Reply With Quote
  #12  
Old March 26th, 2013, 07:32 PM
DanielBN43 DanielBN43 is offline
Member
 
Join Date: Mar 2013
Posts: 39
Part two of report:

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (IE AdBlock) - {BE1B1F92-AC2E-4AFB-BC9D-07FE272C1373} - C:\Program Files (x86)\IE AdBlock\IE AdBlock.dll (CatenaLogic)
O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll (MixiDJ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programfiler\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DefaultLogonDomain = Akershus-FK
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: disablecad = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd til OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd til OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9:64bit: - Extra Button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Koblede OneNote-notater - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programfiler\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Koblede OneNote-notater - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programfiler\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programfiler\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programfiler\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: DirectEdit http://support.itsolutions.no/browse...DirectEdit.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.196.201.43 82.196.193.143
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = akershus-fk.no
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{01C3A10F-FF07-4637-8E71-1EE81DEBB0D8}: DhcpNameServer = 82.196.201.43 82.196.193.143
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{27F838E9-85EE-4C8D-8217-15E9EA0D8C4E}: DhcpNameServer = 148.83.249.75 148.83.249.50
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{56df6494-25a0-11e2-a984-20107a3bc883}\Shell - "" = AutoRun
O33 - MountPoints2\{56df6494-25a0-11e2-a984-20107a3bc883}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.24 14:26:52 | 000,000,000 | ---D | C] -- C:\Users\noda1302\AppData\Roaming\CRMixiDJTB
[2013.03.24 14:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mixidj
[2013.03.24 14:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Up
[2013.03.24 14:06:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.03.23 18:14:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.03.23 18:13:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.03.21 18:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.03.19 11:10:53 | 000,000,000 | ---D | C] -- D:\noda1302\Desktop\2013-03-19 mobilbilder20
[2013.03.14 17:10:49 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.03.14 17:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013.03.14 17:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013.03.14 17:10:41 | 001,139,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymEFA64.sys
[2013.03.14 17:10:41 | 000,796,248 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s rtsp64.sys
[2013.03.14 17:10:41 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymDS64.sys
[2013.03.14 17:10:41 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s ymnets.sys
[2013.03.14 17:10:41 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\I ronx64.sys
[2013.03.14 17:10:41 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s rtspx64.sys
[2013.03.14 17:10:41 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymELAM.sys
[2013.03.14 17:10:40 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\c cSetx64.sys
[2013.03.14 17:09:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013.03.14 17:09:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1403000.024
[2013.03.14 17:09:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013.03.14 17:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013.03.10 09:20:13 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013.03.10 09:20:13 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013.03.10 09:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trackingcookie Removal Tool
[2013.03.10 09:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trackingcookie Removal Tool
[2013.03.08 19:40:57 | 000,000,000 | ---D | C] -- D:\noda1302\Documents\Klei
[2013.03.08 19:28:01 | 000,000,000 | ---D | C] -- C:\Users\noda1302\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Steam
[2013.03.08 17:29:31 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2013.03.07 09:30:54 | 000,000,000 | ---D | C] -- D:\noda1302\Desktop\Rare Stilige Kryp
[2013.03.05 20:41:10 | 000,000,000 | ---D | C] -- D:\noda1302\Desktop\Johhny Depp Video Folder
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.03.26 19:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.26 19:04:03 | 000,000,996 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.26 15:33:29 | 000,000,120 | ---- | M] () -- D:\noda1302\Desktop\Your Universe, the Marvel Fan Network - Community - Marvel.com.url
[2013.03.26 15:33:26 | 000,000,447 | ---- | M] () -- D:\noda1302\Desktop\Google.website
[2013.03.26 14:04:01 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.26 10:19:38 | 000,012,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.26 10:19:38 | 000,012,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.26 10:07:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.26 10:07:02 | 3164,405,760 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.26 10:05:03 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.26 10:00:49 | 000,609,993 | ---- | M] () -- D:\noda1302\Desktop\adwcleaner.exe
[2013.03.25 14:26:30 | 002,750,621 | ---- | M] () -- D:\noda1302\Desktop\zelda theme.mp3
[2013.03.24 10:05:50 | 000,000,516 | ---- | M] () -- D:\noda1302\Desktop\The Planck scale relativity meets quantum mechanics meets gravity. (from Einstein Light).website
[2013.03.23 18:18:13 | 002,055,367 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\C at.DB
[2013.03.23 16:45:16 | 000,002,670 | ---- | M] () -- D:\noda1302\Desktop\Min film.wlmp
[2013.03.23 15:24:02 | 000,000,132 | ---- | M] () -- C:\Users\noda1302\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013.03.22 20:17:51 | 000,000,487 | ---- | M] () -- D:\noda1302\Desktop\YouTube - Broadcast Yourself..website
[2013.03.18 14:18:20 | 000,000,624 | ---- | M] () -- D:\noda1302\Desktop\Srumsand videregende skole - Hjem.website
[2013.03.18 10:37:33 | 000,000,506 | ---- | M] () -- D:\noda1302\Desktop\itslearning.website
[2013.03.15 10:45:17 | 003,290,212 | ---- | M] () -- D:\noda1302\Desktop\tegnebide2.png
[2013.03.15 10:39:56 | 003,751,898 | ---- | M] () -- D:\noda1302\Desktop\CAM00071.png
[2013.03.14 18:16:04 | 000,001,528 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk
[2013.03.14 17:10:49 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.03.14 17:10:49 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.03.14 17:10:49 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.03.14 17:10:47 | 000,002,401 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013.03.11 19:31:45 | 000,000,052 | ---- | M] () -- D:\noda1302\Desktop\imgur_ the simple image sharer.url
[2013.03.11 19:13:00 | 000,532,601 | ---- | M] () -- D:\noda1302\Desktop\CAM00071.jpg
[2013.03.10 09:16:06 | 000,159,485 | ---- | M] () -- C:\Users\noda1302\AppData\Local\census.cache
[2013.03.10 09:15:46 | 000,099,342 | ---- | M] () -- C:\Users\noda1302\AppData\Local\ars.cache
[2013.03.08 19:28:01 | 000,000,222 | ---- | M] () -- D:\noda1302\Desktop\Don't Starve.url
[2013.03.08 17:29:00 | 000,000,036 | ---- | M] () -- C:\Users\noda1302\AppData\Local\housecall.guid.cac he
[2013.03.07 20:00:07 | 000,667,400 | ---- | M] () -- D:\noda1302\Desktop\ArbeidstegningRSSfullLiten.png
[2013.03.06 19:19:01 | 000,586,744 | ---- | M] () -- D:\noda1302\Desktop\PORTRETT.psd
[2013.03.06 12:25:26 | 000,000,419 | ---- | M] () -- D:\noda1302\Desktop\IBAN - finn ditt IBAN-nummer - DNB.website
[2013.03.06 12:24:53 | 000,000,719 | ---- | M] () -- D:\noda1302\Desktop\Google AdSense - maksimere inntektene fra det nettbaserte innholdet ditt.website
[2013.03.01 10:39:11 | 000,000,549 | ---- | M] () -- D:\noda1302\Desktop\Amanda Todd's Story Struggling, Bullying, Suicide, Self Harm - YouTube.website
[2013.02.26 15:03:16 | 001,375,856 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.26 15:03:16 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.26 15:03:16 | 000,492,744 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2013.02.26 15:03:16 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.26 15:03:16 | 000,094,502 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.03.26 15:33:29 | 000,000,120 | ---- | C] () -- D:\noda1302\Desktop\Your Universe, the Marvel Fan Network - Community - Marvel.com.url
[2013.03.26 10:04:30 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.03.26 10:00:40 | 000,609,993 | ---- | C] () -- D:\noda1302\Desktop\adwcleaner.exe
[2013.03.25 14:26:26 | 002,750,621 | ---- | C] () -- D:\noda1302\Desktop\zelda theme.mp3
[2013.03.23 16:45:16 | 000,002,670 | ---- | C] () -- D:\noda1302\Desktop\Min film.wlmp
[2013.03.15 10:44:56 | 003,290,212 | ---- | C] () -- D:\noda1302\Desktop\tegnebide2.png
[2013.03.15 10:39:35 | 003,751,898 | ---- | C] () -- D:\noda1302\Desktop\CAM00071.png
[2013.03.14 17:14:36 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\V T20130115.021
[2013.03.14 17:10:51 | 002,055,367 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\C at.DB
[2013.03.14 17:10:49 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.03.14 17:10:49 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.03.14 17:10:47 | 000,002,401 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013.03.14 17:10:08 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymEFA.inf
[2013.03.14 17:10:08 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymDS.inf
[2013.03.14 17:10:08 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymNet.inf
[2013.03.14 17:10:08 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s rtsp64.inf
[2013.03.14 17:10:08 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s rtspx64.inf
[2013.03.14 17:10:08 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s ymELAM.inf
[2013.03.14 17:10:08 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\c cSetx64.inf
[2013.03.14 17:10:08 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\I ron.inf
[2013.03.14 17:09:53 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymVTcer.dat
[2013.03.14 17:09:52 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymELAM64.cat
[2013.03.14 17:09:52 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\c csetx64.cat
[2013.03.14 17:09:52 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s ymnet64.cat
[2013.03.14 17:09:52 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\i ron.cat
[2013.03.14 17:09:52 | 000,007,589 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s rtspx64.cat
[2013.03.14 17:09:52 | 000,007,587 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymEFA64.cat
[2013.03.14 17:09:52 | 000,007,585 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\s rtsp64.cat
[2013.03.14 17:09:52 | 000,007,581 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\S ymDS64.cat
[2013.03.14 17:09:52 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\i solate.ini
[2013.03.11 19:31:46 | 000,000,052 | ---- | C] () -- D:\noda1302\Desktop\imgur_ the simple image sharer.url
[2013.03.11 19:27:20 | 000,532,601 | ---- | C] () -- D:\noda1302\Desktop\CAM00071.jpg
[2013.03.10 09:16:06 | 000,159,485 | ---- | C] () -- C:\Users\noda1302\AppData\Local\census.cache
[2013.03.10 09:15:46 | 000,099,342 | ---- | C] () -- C:\Users\noda1302\AppData\Local\ars.cache
[2013.03.08 19:28:01 | 000,000,222 | ---- | C] () -- D:\noda1302\Desktop\Don't Starve.url
[2013.03.08 17:29:00 | 000,000,036 | ---- | C] () -- C:\Users\noda1302\AppData\Local\housecall.guid.cac he
[2013.03.07 20:00:01 | 000,667,400 | ---- | C] () -- D:\noda1302\Desktop\ArbeidstegningRSSfullLiten.png
[2013.03.06 12:25:26 | 000,000,419 | ---- | C] () -- D:\noda1302\Desktop\IBAN - finn ditt IBAN-nummer - DNB.website
[2013.03.06 12:24:52 | 000,000,719 | ---- | C] () -- D:\noda1302\Desktop\Google AdSense - maksimere inntektene fra det nettbaserte innholdet ditt.website
[2013.02.27 13:53:42 | 000,001,851 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.02.23 17:08:14 | 000,338,815 | ---- | C] () -- C:\Users\noda1302\AppData\Local\speeddial.crx
[2012.11.13 12:53:14 | 000,000,132 | ---- | C] () -- C:\Users\noda1302\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012.10.11 08:16:14 | 000,005,012 | RHS- | C] () -- C:\Users\noda1302\ntuser.pol
[2012.10.11 00:04:09 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.10.11 00:03:53 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.10.11 00:03:53 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.10.11 00:03:52 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.10.10 14:32:01 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2012.10.10 14:30:53 | 000,013,761 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.04.26 14:19:00 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.04.26 11:32:46 | 001,335,250 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.02.09 15:49:17 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\.minecraft
[2013.02.18 13:42:18 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\Ambient Design
[2013.03.24 14:26:52 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\CRMixiDJTB
[2012.11.22 09:57:15 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\Opera
[2012.11.27 10:12:55 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\PACE Anti-Piracy
[2012.10.11 08:26:14 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\StageManager.BD0 92818F67280F4B42B04877600987F0111B594.1
[2013.02.18 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\Wacom
[2013.02.18 14:02:58 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7. 1
[2013.02.19 11:30:07 | 000,000,000 | ---D | M] -- C:\Users\noda1302\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1150 bytes -> D:\noda1302\Desktop\Facebook.website:TASKICON_3fri ends1551906305
@Alternate Data Stream - 1150 bytes -> D:\noda1302\Desktop\Facebook.website:TASKICON_2eve nts361836069
@Alternate Data Stream - 1150 bytes -> D:\noda1302\Desktop\Facebook.website:TASKICON_1mes sages-728500140
@Alternate Data Stream - 1150 bytes -> D:\noda1302\Desktop\Facebook.website:TASKICON_0new s-13198865
@Alternate Data Stream - 1044 bytes -> C:\Users\noda1302\AppData\Local\TempZ93mkEHVdcVs lqiid3ArxHdJqL

< End of report >
Reply With Quote
  #13  
Old March 26th, 2013, 10:15 PM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,451
Please open OTl, copy and paste the content of the codebox below into the custom scan/fixes box and hit the fix button:

Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.searchya.com/?q={searchTerms}&f=4&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyDzyzy0DyByBzyzz0A0BtN0D0Tzu0CyEtBtDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1Q1G1I1Q2U1M1F&cr=2067148209&ir=
IE - HKLM\..\SearchScopes\{7C60CDCF-950E-4DC6-FDB3-604E8E551342}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portalen.akershus-fk.no
IE - HKCU\..\SearchScopes\{0CE38E13-449F-1043-9352-61FF61E8E789}: "URL" = http://blekko.com/ws/?source=e0c8d0ad&tbp=rbox&u=1c6198ab00000000000020107a3bc883&q={searchTerms}&r=685
IE - HKCU\..\SearchScopes\{700364A8-F8FB-4544-AB19-A125CD0BE367}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\..\SearchScopes\{96A369C4-9FDD-4105-A9BC-2B468E1F9703}: "URL" = http://www.searchya.com/?q={searchTerms}&f=4&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyDzyzy0DyByBzyzz0A0BtN0D0Tzu0CyEtBtDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1Q1G1I1Q2U1M1F&cr=2067148209&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = <local>
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
[2013.02.27 13:49:44 | 000,000,000 | ---D | M] ("–—„‚ƒ–") -- C:\Users\noda1302\AppData\Roaming\mozilla\Firefox\Profiles\utkm1a81.default\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
File not found (No name found) -- C:\USERS\NODA1302\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UTKM1A81.DEFAULT\EXTENSIONS\FFXTLBR@SEARCHYA.COM
CHR - default_search_provider: search_url = http://www.searchya.com/?q={searchTerms}&f=4&a=dnldyho&cd=2XzuyEtN2Y1L1Qzu0A0CtCyCtB0DyDzyzy0DyByBzyzz0A0BtN0D0Tzu0CyEtBtDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1Q1G1I1Q2U1M1F&cr=2067148209&ir=
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms},
CHR - homepage: 
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DefaultLogonDomain = Akershus-FK
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
:Commands
[resethots]
[emptytemp]



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Reply With Quote
  #14  
Old March 27th, 2013, 03:55 PM
DanielBN43 DanielBN43 is offline
Member
 
Join Date: Mar 2013
Posts: 39
I opened OTL, and copy pasted in the code, and hit "Run Fix", but the program crashed, I tried this 3 times :/

I scanned with ESET, but after scanning, there were no "List of found threats", so I couldn't continue on those steps :/ Maybe the button didn't appear because it didn't find any threats? That might be it :P I'm not sure.

I did go into C:\Program Files\ESET\ESET Online Scanner\log.txt though,
here is the report:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c7666b0cc1b9844cb27e2ac69fc5a8f3
# engine=13493
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-27 02:45:26
# local_time=2013-03-27 03:45:26 (+0100, Romansk (normaltid))
# country="Norway"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 91 877547 115058022 0 0
# compatibility_mode=5893 16776574 100 94 28849046 116025376 0 0
# scanned=213316
# found=0
# cleaned=0
# scan_time=10234
Reply With Quote
  #15  
Old March 27th, 2013, 08:16 PM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,451
Please explain "crashed". Any error message?

Please post a fresh OTL Scanlogfile.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 05:53 AM.