Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

No desktop at start-up, many explorer.exe files (BSOD problems too) [S


  • This topic is locked This topic is locked

#1
Durre

Durre

    Member

  • Member
  • PipPip
  • 33 posts
Problem explanation

Hello,

I went through the guide of this forum and decided to give this a go. It's my first time asking help online
and I'm not fully sure what data exactly I should provide about my pc. Anyways, I'll just cut to it.
(I'll highlight all programs and services used, as it might make it easier to get the total view).

1. BSOD's

I've been getting a lot of BSOD's lately. It was fairly uncommon at first for several months, but 2 days ago a BSOD appeared every time I encountered an object requiring flash (like a youtube video). I decided to remove McAfee and install AVG (licensed) and ZoneAlarm (Free version) instead, together with Malwarebytes Anti-Malware and SuperAntiSpyware. AVG encountered a CoolWebSearch variant and a rootkit, MABM found one infected file (and called it Riskware) and SuperAntiSpware said it had found 2 Trace.Known Threat Sources. Besides that an online scan F-secure noticed printdft.exe, but that particular file has not given any errors to me, so I didn't remove it. However, when I removed the others, after some reboots and changing the settings of the flash player, the BSOD's had gone. Good news, if it wasn't for other things starting to show up since I decided to run HijackThis.

Going through it's log and deleting several entries in it, I noticed some enhancements in my notebooks behaviour (Windows Vista 32-bit, Dell Latitude E6500), but it was way slower than before. The registry fixing program Powersuite (from Uniblue) that I had been using before said my registry was clean however and using Soluto to manage my startup together with msconfig and services.msc, I definetely had even less programs in startup than before (while scanning I had been deleting unnecessary programs or leftovers from deletions from the notebook). So I was rather surprised when it kept taking so long to load the desktop while on first sight things should be good.

2. Bad Explorer.exe behaviour

Following general forum threads (not here) I decided to take it a bit further and used both Smitfraudfix (in safe mode) and ComboFix to see if any other suspicious behaviour was left. After they had been done, things were a tad better, but still not as it should be. The only big improvement over the whole process I have been describing was the CPU staying around an acceptable percentage and the BSOD's not occuring anymore. Then I decided to re-run the scanning software described before (AVG, SuperAnti... etc.) and SuperAntiSpyware found some new infections. Therefor I thought it might be best to download Spybot and let it check my system too. Now that's where things went totally downhill. Spybot found 4 infections, of which 2 could be removed. The other 2 required startup and it asked me if I would allow to run Spybot at starttup for that occasion. So I did. However, after startup, the usual delay of my desktop appearing never went away, so I was left without desktop. Using Task Manager (I have been using this constantly to look for suspicious processes, however never noticed any) I found my explorer.exe running. Yet I had no desktop. So I made a new task, entered explorer.exe as command and only after deleting the original explorer.exe running from the list, I got my desktop back. Meanwhile Spybot has been running and hasn't found the infections files anymore, but it did find 8 others. So did the registry fixing program notice strange behavior, which was confirmed afterwards by Rootkitbuster (but it hasn't deleted those malicious files and it can't).

Both Rkill and OTL have also been running just half an hour ago. Rkill didn't find anything. I'll paste the OTL log afterwards. Using the Search funtcion I have found over 8 explorer.exe files of which many in "x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3" named like maps and (the real) one in C\Windows. I've ran out of ideas in what to do and I'm afraid I might have done too much already. I think my registry might either be broken or infected when it comes to loading the desktop (everything else works perfectly). I haven't yet restarted my notbook after this first occurence of the desktop not loading. Would you be so kind to try and help me out please?

UPDATE A

I just rebooted my notebook and the desktop came back. However, it still took well over 2 minutes for it to appear after logging in and over 6 minutes of booting (measured by Soluto), which it used to be 2 and a half. While opening up Task Manager, I noticed two csrss.exe processes running at the same time (only one explorer.exe) and I can't see their properties when I want to open them. So I can't trace the path. I don't know if it's normal as I never really paid attention to it. On the other hand, when I look for explorer.exe by using the Search option in Vista, it only shows one in C\windows folder and not in any other folders anymore.

UPDATE B

After a night of rest for the notebook (he had been scanning the all the time the night before since the MABM scan took well over 17 hours)the start-up time has gone down to 4 and a half minutes, while the desktop loaded almost immediatelly after logging in. However, if you would be so kind, please still take a look at the log (or do I need to replace it with a new one?) because I'm afraid it might be a rather random behaviour from the start-up process and I don't dare to use Spybot anymore. I won't take any further steps to scan or fix my registry untill I get an answer, I'll just reboot my notebook once in a while. On a side note: the Search option found just one explorer.exe again (C\windows) so whatever was causing the multiple files seems to have either gone or is not activated. The two csrss.exe files are still there, of which one shows before I tell the Task Manager to show the processes of all users. Only afterwards the second one shows up.


The log

OTL logfile created on: 8/03/2012 02:53:33 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Mattias\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,49 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 44,10% Memory free
6,37 Gb Paging File | 4,18 Gb Available in Paging File | 65,53% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230,67 Gb Total Space | 90,32 Gb Free Space | 39,16% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 0,77 Gb Free Space | 38,43% Space Free | Partition Type: NTFS

Computer Name: DURRE | User Name: Mattias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/08 02:53:06 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mattias\Desktop\OTL.exe
PRC - [2012/03/07 13:33:06 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2012/01/25 19:05:44 | 001,712,176 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2012/01/25 19:05:44 | 000,547,872 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011/11/03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 15:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/11/02 13:23:56 | 002,457,600 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mattias\Desktop\RootkitBuster_2.80.1077\RootkitBuster.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/01/26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/21 03:25:09 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/06 12:49:48 | 000,429,040 | ---- | M] () -- C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
MOD - [2012/03/06 12:49:46 | 003,772,912 | ---- | M] () -- C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll
MOD - [2012/03/06 12:48:22 | 000,122,880 | ---- | M] () -- C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\avutil-51.dll
MOD - [2012/03/06 12:48:20 | 000,220,672 | ---- | M] () -- C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\avformat-53.dll
MOD - [2012/03/06 12:48:19 | 001,747,456 | ---- | M] () -- C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\avcodec-53.dll
MOD - [2012/03/06 09:25:19 | 008,593,056 | ---- | M] () -- C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll
MOD - [2012/03/06 09:25:19 | 008,593,056 | ---- | M] () -- C:\Users\Mattias\AppData\Local\Google\Chrome\APPLIC~1\170963~1.66\gcswf32.dll
MOD - [2012/03/06 03:46:50 | 000,645,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\5dd159c5351d4108eaca2308d8dc74f7\PCGPostBootResources.ni.dll
MOD - [2012/03/06 03:46:50 | 000,060,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\4f9d4277c88289615a042223a47eb29b\PCGHIDProbe.ni.dll
MOD - [2012/03/06 03:46:49 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\7fd935bff96b4d2c47494a82637ff41b\PCGRSPProbe.ni.dll
MOD - [2012/03/06 03:46:48 | 002,327,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\43faaab221f93cc1e08daa557d243535\Community.CsharpSqlite.ni.dll
MOD - [2012/03/06 03:46:46 | 000,202,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\162eb71288ae8578de7c60d6cacff2fe\PCGWuInfo.ni.dll
MOD - [2012/03/06 03:46:46 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\2dadac7311c15d47aeec1ca4b05cfc88\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2012/03/06 03:46:45 | 000,067,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\1212360ee6a49e8bd041838d8478170e\PCGUsersCenter.ni.dll
MOD - [2012/03/06 03:46:42 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\0be97d1937d3284bd783d09ef6e1bfa5\PCGAppControlPluginLoader.ni.dll
MOD - [2012/03/06 03:46:41 | 004,109,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\78cd00b1db45a3689e1c1cf8a47c30cf\PCGClientCommon.ni.dll
MOD - [2012/03/06 03:46:36 | 000,197,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\0ab8dacec7797070ae70c843de0210f7\PCGBootVisualizingCommon.ni.dll
MOD - [2012/03/06 03:46:34 | 000,065,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\a10b7e669320ed621c32992dff80038e\PCGConfiguration.ni.dll
MOD - [2012/03/06 03:46:30 | 003,903,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDatabase\26e3248ba01ce88f2966c9e912e57ac8\PCGDatabase.ni.dll
MOD - [2012/03/06 03:46:24 | 000,047,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\ae69d58fadcc49693f7299813eb6731e\PCGAzureEntityFramework.ni.dll
MOD - [2012/03/06 03:46:23 | 001,308,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\f2914a979af7db2eed580bc35a8f6c01\PCGAzureShared.ni.dll
MOD - [2012/03/06 03:46:22 | 001,278,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGCommunication\e06a3df237a6f53df5937aeb4e9c2ce4\PCGCommunication.ni.dll
MOD - [2012/03/06 03:46:19 | 000,194,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\a78969904fab39fe7c2b2dcff884a1ad\PCGDriverProbe.ni.dll
MOD - [2012/03/06 03:46:11 | 002,845,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\c0aa0701f75c13ce80a8ac6de9fa6516\PCGPreCompiled.ni.dll
MOD - [2012/03/06 03:46:08 | 000,205,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\3a183499e84bd777a8e30a421fa0a3f9\PCGPrestoSerializer.ni.dll
MOD - [2012/03/06 03:46:07 | 000,596,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\c3d248651f3296ec1ca1716dc0f0359b\Ionic.Zip.Reduced.ni.dll
MOD - [2012/03/06 03:45:59 | 002,652,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGFramework\2b161b66357f2113864f59cb1eb6af31\PCGFramework.ni.dll
MOD - [2012/03/06 03:45:46 | 001,999,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Soluto\6028cb5ccf83c76fbae9bec1fe823383\Soluto.ni.exe
MOD - [2012/02/17 11:23:20 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll
MOD - [2012/02/17 11:22:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/17 09:52:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/17 09:52:13 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/02/17 09:52:02 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/17 09:51:40 | 002,516,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44f933054413500a61afb01e87d8f3fa\System.Data.Linq.ni.dll
MOD - [2012/02/17 09:51:29 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bc01d91f95947c7f25f3ae4e16db2cb5\System.Core.ni.dll
MOD - [2012/02/17 09:49:54 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/01/25 18:57:02 | 000,071,216 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll
MOD - [2011/12/16 23:58:30 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d72212e0e98b6ea4339d453bf540b5a6\CustomMarshalers.ni.dll
MOD - [2011/12/16 19:21:59 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2010/06/29 09:31:12 | 000,652,800 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2009/08/16 16:06:04 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/03/31 19:04:19 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_nl_b77a5c561934e089\System.resources.dll
MOD - [2009/03/31 19:04:18 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/03/30 05:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2008/12/22 13:13:54 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2008/06/19 17:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008/03/05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008/03/04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008/02/26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007/12/24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/07 13:33:06 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2012/01/25 19:05:44 | 000,547,872 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/11/03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/12 00:35:12 | 000,056,040 | ---- | M] (Xobni Corporation) [On_Demand | Stopped] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2010/07/19 16:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/07/19 16:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/04/05 07:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\stacsv.exe -- (STacSV)
SRV - [2010/04/05 07:54:56 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\AEstSrv.exe -- (AESTFilters)
SRV - [2009/04/22 09:05:34 | 001,703,936 | ---- | M] (Wave Systems Corp.) [Disabled | Stopped] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/04/10 11:08:00 | 000,077,824 | ---- | M] (Smith Micro Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009/04/09 12:58:16 | 000,447,264 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/02/11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/22 09:19:20 | 000,808,296 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2009/01/22 09:19:20 | 000,020,840 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008/12/29 10:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/12/12 08:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [Disabled | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/12 12:25:48 | 001,273,856 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/06/09 22:06:30 | 000,036,864 | ---- | M] (How2 Studios) [On_Demand | Stopped] -- C:\Program Files\ISP Monitor\ISPMonitorSrv.exe -- (ISPMonitorSrv)
SRV - [2008/06/03 14:16:30 | 000,382,232 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe -- (alssvc)
SRV - [2008/01/21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/19 04:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NvtSp50)
DRV - File not found [File_System | Boot | Stopped] -- -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012/03/08 02:31:00 | 000,161,296 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012/03/05 13:25:56 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2012/03/05 12:53:32 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2012/01/25 18:56:46 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Soluto.sys -- (Soluto)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/03 15:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/29 22:14:53 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/05/07 17:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2011/03/23 15:05:24 | 000,223,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2011/01/05 19:42:14 | 000,284,792 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/11/19 10:44:48 | 009,936,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/14 03:34:16 | 006,680,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32) ___ Intel®
DRV - [2010/04/05 07:56:08 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/09/25 20:19:35 | 000,023,680 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH.SYS -- (FNETTBOH)
DRV - [2009/09/25 20:19:35 | 000,007,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/04/22 13:16:00 | 000,205,624 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/04/16 03:58:22 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/04/11 05:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2009/04/03 13:25:52 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/04/03 13:25:50 | 000,045,056 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/03 13:25:42 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/04/03 13:25:40 | 000,048,640 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/04/03 13:25:40 | 000,045,056 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/03/08 16:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 06:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/09/25 06:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/09/16 10:41:20 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\heci.sys -- (HECI) Intel®
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/01/21 03:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Stuurprogramma voor Intel®
DRV - [2007/04/19 04:28:12 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2007/04/04 08:53:32 | 000,039,424 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DUBE100B.sys -- (DUBE100B)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {2d8d9acc-f6d7-4362-8876-a275ca929591} - No CLSID value found
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{15098183-B1D3-40BA-BE3F-92508E338118}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2849859

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{15098183-B1D3-40BA-BE3F-92508E338118}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...CC-863238CDD529
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-03-07 13:33:11&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2849859
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_NL Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {D2A6A719-7CBC-4594-85FD-C36AD881424F}:4.5.22
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {2d8d9acc-f6d7-4362-8876-a275ca929591}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Mattias\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mattias\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mattias\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smart[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/22 20:45:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 22:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/03/06 00:27:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/06 23:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\9.0.0.23\ [2012/03/07 13:33:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/05 22:43:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/05 22:43:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/22 20:45:48 | 000,000,000 | ---D | M]

[2009/09/21 10:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mattias\AppData\Roaming\mozilla\Extensions
[2009/09/21 10:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mattias\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/03/06 03:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions
[2010/05/03 18:21:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/05 23:33:27 | 000,000,000 | ---D | M] (BittorrentBar_NL Community Toolbar) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}
[2012/03/05 22:45:04 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/03/05 23:44:46 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/10/05 17:48:49 | 000,002,392 | ---- | M] () -- C:\Users\Mattias\AppData\Roaming\Mozilla\Firefox\Profiles\e6lw46f2.default\searchplugins\askcom.xml
[2011/01/04 19:28:24 | 000,000,935 | ---- | M] () -- C:\Users\Mattias\AppData\Roaming\Mozilla\Firefox\Profiles\e6lw46f2.default\searchplugins\conduit.xml
[2012/03/07 01:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/07 01:18:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/06 00:27:33 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\MATTIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E6LW46F2.DEFAULT\EXTENSIONS\{582195F5-92E7-40A0-A127-DB71295901D7}.XPI
() (No name found) -- C:\USERS\MATTIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E6LW46F2.DEFAULT\EXTENSIONS\[email protected]
[2012/02/16 16:12:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2008/01/08 01:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2012/03/07 01:17:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/07 13:33:03 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 11:53:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 11:58:11 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/02/16 11:58:11 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/02/16 11:58:11 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitTorrent (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: DivX Player Netscape Plugin (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX VOD Helper Plug-in (Disabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Disabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - Extension: YouTube = C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AVG Safe Search = C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/08 00:37:57 | 000,440,678 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15173 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F6BD6330-76F8-44D9-B775-87614E2D8374} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - Reg Error: Value error. File not found
O8 - Extra context menu item: &Download with FlashGet - Reg Error: Value error. File not found
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Instellingen voor Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.58.126.3 134.58.127.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC7BD8BB-6558-46B4-948E-5D82E620B611}: DhcpNameServer = 134.58.126.3 134.58.127.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Mattias\Pictures\Q.O.P\Scrabble love.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mattias\Pictures\Q.O.P\Scrabble love.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 02:53:07 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Mattias\Desktop\OTL.exe
[2012/03/08 02:30:51 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/03/08 02:30:41 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\RootkitBuster_2.80.1077
[2012/03/08 00:27:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/08 00:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/08 00:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/08 00:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/03/07 15:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/03/07 15:38:38 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\SystemRequirementsLab
[2012/03/07 14:01:44 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\Uniblue Power Suite 2011
[2012/03/07 13:34:22 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\3v
[2012/03/07 13:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RadarSync
[2012/03/07 13:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/03/07 13:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/03/07 13:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/03/07 12:52:05 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/07 12:43:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/07 03:25:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/07 01:22:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\SmitfraudFix
[2012/03/07 01:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/06 23:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012/03/06 23:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2012/03/06 23:13:35 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/03/06 13:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/03/06 13:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012/03/06 13:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/03/06 12:09:20 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/03/06 04:31:49 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/06 04:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/06 04:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/06 04:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/06 04:20:48 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\f-secure
[2012/03/06 04:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/03/06 03:41:18 | 000,051,144 | ---- | C] (Soluto LTD.) -- C:\Windows\System32\drivers\Soluto.sys
[2012/03/06 03:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2012/03/06 03:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2012/03/06 03:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/06 03:33:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/06 03:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/06 00:28:04 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\AVG2012
[2012/03/06 00:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/03/06 00:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/03/06 00:25:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/03/06 00:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/03/06 00:12:28 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{9AA674DA-C66B-4514-9C14-FBBAF77AD15E}
[2012/03/06 00:12:15 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{57B55C14-9623-4595-814D-230F64AB6B89}
[2012/03/05 23:53:28 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Documents\ForceField Shared Files
[2012/03/05 23:53:26 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\CheckPoint
[2012/03/05 23:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/03/05 22:58:48 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/03/05 20:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/03/05 20:41:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/03/05 20:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/03/05 15:11:00 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\.minecraft
[2012/03/05 13:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/03/05 13:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/03/05 13:30:27 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/03/05 13:25:56 | 000,046,592 | ---- | C] (REDC) -- C:\Windows\System32\drivers\risdptsk.sys
[2012/03/05 12:53:32 | 000,046,592 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2012/03/05 12:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/03/05 12:00:30 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{84349503-FA63-4DDF-921D-ED7B7C06AB6C}
[2012/03/05 12:00:07 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{4D0AE794-E9AC-4E38-A684-B6B8319B4160}
[2012/03/04 14:53:47 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\Uniblue
[2012/03/04 14:53:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/03/04 14:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/03/04 14:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/03/04 14:51:33 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\PackageAware
[2012/03/04 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{A3D233B2-FBD0-4A3A-9DAA-75648BE10FD4}
[2012/03/04 10:00:51 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{259405A5-6200-4BED-A31A-C210E20B6D7C}
[2012/03/03 12:44:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{29B82725-11E5-445D-B393-8BFC115EA6BE}
[2012/03/03 12:43:55 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{DC9A96F1-2719-46D8-986F-E8DB552DAEF9}
[2012/03/02 17:14:49 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{76E158CE-4CAF-4D8D-A405-C9CC4685E3D1}
[2012/03/02 17:14:35 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2608C4D7-2F80-40FC-934D-1A3519A08637}
[2012/03/02 15:25:42 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{3B391CC6-19F2-4977-9E4E-C1B2BF3B1242}
[2012/03/01 19:30:47 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{4448BE9E-0111-4C1D-BA47-27F90C7B6DA8}
[2012/03/01 19:30:24 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{EFC818F4-12B0-48EB-B9B0-A93B506DB65C}
[2012/03/01 14:07:10 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{7DF2E479-5B6E-4E63-B471-4088D5FD9F0A}
[2012/02/29 23:47:10 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Documents\MCEdit-schematics
[2012/02/29 23:47:09 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\pymclevel
[2012/02/29 23:46:51 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MCEdit
[2012/02/29 23:46:35 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\MCEdit
[2012/02/29 14:41:51 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{6D620C16-74A3-4F78-A275-3F832DEEFA91}
[2012/02/29 14:41:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{9A804AAD-76F0-4C63-8377-DECD77180B1E}
[2012/02/29 14:34:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{417E04D2-4135-48AC-8BDE-348CFC64E8F0}
[2012/02/28 21:34:14 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{F2E17226-C45A-45DE-B663-39820A61DA75}
[2012/02/28 12:27:00 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{219B2868-4912-4AC9-8C91-54F8F4A67C7D}
[2012/02/27 12:43:19 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2CC2DDC7-4C37-47E9-9D70-79F52578CFF8}
[2012/02/26 10:31:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{AD9A7B41-50DF-4C30-883C-9A83DE462183}
[2012/02/26 10:30:54 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2163BAC3-5AAD-4ABD-A0A0-6A12EFA2893C}
[2012/02/25 14:40:57 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{8F100642-8A28-4133-8847-B915756660DF}
[2012/02/25 14:40:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{09C79F6E-D106-4B5F-B964-A0F30114B3FD}
[2012/02/25 11:51:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{51E57A87-1594-4F15-9FD4-31E96C793FA3}
[2012/02/25 11:50:57 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{ADFC392E-FE18-48F7-A7D5-9A0BFCDFA69B}
[2012/02/24 21:38:07 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{875657E5-57E6-45DA-AB67-26AAB4136A2B}
[2012/02/24 21:37:55 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{44F15145-04CE-4B34-AE5C-AFA1032B1F70}
[2012/02/24 18:17:53 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{B761084C-C17A-4846-BEFE-DED46E21D005}
[2012/02/24 13:20:49 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{1E423208-FE10-4BB9-8A3E-89290CDF2C72}
[2012/02/24 12:27:42 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{BAA9D580-2D1A-4CC1-A7CA-944696F5C1B4}
[2012/02/23 13:17:08 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{495D38E6-8003-40E1-8158-89B8C75226D8}
[2012/02/23 13:16:58 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{90DBE53F-0F19-46AB-99CA-AA0D4A5439B6}
[2012/02/23 12:05:28 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{BEB7DE08-D57D-454E-8C47-B638071E8914}
[2012/02/22 16:40:31 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2EBC9284-E0FF-4928-99C5-672DEDC0CEE9}
[2012/02/22 12:15:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{935E2295-FB5B-4044-A8ED-7B46D595A46C}
[2012/02/21 22:39:50 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{30DD94D1-72C2-45CC-9119-1F1A6A79E707}
[2012/02/21 16:31:08 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{F6A6F7D6-0A2A-4072-81F2-B3F5B04E898E}
[2012/02/21 07:45:27 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{ADFB157B-B5D0-4F2D-BD23-857F0FB6D4B5}
[2012/02/21 07:36:32 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{771D5FF4-3027-4896-99CD-3EA69988D629}
[2012/02/20 19:09:52 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{36C5B681-7EE0-4B8F-B03C-1385F6FAD143}
[2012/02/20 11:29:07 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{EA4B0C15-950B-4262-8B7E-A364CB37A072}
[2012/02/19 10:17:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{1313607D-608D-4350-9C73-9E4B29561E98}
[2012/02/19 10:17:02 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{023BE0FA-D99E-4C2D-9A44-3C5920655B97}
[2012/02/18 22:38:01 | 000,000,000 | ---D | C] -- C:\Users\Mattias\.swt
[2012/02/18 11:36:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{DBA25761-8847-4DB9-89BA-95D74C6F546B}
[2012/02/18 11:36:09 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{33A7DBC8-853B-4205-953C-E822132DA7E5}
[2012/02/17 20:35:02 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{C1FE67A1-161E-41D9-AC15-4399666E0198}
[2012/02/17 15:35:12 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{D3AA29D1-311E-4990-BB1D-25D9A07DFB28}
[2012/02/17 09:51:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{18AD1CE6-DD4D-4F53-B073-B8EB2FB1F04D}
[2012/02/16 17:09:36 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{FF97EE7A-9514-494B-915A-FFF7B2337DAF}
[2012/02/16 17:09:22 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{6324BDD3-5746-422F-9B85-A25087C8DAB4}
[2012/02/16 09:54:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{C6EEED01-AFCB-4CBE-82CC-3960666A2BAF}
[2012/02/15 10:39:55 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{0EB52F94-4995-4C23-81A3-A048E03A9491}
[2012/02/15 10:04:34 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{AA70B19D-74B3-477A-A3FF-11C0B295E30C}
[2012/02/15 10:04:09 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{D7943DE8-21B9-46E6-9FCE-2B735FE089CF}
[2012/02/15 09:56:48 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{DE03CB09-06D2-4BDC-B6B2-76014FCA696A}
[2012/02/15 09:39:50 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{695A94BA-F83D-4C76-BC58-BB560E4513B9}
[2012/02/15 09:21:45 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{47E8E653-8B5D-4209-B5F9-C9225BCCAA66}
[2012/02/14 23:32:28 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2120352B-53B7-40C4-93F9-5A018724DFE5}
[2012/02/09 10:20:23 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{AA257B6C-BA24-4864-891F-72D5FBF53731}
[2012/02/09 10:19:58 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{F34E4AFB-F87F-4D6B-AEE1-4E5F18B97D22}
[2012/02/08 10:34:49 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{B4BF37B6-EBA4-441B-BC11-7619C15720FC}
[2012/02/08 10:34:24 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{3C022C8C-3C68-40BB-936B-36E5F8973B82}
[2012/02/07 10:25:59 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{341E4AA9-1793-47A5-BDEB-93DDD26A3842}
[2012/02/07 10:25:10 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{3AE62DD6-11F0-434C-83C3-6D8E3A76F893}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/08 03:02:02 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000UA.job
[2012/03/08 02:53:06 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mattias\Desktop\OTL.exe
[2012/03/08 02:37:05 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/08 02:31:00 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/03/08 02:19:19 | 001,008,141 | ---- | M] () -- C:\Users\Mattias\Desktop\rkill.exe
[2012/03/08 01:38:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 01:38:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 01:38:00 | 000,032,069 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/03/08 01:37:59 | 000,032,069 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/03/08 01:37:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/08 01:37:11 | 3745,411,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/08 01:35:27 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/08 00:57:17 | 091,084,966 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/08 00:37:57 | 000,440,678 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/08 00:16:48 | 000,001,063 | ---- | M] () -- C:\Users\Mattias\Desktop\Spybot - Search & Destroy.lnk
[2012/03/08 00:08:53 | 000,002,521 | ---- | M] () -- C:\Users\Mattias\Desktop\HiJackThis.lnk
[2012/03/07 23:02:11 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000Core.job
[2012/03/07 20:48:14 | 000,002,946 | ---- | M] () -- C:\Users\Mattias\Documents\mcedit.ini
[2012/03/07 17:07:29 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/03/07 17:05:32 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.0.lnk
[2012/03/07 16:24:33 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/03/07 16:04:21 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/03/07 14:58:14 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\PowerSuite.lnk
[2012/03/07 13:07:36 | 000,002,060 | ---- | M] () -- C:\Users\Mattias\Desktop\Google Chrome.lnk
[2012/03/07 13:07:36 | 000,002,022 | ---- | M] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/07 12:58:46 | 463,905,923 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/07 04:47:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120308-003757.backup
[2012/03/07 03:16:22 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0E026961-7E77-443B-A740-1A5D423ED0D8}.job
[2012/03/07 01:44:36 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/07 01:34:14 | 000,000,691 | ---- | M] () -- C:\Users\Mattias\AppData\Roaming\GetValue.vbs
[2012/03/07 01:34:14 | 000,000,035 | ---- | M] () -- C:\Users\Mattias\AppData\Roaming\SetValue.bat
[2012/03/07 01:34:13 | 000,002,394 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2012/03/07 00:01:09 | 000,718,982 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2012/03/07 00:01:09 | 000,632,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/07 00:01:09 | 000,149,064 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2012/03/07 00:01:09 | 000,118,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/06 23:36:40 | 000,415,859 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/03/06 15:53:34 | 001,872,472 | ---- | M] () -- C:\Users\Mattias\Desktop\SmitfraudFix.exe
[2012/03/06 13:18:22 | 000,046,177 | ---- | M] () -- C:\Users\Mattias\Desktop\processinfo 2012_03_06 13_18.html
[2012/03/06 08:58:39 | 000,029,013 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/06 04:28:13 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/06 03:33:52 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 01:54:48 | 000,001,356 | ---- | M] () -- C:\Users\Mattias\AppData\Local\d3d9caps.dat
[2012/03/06 00:56:43 | 000,622,359 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/03/06 00:27:34 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/03/05 22:43:58 | 000,000,878 | ---- | M] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/05 22:43:58 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/05 19:09:17 | 000,002,716 | ---- | M] () -- C:\Windows\System32\.rsp
[2012/03/05 19:09:17 | 000,001,479 | ---- | M] () -- C:\Windows\System32\.lck
[2012/03/05 14:05:46 | 000,004,358 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012/03/05 13:30:27 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/03/05 13:25:56 | 000,046,592 | ---- | M] (REDC) -- C:\Windows\System32\drivers\risdptsk.sys
[2012/03/05 12:53:32 | 000,046,592 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2012/03/04 14:53:39 | 000,001,583 | ---- | M] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2012/02/26 14:39:06 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/02/26 14:39:06 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/02/17 15:41:15 | 000,000,134 | ---- | M] () -- C:\Users\Mattias\Desktop\Netwerkcentrum - Snelkoppeling.lnk
[2012/02/17 09:46:39 | 000,439,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/07 19:05:11 | 000,112,006 | ---- | M] () -- C:\Users\Mattias\Desktop\ItemslistV110.png
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/08 02:19:15 | 001,008,141 | ---- | C] () -- C:\Users\Mattias\Desktop\rkill.exe
[2012/03/08 00:57:17 | 091,084,966 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/08 00:16:48 | 000,001,063 | ---- | C] () -- C:\Users\Mattias\Desktop\Spybot - Search & Destroy.lnk
[2012/03/07 16:04:21 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/03/07 14:58:14 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\PowerSuite.lnk
[2012/03/07 03:13:58 | 000,000,428 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{0E026961-7E77-443B-A740-1A5D423ED0D8}.job
[2012/03/07 01:44:11 | 3745,411,072 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/07 01:34:14 | 000,000,691 | ---- | C] () -- C:\Users\Mattias\AppData\Roaming\GetValue.vbs
[2012/03/07 01:34:14 | 000,000,035 | ---- | C] () -- C:\Users\Mattias\AppData\Roaming\SetValue.bat
[2012/03/07 01:25:07 | 000,002,394 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2012/03/06 23:30:42 | 000,415,859 | ---- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/03/06 23:13:35 | 000,002,521 | ---- | C] () -- C:\Users\Mattias\Desktop\HiJackThis.lnk
[2012/03/06 15:53:21 | 001,872,472 | ---- | C] () -- C:\Users\Mattias\Desktop\SmitfraudFix.exe
[2012/03/06 13:18:21 | 000,046,177 | ---- | C] () -- C:\Users\Mattias\Desktop\processinfo 2012_03_06 13_18.html
[2012/03/06 08:58:36 | 000,029,013 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/06 04:28:13 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/06 03:33:52 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 00:56:43 | 000,622,359 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/03/06 00:27:34 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/03/05 22:58:50 | 000,002,060 | ---- | C] () -- C:\Users\Mattias\Desktop\Google Chrome.lnk
[2012/03/05 22:58:50 | 000,002,022 | ---- | C] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/05 22:57:56 | 000,001,074 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000UA.job
[2012/03/05 22:57:54 | 000,001,022 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000Core.job
[2012/03/05 22:43:58 | 000,000,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/05 21:14:21 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/05 13:30:23 | 000,004,358 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/03/04 14:53:39 | 000,001,583 | ---- | C] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2012/02/29 23:46:51 | 000,002,946 | ---- | C] () -- C:\Users\Mattias\Documents\mcedit.ini
[2012/02/17 15:41:15 | 000,000,134 | ---- | C] () -- C:\Users\Mattias\Desktop\Netwerkcentrum - Snelkoppeling.lnk
[2012/02/07 19:05:19 | 000,112,006 | ---- | C] () -- C:\Users\Mattias\Desktop\ItemslistV110.png
[2012/01/25 16:23:42 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2012/01/25 16:23:42 | 000,031,744 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2012/01/25 16:23:42 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2011/12/25 23:28:51 | 000,000,000 | ---- | C] () -- C:\Windows\PCFriend.INI
[2011/10/06 21:23:41 | 000,032,069 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/10/06 21:23:21 | 000,032,069 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/10/06 21:21:58 | 001,657,448 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2011/10/06 21:21:58 | 001,612,392 | ---- | C] () -- C:\Windows\System32\nView.dll
[2011/10/06 21:21:58 | 001,108,584 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2011/10/06 21:21:58 | 000,449,128 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2011/10/06 21:21:58 | 000,267,368 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe
[2011/10/06 21:21:58 | 000,262,248 | ---- | C] () -- C:\Windows\System32\nViewSetup.exe
[2011/10/06 21:21:57 | 001,731,176 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2011/10/06 21:21:57 | 000,473,704 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2011/10/06 20:24:48 | 000,000,000 | ---- | C] () -- C:\Users\Mattias\AppData\Local\{C44EA8F1-26C3-4500-A660-B86F610B5AA2}
[2011/10/06 18:37:26 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2011/10/03 10:43:33 | 000,000,000 | ---- | C] () -- C:\Users\Mattias\AppData\Local\{215171B1-D18C-4DFF-813C-5A92EF77FF63}
[2011/09/29 19:00:24 | 000,000,022 | -HS- | C] () -- C:\Users\Mattias\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/06/30 15:57:18 | 000,177,597 | ---- | C] () -- C:\Windows\hpoins28.dat
[2011/05/27 22:55:53 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/05/02 13:38:27 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/04/26 12:33:42 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/26 12:33:42 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/11/15 20:27:45 | 000,054,694 | ---- | C] () -- C:\Windows\System32\pthreadGC.dll
[2010/10/27 23:46:02 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/10/27 22:47:13 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/06/23 20:03:00 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat

========== LOP Check ==========

[2012/03/05 15:16:14 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\.minecraft
[2011/04/24 20:21:51 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\.Nitrous
[2012/03/07 13:34:22 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\3v
[2011/07/25 10:37:00 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\acccore
[2011/05/28 09:41:57 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Audacity
[2012/03/06 00:28:04 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\AVG2012
[2012/02/18 22:38:25 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Azureus
[2012/03/07 13:39:18 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\BitTorrent
[2009/08/31 15:24:40 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Broadcom
[2012/03/05 23:53:26 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\CheckPoint
[2010/10/10 18:23:52 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\DNA
[2009/09/29 17:40:30 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\DriverCure
[2012/03/06 04:20:48 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\f-secure
[2009/09/05 09:47:06 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\FlashGet
[2009/09/25 20:21:51 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Genie-Soft
[2011/08/11 10:06:15 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\GetRightToGo
[2010/02/01 18:42:18 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\gtk-2.0
[2010/01/29 18:59:43 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Inkscape
[2010/10/17 20:31:22 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\ISP Monitor
[2009/11/10 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\iTelevision
[2012/01/25 17:03:55 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Maple
[2011/04/24 10:47:35 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Minecraft Backup Tool
[2011/11/19 18:22:57 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\pdf995
[2012/02/29 23:47:09 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\pymclevel
[2011/03/02 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Raptr
[2009/09/29 18:06:37 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\SoundSpectrum
[2012/02/15 10:40:39 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Spotify
[2012/03/07 15:38:47 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\SystemRequirementsLab
[2011/07/25 08:57:31 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Trillian
[2010/12/23 17:26:39 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\TuneUpMedia
[2012/03/07 14:58:35 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Uniblue
[2010/02/12 23:30:44 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Unigraphics Solutions
[2011/08/09 15:03:09 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Unity
[2012/03/07 13:38:55 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\uTorrent
[2009/08/31 15:25:03 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Wave Systems Corp
[2010/11/23 23:38:26 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Windows Live Writer
[2012/03/08 01:35:30 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/07 03:16:22 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0E026961-7E77-443B-A740-1A5D423ED0D8}.job

========== Purity Check ==========



< End of report >

Edited by Durre, 08 March 2012 - 02:22 PM.

  • 0

Advertisements


#2
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
Hi, welcome to GeeksToGo! I'm havredave, and I'll do my best to help you fix whatever it is that ails your computer.

I'm sorry for the wait, but things have been busy :)

Just a few things before we begin, to ease the process on both of us:
  • Please don't run any scanning or cleaning software without my direction, as it can make things worse and take longer in the long run.
  • Please be patient. A good cleaning can take quite a while, and usually involves many steps before it is complete. I may not post back quickly, because I often have to research issues or run ideas by my peers for a more thorough fix.
  • You may wish to print out each instruction post in case you lose Internet connectivity (using safe mode, for example), so you can complete the fix.
  • If you have any question on any step, or if something doesn't work as described, please stop and ask before we proceed. Better safe than sorry!
  • Please paste your logs into your replies instead of attaching them. This makes it far easier to review. Feel free to use multiple replies if you need to.
  • Please stick with me until I let you know we're finished. Even if the machine is running better, it doesn't mean it's clean.

I'm currently looking over your information, and will get back to you with instructions shortly. Please do post back if you still need help.
  • 0

#3
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
There's a little residue to think about removing from your log, but I'd like to have you run a fresh log with OTL, and run an aswMBR scan, instructions to follow.

I'd like to recommend that you do not use registry cleaning software. Reasoning here.

Combofix shouldn't be run without direct supervision by someone trained in its use, just in case something catastrophic occurs (rarely, but it can happen). That said, I'd like to take a look at the log(s) it generated. If only one, it'll be located at C:\Combofix.txt.

I'll hit on the other items you've mentioned as we go along. :)


First:

Download a new copy of OTL to your Desktop.
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Copy the text from the codeblock below (ctrl-c) and paste it (ctrl-v) into the Custom Scans/Fixes box.

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    volsnap.sys
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    
  • Put a checkmark in the Scan All Users checkbox.
  • Put checkmarks in the LOP Check and Purity Check checkboxes.
  • Click the 'Use SafeList' radio button in the 'Extra Registry' section.
  • Click the Run Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic



Next:

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

If it asks you to download virus definitions, please say yes.

Click the "Scan" button to start scan. It could take a while, especially for the virus scan part. Do not let it fix anything, just do the scan.
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image



In all, please reply with your new OTL.txt, the Extras.txt that was created when it was first run, Combofix.txt, and aswMBR.txt.
  • 0

#4
Durre

Durre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hello havredave,

thank you very much for taking on my topic! I am so grateful you are willing to help and assist me with this! I've read the blog article about registry cleaning you sent me and I've taken your advice not to use the software, as indeed I do not even have sufficient knowledge to be randomly cleaning what the software says I should clean. Thank you for warning me Posted Image

I'll insert the ComboFix log (which as you said, I ran without direct supervision) at the end of this post. Your advice on not running it without supervision (anymore) is taken into account and I'll make sure to look for external help earlier on in the process of trying to detect infections. However, I hope that it won't be necessary in the future, as I'd very much like to keep this laptop clean and healthy. And as the saying goes, the greatest wealth is health.

Your instructions have been printed out and the OTL scan is currently running. However, it's been over an hour right now and I don't remember taking it that long the first time around. I'm not sure, but it might be stuck in a loop or repetitive process, just like the registry cleaning software was, which was running when I first started the topic (I haven't used or scanned anything since the start of the topic, except for a 'removing tracking cookies' scan). The path on which it seems to be stuck is the following:


C:\Users\Mattias\..\All Users\Soluto\Temp\shadow10\Users\All Users\Soluto\Temp\shadow10\Users\All Users\Soluto\Temp\shadow10\Users\All Users\Soluto\Temp\shadow10\Users\All Users\Soluto\Temp\shadow10\Users\All Users\Sol...

I can't see the full name as it's too long and I don't know how many more times this is being repeated. Soluto is the program I use for removing unnecessary start-up programs from the start-up process. Knowing the registry cleaning software got stuck on this path for over 3 hours, after which I decided to stop it scanning the registry, I wonder if I should let OTL continue or abort? I won't close it on my own behalf, so I'll just let it run until I get a reply from you. My laptop is set to stay awake as long as it's connected to the AC current, so until you reply OTL should have been running.

I'm waiting to run awsMBR until I'll have received new advice. I'll post the Extras.Txt from the very first OTL scan in another post, as I'm not sure if you requested that file or you wanted the Extras.Txt from the current OTL scan or both? That said, do you prefer me adding a new post for each log (like I'm about to do now) or have all the logs from one reply in one post?

Update on OTL scan

The scan has moved on to the following directory:
C:\Users\Mattias\..\All Users\Soluto\Temp\shadow10\Users\All Users\Soluto\Temp\shadow10\Users\All Users\Soluto\Temp\shadow10\Users\All Users\Soluto\Temp\shadow10\Users\All Users\Soluto\Temp\shadow11\Users\All Users\Sol...


COMBOFIX LOG


ComboFix 12-03-04.02 - Mattias 07/03/2012 3:29.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.32.1043.18.3571.2064 [GMT 1:00]
Gestart vanuit: c:\users\Mattias\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
FW: ZoneAlarm Free Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Mattias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Windows12111_ConfigRepository.bin
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-07 to 2012-03-07 ))))))))))))))))))))))))))))))
.
.
2012-03-07 03:02 . 2012-03-07 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-07 03:02 . 2012-03-07 03:02 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-07 00:34 . 2012-03-07 00:34 691 ----a-w- c:\users\Mattias\AppData\Roaming\GetValue.vbs
2012-03-07 00:34 . 2012-03-07 00:34 35 ----a-w- c:\users\Mattias\AppData\Roaming\SetValue.bat
2012-03-07 00:25 . 2012-03-07 00:34 2394 ----a-w- c:\windows\system32\tmp.reg
2012-03-07 00:19 . 2012-03-07 00:19 -------- d-----w- c:\program files\Common Files\Java
2012-03-06 22:13 . 2012-03-06 22:13 388096 ----a-r- c:\users\Mattias\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2012-03-06 22:13 . 2012-03-06 22:13 -------- d-----w- c:\program files\TrendMicro
2012-03-06 12:03 . 2012-03-06 12:12 -------- d-----w- c:\programdata\SecTaskMan
2012-03-06 12:03 . 2012-03-06 12:13 -------- d-----w- c:\program files\Security Task Manager
2012-03-06 11:09 . 2012-03-06 11:09 -------- d-----w- C:\$AVG
2012-03-06 03:31 . 2012-03-06 03:31 -------- d-----w- c:\users\Mattias\AppData\Roaming\SUPERAntiSpyware.com
2012-03-06 03:27 . 2012-03-06 03:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-06 03:27 . 2012-03-06 03:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-06 03:20 . 2012-03-06 03:20 -------- d-----w- c:\users\Mattias\AppData\Roaming\f-secure
2012-03-06 03:19 . 2012-03-06 03:19 -------- d-----w- c:\programdata\F-Secure
2012-03-06 02:41 . 2012-01-25 17:56 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-03-06 02:41 . 2012-03-06 02:42 -------- d-----w- c:\program files\Soluto
2012-03-06 02:33 . 2012-03-06 02:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-06 02:33 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-05 23:28 . 2012-03-05 23:28 -------- d-----w- c:\users\Mattias\AppData\Roaming\AVG2012
2012-03-05 23:25 . 2012-03-06 23:55 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-05 23:25 . 2012-03-06 21:21 -------- d-----w- c:\programdata\AVG2012
2012-03-05 23:22 . 2012-03-05 23:22 -------- d-----w- c:\program files\AVG
2012-03-05 22:53 . 2012-03-05 22:53 -------- d-----w- c:\users\Mattias\AppData\Roaming\CheckPoint
2012-03-05 22:52 . 2012-03-05 22:52 -------- d-----w- c:\programdata\CheckPoint
2012-03-05 22:50 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-03-05 21:52 . 2012-03-05 21:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-05 21:43 . 2012-02-16 15:12 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-03-05 21:43 . 2012-02-16 15:12 97240 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2012-03-05 21:43 . 2012-02-16 15:12 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2012-03-05 21:43 . 2012-02-16 15:12 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-03-05 21:43 . 2012-02-16 15:12 437208 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2012-03-05 21:43 . 2012-02-16 15:12 1911768 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2012-03-05 21:43 . 2012-02-16 15:12 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2012-03-05 21:43 . 2012-02-16 10:42 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-03-05 21:43 . 2012-02-16 10:42 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-03-05 21:43 . 2012-02-16 10:41 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-03-05 21:43 . 2012-02-16 10:41 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-03-05 21:43 . 2012-02-16 10:41 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-03-05 19:48 . 2012-03-06 22:29 -------- d-----w- c:\program files\CheckPoint
2012-03-05 19:41 . 2012-03-05 19:41 -------- d--h--w- c:\programdata\Common Files
2012-03-05 19:41 . 2012-03-07 01:45 -------- d-----w- c:\programdata\MFAData
2012-03-05 14:11 . 2012-03-05 14:16 -------- d-----w- c:\users\Mattias\AppData\Roaming\.minecraft
2012-03-05 12:32 . 2012-03-05 12:32 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-03-05 12:32 . 2012-03-05 12:32 -------- d-----w- c:\program files\NVIDIA Corporation
2012-03-05 12:30 . 2012-03-05 12:30 57960 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-05 12:30 . 2012-03-05 12:30 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2012-03-05 12:30 . 2012-03-05 12:30 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2012-03-05 12:30 . 2012-03-05 12:30 17193576 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-05 12:25 . 2012-03-05 12:25 46592 ----a-w- c:\windows\system32\drivers\risdptsk.sys
2012-03-05 12:22 . 2012-03-05 12:22 33320 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-03-05 12:17 . 2012-03-05 12:17 84008 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-03-05 12:13 . 2012-03-05 12:13 18472 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-03-05 12:13 . 2012-03-05 12:13 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-03-05 11:53 . 2012-03-05 11:53 46592 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2012-03-05 11:04 . 2012-03-05 11:04 -------- d-----w- c:\programdata\Uniblue
2012-03-04 13:53 . 2012-03-05 11:02 -------- d-----w- c:\users\Mattias\AppData\Roaming\Uniblue
2012-03-04 13:53 . 2012-03-05 11:03 -------- d-----w- c:\program files\Uniblue
2012-03-04 13:53 . 2012-03-04 13:53 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-03-04 13:51 . 2012-03-04 13:51 -------- d-----w- c:\users\Mattias\AppData\Local\PackageAware
2012-03-02 14:38 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCBFE953-4754-4B8D-A79B-BA9CF4EEF119}\mpengine.dll
2012-02-29 22:47 . 2012-02-29 22:47 -------- d-----w- c:\users\Mattias\AppData\Roaming\pymclevel
2012-02-29 22:46 . 2012-02-29 22:46 -------- d-----w- c:\users\Mattias\AppData\Local\MCEdit
2012-02-18 21:38 . 2012-02-18 21:38 -------- d-----w- c:\users\Mattias\.swt
2012-02-16 19:37 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 19:37 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 00:16 . 2010-07-13 19:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-29 04:10 . 2009-10-04 18:55 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-27 10:51 . 2012-01-27 10:51 129 ----a-w- c:\users\Mattias\update.bat
2012-01-25 15:23 . 2012-01-25 15:23 31744 ----a-w- c:\windows\system32\maplec.dll
2012-01-25 15:23 . 2012-01-25 15:23 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2012-01-25 15:23 . 2012-01-25 15:23 20480 ----a-w- c:\windows\system32\maplecompat.dll
2011-12-12 09:07 . 2011-12-25 13:33 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-02-16 15:12 . 2012-03-05 21:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 12:01 . 2010-12-30 13:07 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F6BD6330-76F8-44D9-B775-87614E2D8374}"= "c:\program files\Fiesta Download Manager\mp3bar.dll" [2010-08-31 222208]
.
[HKEY_CLASSES_ROOT\clsid\{f6bd6330-76f8-44d9-b775-87614e2d8374}]
[HKEY_CLASSES_ROOT\ToolBand.MP3Bar.1]
[HKEY_CLASSES_ROOT\TypeLib\{09082C8C-70CA-4077-AFBB-C2F85AFC7438}]
[HKEY_CLASSES_ROOT\ToolBand.MP3Bar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-04-22 08:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-04-22 08:03 49152 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-05 495708]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-01-04 488816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-12 13838952]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-05-12 92776]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-18 73360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-4-9 1094944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2011-01-04 15:48 488816 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]
2009-02-26 14:53 184320 ----a-w- c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
2009-04-22 12:15 95544 ----a-w- c:\program files\Wave Systems Corp\EMBASSY Security Setup\EmbassySecurityCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-05 21:57 136176 ----atw- c:\users\Mattias\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-25 19:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 07:34 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-02-11 15:38 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper.exe]
2011-08-18 23:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-04-24 09:05 250192 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 14:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-05-05 23:58 1657448 ----a-w- c:\windows\System32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2009-04-22 12:15 656696 ----a-w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-04-05 06:56 495708 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UsbBoost]
2009-09-25 19:19 3788800 ----a-w- c:\program files\UsbBoost\TurboHddUsb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USCService]
2009-04-22 13:41 15360 ----a-w- c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2008-12-22 12:15 134144 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamDell.exe]
2008-10-17 08:41 442536 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\aestsrv.exe [2010-04-05 81920]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-07 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2012-03-05 13:43]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 20:25]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 20:25]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000Core.job
- c:\users\Mattias\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05 21:57]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000UA.job
- c:\users\Mattias\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05 21:57]
.
2012-03-07 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-03-04 08:26]
.
2012-03-07 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-03-05 14:28]
.
2012-03-07 c:\windows\Tasks\User_Feed_Synchronization-{0E026961-7E77-443B-A740-1A5D423ED0D8}.job
- c:\windows\system32\msfeedssync.exe [2012-02-16 04:44]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet
IE: &Download with FlashGet
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 134.58.126.3 134.58.127.1
FF - ProfilePath - c:\users\Mattias\AppData\Roaming\Mozilla\Firefox\Profiles\e6lw46f2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849859&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2849859&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{2D8D9ACC-F6D7-4362-8876-A275CA929591} - (no file)
HKLM-Run-ISW - (no file)
MSConfigStartUp-aim - c:\program files\AIM\aim.exe
MSConfigStartUp-BitTorrent DNA - c:\users\Mattias\Program Files\DNA\btdna.exe
MSConfigStartUp-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-Raptr - c:\progra~1\Raptr\raptrstub.exe
AddRemove-AviSynth - c:\program files\AviSynth 2.5\Uninstall.exe
AddRemove-BlueJ_is1 - c:\bluej\uninst\unins000.exe
AddRemove-NirSoft ProduKey - c:\program files\NirSoft\ProduKey\uninst.exe
AddRemove-Raptr - c:\program files\Raptr\uninstall.exe
AddRemove-VirtualLab 5 Client_is1 - c:\program files\BinaryBiz\VirtualLab5\unins000.exe
AddRemove-BitTorrent DNA - c:\users\Mattias\Program Files\DNA\btdna.exe
AddRemove-{4237FF56-4BD0-481E-BD44-C1A8DDA9C753}Mattias_is1 - c:\users\Mattias\Games\WinDS PRO\uninstall\unins000.exe
.
.
.
**************************************************************************
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden:
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'lsass.exe'(932)
c:\windows\system32\wvauth.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Voltooingstijd: 2012-03-07 12:43:00
ComboFix-quarantined-files.txt 2012-03-07 11:42
.
Pre-Run: 95.909.224.448 bytes beschikbaar
Post-Run: 95.520.411.648 bytes beschikbaar
.
- - End Of File - - E4844AAFBB733BD12ACA5862ED9770CE

Edited by Durre, 13 March 2012 - 08:27 AM.

  • 0

#5
Durre

Durre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Post including the EXTRAS.TXT log from the very first OTL scan.



OTL Extras logfile created on: 8/03/2012 02:53:33 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Mattias\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,49 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 44,10% Memory free
6,37 Gb Paging File | 4,18 Gb Available in Paging File | 65,53% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230,67 Gb Total Space | 90,32 Gb Free Space | 39,16% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 0,77 Gb Free Space | 38,43% Space Free | Partition Type: NTFS

Computer Name: DURRE | User Name: Mattias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0098A0A9-0F43-406E-91D5-34C97A8C4826}" = lport=445 | protocol=6 | dir=in | app=system |
"{20C7D81C-F181-45AC-B0B3-E5BF1D855284}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{38E2545A-0727-4D00-807E-3B6A3A4921AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{44EE337E-FBF2-4033-9B95-2E366C50EE7B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46570C5B-B391-475A-B8D4-A5BEB7A2A343}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{622EF7E3-9DC4-4B5E-9048-90F5A2687C86}" = lport=137 | protocol=17 | dir=in | app=system |
"{84A99E14-3D9D-4887-88DD-108840A2D25D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{95CBDB12-EFA9-4123-804F-933375F5DE74}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A8938D15-EFCC-4AA0-9BD9-AE0C36D6F9F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ADEA2BAC-D4DF-4034-8A2B-82F8127A3D80}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B0C5D3B9-EDAA-4C7F-AFE3-9934CD07BAF9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B95664E6-BCB3-4488-9545-4B8D822DEF4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BEF9CBDB-313E-4BE9-986A-0AB96716C35E}" = rport=138 | protocol=17 | dir=out | app=system |
"{CABD95E4-90CB-438F-A0DA-1E4A730C37DD}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9DF9AB7-D460-46A6-9B8E-EF6C75CFD097}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DD9DF3D2-7E68-4452-858C-C1815ED4B0C9}" = lport=138 | protocol=17 | dir=in | app=system |
"{E1EE8F72-399A-45A6-BD34-FDD1E7CA8997}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E205B970-A143-46E5-A207-C0FD12CF3960}" = rport=445 | protocol=6 | dir=out | app=system |
"{E371A0F4-0672-498F-9519-59F497D3EA86}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2E28C65-AF92-459D-90D7-0881EC63B0A5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05176351-737E-4F65-AA27-A1963FD158BE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0F25F3A7-E2D9-484B-81B9-C49A9D2020D6}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{1513F8FB-24EA-47A6-B3B4-BC541E1A2904}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{16F9D661-836F-4146-B68C-ED02F67AFCB7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{1763E456-73D4-4006-877F-DB34352D342D}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{19032475-7AB2-4CB1-802A-BB14A73A352A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1C9B48BC-1C46-4EE8-87BE-64AB2FC6DA5C}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{1D14465A-EAED-4A03-AA89-362CB4FC0C4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1F97655F-2A81-4AB7-A1D0-7CB484EC438A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{210825B0-1A2A-42E0-8612-900ED33F93EE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{280F0F16-3251-4324-8BCC-DFE302172FB4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2AC35B04-5AB9-4A0E-BFAF-C231D57361C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2FF5161F-58F2-4219-A1C7-2CD495005511}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{33D23100-8122-40AE-9E76-981D0F3C7120}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{370AB495-7A11-4DF5-BCF1-A67F90FDB1C3}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{3D80061F-44A2-4255-9B03-9734E830D23B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{40E065B7-7C50-46F5-B27B-E54A3F8B8FC5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{46ED0104-238D-4B20-81FC-2C086B6EC561}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{47E09EF4-ADD0-40EA-A4E6-497A9BD935E4}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4C489A9F-88B0-458E-8C38-CA5D52236F3F}" = protocol=1 | dir=out | [email protected],-28544 |
"{5267B108-BE29-484B-836D-20EE4C0929CA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{53EEE652-6099-4BE7-9959-EE8786C9DEAC}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{5737D966-B879-42A3-BEC3-2DAEA2CB751E}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{59E67CCA-47A1-4A1B-ACE0-7ACE08A8A665}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6383B1A3-077C-4474-B9AB-487822E6AA2B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{659304E6-4CF4-4C48-B118-EEB876AC010D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{67D86987-5D3C-42F4-8770-329CFBF33F42}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{68952CE6-0107-4BA0-B9D1-5F8C8C4F71C5}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{6B893228-8435-414B-B2EC-B3822C8A2456}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{6CA04788-8822-4DAD-BD79-C0A1963A250E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{7165514A-EB31-4B25-A4F9-2633156AF3C1}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{75DFFCCD-C589-41A0-B37E-99E62F0FA12A}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{783CCCB4-7C22-4D38-BE33-21CCD7DF7B52}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{7B803477-91E9-4A5F-932B-450F71B0D602}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{7DB05117-B642-4E65-A61B-E656A2EB3034}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{7F623459-7A38-4AC2-BD9C-677E4FED95B6}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{885447D0-8AE6-4F90-B8EF-E1DFD852D88A}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{8E610D33-E6F6-442F-9898-ED2F07D650EC}" = protocol=6 | dir=in | app=c:\users\mattias\downloads\installers\hardware\solutoinstaller.exe |
"{9174F262-7E5E-4097-A823-F9C4ED4A57B0}" = protocol=6 | dir=in | app=c:\users\mattias\downloads\installers\hardware\solutoinstaller-di3g1nto56.exe |
"{93F424A4-587B-426A-9D66-37F88AE59EA3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{95A2F338-A1A8-472A-BB0B-7953DAEB4270}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{9CED4BFE-62B2-476C-B701-E6D286B1DFAD}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{9D644262-63FA-4223-8D25-3F79B8D51BA6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{9E29A00B-0270-4B6C-B430-E31E54DD417A}" = protocol=58 | dir=out | [email protected],-28546 |
"{A048B64B-2FF8-4003-A31A-7112875776E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{A46387B3-520F-45FF-9389-658D4FB26EF9}" = protocol=1 | dir=in | [email protected],-28543 |
"{A5C2E0EB-37B4-4541-9217-AA2619B3E0D1}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{A71A4CFB-1B67-4869-B781-ECB8FBAC702F}" = protocol=17 | dir=in | app=c:\users\mattias\downloads\installers\hardware\solutoinstaller.exe |
"{B09D5BDB-2E77-46D1-AD8F-CDEB78C4A466}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{B400D17B-1938-4C12-92FD-27C9F1C6D489}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{B8DECB4C-1994-45F4-A016-E397C925A299}" = protocol=17 | dir=in | app=c:\users\mattias\downloads\installers\hardware\solutoinstaller-di3g1nto56.exe |
"{BBAD0101-5496-45D0-A511-AE2EED64FBE3}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{C1CD8521-BB05-48F9-BE61-78C582FC1D80}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{C1F066D4-76D5-4741-9E68-4879D6814C57}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{C5C24417-6E35-4FE7-A3D7-808D22116E6B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C6958E14-7517-4762-9B86-F7EB5A44CEE5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{D337D16A-DB4D-46B2-B3BE-1FF3D998008D}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{D618A95F-2E67-44F9-A59C-8623ED916DCF}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{D770E15D-6093-41A2-A128-D6B334EE3432}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{E4FEDFE6-25F9-4DBA-B53E-B6BA8FE334F3}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{EC4EC761-EAD7-43B8-98E7-6EF3028092B6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EC5E5BD7-4345-425B-B857-DED020F6EA73}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{EC62EB67-E2B9-4B0B-9CB6-EF0BA461B04A}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F4481EB1-D0C5-4FD7-B40E-5DF0F3D5B479}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{F929AC4B-16E5-4465-8669-3AD72DF0FCC5}" = protocol=58 | dir=in | [email protected],-28545 |
"{FB5AB5FA-513B-4B76-B55F-7342BAF1D43C}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"TCP Query User{01A008F5-2C27-457B-AB0D-37B86638DCB6}C:\users\mattias\desktop\dcoo cs1.6\cstrike.exe" = protocol=6 | dir=in | app=c:\users\mattias\desktop\dcoo cs1.6\cstrike.exe |
"TCP Query User{0C35E21F-53D4-40E1-ADB8-AF58D24EAB57}C:\program files\acclaim\revolt\revolt.exe" = protocol=6 | dir=in | app=c:\program files\acclaim\revolt\revolt.exe |
"TCP Query User{1822E432-2722-4793-ABB1-84E376B76039}C:\program files\maple 14\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 14\jre\bin\maple.exe |
"TCP Query User{1B698683-C3CC-495A-9688-FD6D3C3224DA}C:\program files\maple 14\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\maple 14\jre\bin\java.exe |
"TCP Query User{25D0924D-5B23-4C3F-B59A-3BC5091FCB4F}C:\users\mattias\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mattias\appdata\roaming\spotify\spotify.exe |
"TCP Query User{2E6C2558-8DF6-4F28-AB57-565EB8A39D47}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{3359A99E-515D-4185-A935-DFA5D562B07A}C:\program files\microsoft games\project s\spartan.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\project s\spartan.exe |
"TCP Query User{3F461D24-CA07-4A2E-87A5-ABC4B124B38E}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{4B9E40F4-343D-491D-8CF4-ED56BBAFDC94}C:\program files\maple 14\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 14\jre\bin\maple.exe |
"TCP Query User{4BECDE68-8C39-4F7F-A2A0-76DE2203C8B1}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{61D403F5-BDAE-4126-9694-FB4A704BD54D}C:\program files\rv house\rv_house.exe" = protocol=6 | dir=in | app=c:\program files\rv house\rv_house.exe |
"TCP Query User{652ACB31-EE37-49FB-BCF3-D8FB8A849517}C:\program files\maple 15\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 15\jre\bin\maple.exe |
"TCP Query User{69651142-8797-4F17-9D11-61C4B8DF2FA1}C:\users\mattias\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mattias\program files\dna\btdna.exe |
"TCP Query User{6AD7C6BE-9936-4A23-9B22-C3A574BD7FAD}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{6D22C41A-2ECC-43AA-BD76-4B1E0FFC09F2}C:\program files\matlab\r2008b\bin\win32\matlab.exe" = protocol=6 | dir=in | app=c:\program files\matlab\r2008b\bin\win32\matlab.exe |
"TCP Query User{7C1BAAA3-92F0-4994-BCC8-78150EB74E3B}C:\users\mattias\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mattias\appdata\roaming\spotify\spotify.exe |
"TCP Query User{7E20895F-A40A-4675-9DDC-AF6B92B876D9}C:\users\mattias\desktop\dcoo cs1.6\cstrike.exe" = protocol=6 | dir=in | app=c:\users\mattias\desktop\dcoo cs1.6\cstrike.exe |
"TCP Query User{7F156EF7-A5DD-46B0-818E-A1D9A91B3DEC}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{8EEC318B-6369-48EB-BD17-7B576B343626}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{90C14934-E511-4297-AD5C-3C473743EA72}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{A9FA7099-3C06-497E-9969-D04ED81C6F89}C:\program files\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"TCP Query User{BDCDE674-8355-4A04-BF85-408530AAA4AD}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{BEF42C09-0277-4433-97B2-EDE15D3E99E1}C:\users\mattias\downloads\installers\download\utorrent.exe" = protocol=6 | dir=in | app=c:\users\mattias\downloads\installers\download\utorrent.exe |
"TCP Query User{C00FDF2D-6094-41C0-A75D-97987D3F8178}C:\users\mattias\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mattias\program files\dna\btdna.exe |
"TCP Query User{D4DBCCBF-D49D-4F78-95FD-524A10E4B641}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{F1136063-0FFF-4275-B769-9667FC4AD75A}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{FD58D85A-D896-46D7-AC7E-A2330EB76C9C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{0F7F22E8-14DA-4088-9E84-7222286F7070}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{164C95A7-C4A3-4508-BAAC-929DD78D4E41}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{3612D8B9-E4A0-48BE-850C-46B36A1ACA00}C:\program files\maple 14\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\maple 14\jre\bin\java.exe |
"UDP Query User{453DDC18-C856-4193-A57E-B65B1C785E18}C:\users\mattias\downloads\installers\download\utorrent.exe" = protocol=17 | dir=in | app=c:\users\mattias\downloads\installers\download\utorrent.exe |
"UDP Query User{49EDF545-3088-4AF6-8927-F39E2AC76014}C:\users\mattias\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mattias\program files\dna\btdna.exe |
"UDP Query User{536681B8-3E04-42D8-98EE-F94E6F7BCF5F}C:\users\mattias\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mattias\program files\dna\btdna.exe |
"UDP Query User{5F723B55-71F3-42A5-906B-2EDB7481BF13}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{6799ED17-C35B-4111-A5C0-54D71F3A4280}C:\users\mattias\desktop\dcoo cs1.6\cstrike.exe" = protocol=17 | dir=in | app=c:\users\mattias\desktop\dcoo cs1.6\cstrike.exe |
"UDP Query User{70C79C7E-6F20-416E-9180-B08135D37B12}C:\program files\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"UDP Query User{780B0D7F-44B5-4BAB-829F-4A3CDDA30627}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{96DFE6EC-4B77-40F5-A6B3-645563BC1530}C:\program files\maple 14\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 14\jre\bin\maple.exe |
"UDP Query User{AFBC0859-60B3-453D-BE3C-791276DCEF6B}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{B4021CC5-DED4-4D1A-B29A-4A055C8297A3}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{B51BC73D-DEF3-4855-AF14-B60AFF1A0C50}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{C3728C00-A212-4672-831A-FB244A68A4F0}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{CBC914D4-9451-4BC9-A54D-569271E4997B}C:\program files\maple 14\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 14\jre\bin\maple.exe |
"UDP Query User{CF61BA41-9809-4EB3-B103-3D771A84D3B8}C:\program files\microsoft games\project s\spartan.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\project s\spartan.exe |
"UDP Query User{D0B4058A-8E1F-47BA-A5CB-210346A9982C}C:\program files\maple 15\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 15\jre\bin\maple.exe |
"UDP Query User{D398BD44-ADE6-4559-ACBA-16A6E4E89F80}C:\program files\matlab\r2008b\bin\win32\matlab.exe" = protocol=17 | dir=in | app=c:\program files\matlab\r2008b\bin\win32\matlab.exe |
"UDP Query User{DEAB374E-9E68-4AC7-99F3-E5750E707AAE}C:\users\mattias\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mattias\appdata\roaming\spotify\spotify.exe |
"UDP Query User{E4B8B5C9-BD99-4D69-BE61-BC760848CCE1}C:\program files\acclaim\revolt\revolt.exe" = protocol=17 | dir=in | app=c:\program files\acclaim\revolt\revolt.exe |
"UDP Query User{F0D0BBA4-DD62-4F5C-97D8-933F79675250}C:\users\mattias\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mattias\appdata\roaming\spotify\spotify.exe |
"UDP Query User{F6DD4521-F1ED-4A8A-ADE0-C440B334A901}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{F7AA9244-02C0-4FC4-A7C0-59C22AA55760}C:\program files\rv house\rv_house.exe" = protocol=17 | dir=in | app=c:\program files\rv house\rv_house.exe |
"UDP Query User{FB0F8E06-6015-4487-B482-AB2F0D6407A7}C:\users\mattias\desktop\dcoo cs1.6\cstrike.exe" = protocol=17 | dir=in | app=c:\users\mattias\desktop\dcoo cs1.6\cstrike.exe |
"UDP Query User{FEF4B869-D87D-49A7-AEA4-651A2039E14E}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{072B53D7-DAAD-4562-8764-B528D0ADA7C4}" = Windows Live Family Safety
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}" = Angry Birds
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2484631E-A7B3-4847-ACBB-4D881E6E9D5A}" = Dell ControlPoint Connection Manager
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH R5U241 / R5C847 Media Driver ver.2.04.01.00
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C086D06-187A-4050-ADD4-2F9D033651B4}" = Aan de slag met Dell
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java™ SE Development Kit 6 Update 18
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{4994A7CB-2BF4-4664-8FCE-DB66055ECEBC}" = Broadcom USH Host Components
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530942-9B89-4186-98B7-F51000000100}" = Project S
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4F2D3995-1EC5-3C05-B7E5-3449F802E6DE}" = Microsoft .NET Framework 4 Extended NLD Language Pack
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AF4F4C5-C71C-418F-B0B1-3903A345BD71}" = Ambient Light Sensor
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67436268-FB14-4DFB-AE73-1B1EFA2B0213}" = Dell ControlPoint System Manager
"{6753BD39-312A-43D0-81FD-B983D776F0C7}" = Blogger For Word
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel® PRO Alerting Agent
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{865A8951-8D9A-46CB-84A2-3D67BA38B923}" = EASEUS Deleted File Recovery 2.1.1
"{86A8FD76-3268-4102-9674-7118881EC2C0}" = Wave Infrastructure Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{886F91D5-4B45-45DC-938E-6B0276C6B015}" = Solid Edge V20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISER_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_ENTERPRISER_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{99E39418-A6C1-4D2B-AF9F-9152C93F03A9}" = Dell Control Point
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE41AF3-FAD1-4A34-8976-747FDC19FE08}" = Software van Intel® PROSet/Wireless WiFi
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E4B37D6-D7F8-4067-B900-3F314C709916}" = Intel® PROSet/Wireless WiFi Software
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Nederlands
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1" = Genie Backup Assistant
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCC68887-6E07-4438-A035-7C22EFBDC15E}" = Intel® Network Connections 14.6.7.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DAC07FB2-2C63-44B2-8344-AB7542C936D2}" = DCP32MMWrapper
"{DB58A549-42CA-4081-986A-633479DE413F}" = SO32MMWrapper
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F6DC2328-1FA4-4F7A-954C-C733363266EE}" = Soluto
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"8461-7759-5462-8226" = Vuze
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-stuurprogrammapakket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows-stuurprogrammapakket - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"AC3File_is1" = AC3File 0.7b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"AVS Audio Editor_is1" = AVS Audio Editor version 6.1
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 5
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BittorrentBar_NL Toolbar" = BittorrentBar_NL Toolbar
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = Configuration DivX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"F-Manager" = Fiesta Download Manager
"GFWL_{4D530942-9B89-4186-98B7-F51000000100}" = Project S
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"Inkscape" = Inkscape 0.45
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"ISPMonitor" = ISP Monitor
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Maple 15" = Maple 15
"Maple Toolbox" = Maple Toolbox
"MatlabR2008b" = MATLAB R2008b
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
"Mozilla Firefox 10.0.2 (x86 nl)" = Mozilla Firefox 10.0.2 (x86 nl)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"PCFriendly" = PCFriendly
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"PDFTools_is1" = PDFTools Version 1.3 (08/26/2007)
"Pet Racer" = Pet Racer
"PhotoScape" = PhotoScape
"Plants vs. Zombies" = Plants vs. Zombies
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel® Network Connections 14.6.7.0
"PunkBusterSvc" = PunkBuster Services
"Reimage Repair" = Reimage Repair
"Re-Volt" = Re-Volt patch 12.07
"Security Task Manager" = Security Task Manager 1.8d
"Shop for HP Supplies" = Shop for HP Supplies
"Signature995" = Signature995
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Speccy" = Speccy
"SystemRequirementsLab" = System Requirements Lab
"TuneUpMedia" = TuneUp Companion 1.9.0
"UsbBoost" = UsbBoost
"VLC media player" = VLC media player 1.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WhiteCap" = WhiteCap
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"XobniMain" = Xobni
"ZC2.10w" = Zelda Classic 2.10w
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BorderDemo" = BorderDemo
"CardLayoutDemo" = CardLayoutDemo
"Combo Box" = Combo Box
"DynamicTreeDemo" = DynamicTreeDemo
"FormattedTextFieldDemo" = FormattedTextFieldDemo
"GlassPaneDemo" = GlassPaneDemo
"Google Chrome" = Google Chrome
"GridLayoutDemo" = GridLayoutDemo
"LayeredPaneDemo2" = LayeredPaneDemo2
"ListDemo" = ListDemo
"ListDialogRunner" = ListDialogRunner
"Menu Layout Demo" = Menu Layout Demo
"MenuSelectionManagerDemo" = MenuSelectionManagerDemo
"PasswordDemo" = PasswordDemo
"Popup Menu Demo" = Popup Menu Demo
"Progress Bar" = Progress Bar
"RootLayeredPaneDemo" = RootLayeredPaneDemo
"ScrollDemo" = ScrollDemo
"Simple Table Selection Demo Application" = Simple Table Selection Demo Application
"SliderDemo" = SliderDemo
"SliderDemo2" = SliderDemo2
"SpinnerDemo" = SpinnerDemo
"SpinnerDemo4" = SpinnerDemo4
"SplitPaneDemo2" = SplitPaneDemo2
"Spotify" = Spotify
"TabbedPaneDemo" = TabbedPaneDemo
"TabComponentsDemo" = TabComponentsDemo
"TextFieldDemo" = TextFieldDemo
"TopLevelDemo" = TopLevelDemo
"TreeIconDemo" = TreeIconDemo

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/03/2012 15:14:23 | Computer Name = Durre | Source = Windows Search Service | ID = 3013
Description =

Error - 7/03/2012 15:15:07 | Computer Name = Durre | Source = Windows Search Service | ID = 3013
Description =

Error - 7/03/2012 15:15:07 | Computer Name = Durre | Source = Windows Search Service | ID = 3013
Description =

Error - 7/03/2012 15:15:08 | Computer Name = Durre | Source = Windows Search Service | ID = 3013
Description =

Error - 7/03/2012 15:15:08 | Computer Name = Durre | Source = Windows Search Service | ID = 3013
Description =

Error - 7/03/2012 16:33:16 | Computer Name = Durre | Source = Windows Search Service | ID = 3013
Description =

Error - 7/03/2012 18:47:40 | Computer Name = Durre | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 7/03/2012 18:48:13 | Computer Name = Durre | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 7/03/2012 18:49:18 | Computer Name = Durre | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 7/03/2012 18:50:03 | Computer Name = Durre | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ OSession Events ]
Error - 23/11/2009 21:07:20 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12120
seconds with 960 seconds of active time. This session ended with a crash.

Error - 17/08/2010 13:32:43 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 378
seconds with 360 seconds of active time. This session ended with a crash.

Error - 19/08/2010 10:55:01 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 21 seconds with 0 seconds of active time. This session ended with a crash.

Error - 30/12/2010 11:55:46 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/02/2011 06:21:40 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/02/2011 17:58:37 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7730
seconds with 3120 seconds of active time. This session ended with a crash.

Error - 12/05/2011 18:53:34 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25/07/2011 16:12:33 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/12/2011 08:48:42 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/03/2012 11:40:24 | Computer Name = Durre | Source = Service Control Manager | ID = 7009
Description =

Error - 7/03/2012 11:40:24 | Computer Name = Durre | Source = Service Control Manager | ID = 7000
Description =

Error - 7/03/2012 11:40:24 | Computer Name = Durre | Source = DCOM | ID = 10005
Description =

Error - 7/03/2012 12:01:30 | Computer Name = Durre | Source = volmgr | ID = 262193
Description = Het configureren van het paginabestand voor de crashdump is mislukt.
Zorg ervoor dat er zich een paginabestand op de opstartpartitie bevindt en dat deze
groot
genoeg is om het gehele fysieke geheugen te bevatten.

Error - 7/03/2012 12:04:14 | Computer Name = Durre | Source = Service Control Manager | ID = 7009
Description =

Error - 7/03/2012 12:04:14 | Computer Name = Durre | Source = Service Control Manager | ID = 7000
Description =

Error - 7/03/2012 19:28:01 | Computer Name = Durre | Source = Service Control Manager | ID = 7000
Description =

Error - 7/03/2012 20:36:41 | Computer Name = Durre | Source = volmgr | ID = 262193
Description = Het configureren van het paginabestand voor de crashdump is mislukt.
Zorg ervoor dat er zich een paginabestand op de opstartpartitie bevindt en dat deze
groot
genoeg is om het gehele fysieke geheugen te bevatten.

Error - 7/03/2012 20:37:05 | Computer Name = Durre | Source = volmgr | ID = 262193
Description = Het configureren van het paginabestand voor de crashdump is mislukt.
Zorg ervoor dat er zich een paginabestand op de opstartpartitie bevindt en dat deze
groot
genoeg is om het gehele fysieke geheugen te bevatten.

Error - 7/03/2012 20:40:24 | Computer Name = Durre | Source = Service Control Manager | ID = 7026
Description =


< End of report >
  • 0

#6
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
I noticed something right off in your Combofix log, and wanted to mention it. It appears that you are using a version of Ad-Aware that has built-in antivirus. You are also using AVG, which of course is an antivirus product. Running multiple antivirus products is a very bad idea, as they'll often fistfight, and can also leave your machine less protected. Nevermind the potential for crashes and other odd behavior.

I would probably recommend you keep AVG and get rid of Ad-Aware in your particular case.

I'll keep going over your feedback, and get something to you as soon as possible. You're right; OTL shouldn't take all that long to scan, but I do have you doing a custom scan, and it appears you have some pathing errors. Those nested paths (the ones you said it was 'sticking' on) really shouldn't look like that. I'll research and see what we can do. In the meantime, I don't think it's bad to let it scan for a few hours, but over that you might want to stop it and we'll deal with the path errors first.

I do this from work, approximately 9am to 5pm MST (GMT-7), to give you an idea of when I will (and won't!) be able to post.
  • 0

#7
Durre

Durre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I did indeed have Ad-Aware with built-in antivirus. I used to have McAfee as my main protection (licensed) and Ad-Aware as a back-up (licensed till September 2011). However, Ad-Aware has been disabled most of the time since McAfee was running, except when I wanted to run a spyware scan. Two weeks ago I decided to get rid of McAfee and get AVG together with ZoneAlarm free. I deinstalled McAfee using Programs and Features in the Control Panel. I kept Ad-Aware until I had I had found MBAM and SuperAntiSpyware, so after the ComboFix scan I deinstalled it the same way as I deinstalled McAfee (using the guidelines from Lavasoft's site). Just so you know that it's not operating or installed anymore. However, I've noticed the OTL scan went through some paths containing references to McAfee and Lavasoft in the long nested path. So I don't think they've both completely been removed.

The OTL scan is still running after 5 hours. It's still trying to go through the nested path.

Thank you so far for your advice and efforts.

UPDATE

I just now remember the following:
After using Spybot for the first time, multiple explorer.exe files appeared upon reboot on demand of Spybot. Spybot automatically started scanning and found several infections (none of them got detected by Spybot before the reboot). After a fresh reboot, the explorer.exe files were gone, but the registry cleaning software deteced this nested path problem while scanning. So maybe the nested path problem could be related to the (wrong?) use of Spybot?

Edited by Durre, 13 March 2012 - 10:21 AM.

  • 0

#8
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
Just a guess, but I don't think the multiple explorers that Spybot found had much to do with the nested path. It's possible, however. I haven't been able to find "this is a known issue" information for the path problem with that software, so I'm going to proceed carefully.

Go ahead and stop OTL, and hold off on aswMBR for now; I'd like to fix that path issue first, as it'll just make the aswMBR scan take too long as well.

The 'residue' I referred to in post 3 is what you noticed, being the McAfee folders (and other residue), etc. We'll get to those as we move along.

I recommend getting rid of your Uniblue PowerSuite/Uniblue SpeedUpMyPC software. While it looks good on the surface, it's difficult to make a machine to faster by adding more software. It's a bit like loading your pockets full of rocks in an attempt to run downhill more quickly. The choice is yours, however.

It looks like perhaps you program a bit? Can you tell me if you know what these files are? If not, we'll investigate them more thoroughly:

c:\users\Mattias\AppData\Roaming\GetValue.vbs
c:\users\Mattias\AppData\Roaming\SetValue.bat
c:\windows\system32\tmp.reg
c:\users\Mattias\.swt
c:\users\Mattias\update.bat

I see you have the newest Java run time environment, but an older (6.18) Java development kit. You might think about updating that, if there are no compatibility issues with doing so in the programs you use.

Regarding bittorrent, utorrent, limewire, and perhaps others I overlooked:

I see that you have peer to peer (P2P) programs installed that are used, among other things, to download software, movies and music illegally. Please understand that while these programs are not dangerous themselves, the content that they download is. The majority of the infections that we see these days originate from illegally acquired content. I would like to suggest the removal of these programs and would gladly assist you in this matter if you do decide to get rid of these programs. :)

Keep in mind that if you decide against removing these programs it is very likely that you will be infected again, and our joined effort and time will have been for nothing.




Ok, now on to fixing the path:

We need to know what the beginning of that path is. I see C:\Users\Mattias\.., but I need to know what the .. is. It could be AppData\Roaming, AppData\Local, etc. I would recommend using OTL to search for it, but we'd be back to square one with waiting forever for a scan. Are you comfortable clicking through and finding the start of that path? You'd have to confirm the nesting was there, because there's probably more than one Soluto folder on your machine under your user account. Some programs have 2 or 3, or even more, to separate out different functions.

The AppData folder is a hidden folder; to show hidden files and folders, go to your control panel, view by (upper right) Category, and click "Appearance and Personalization". In the "Folder Options" section, click "Show hidden files and folders", then in the window that appears, uncheck "Hide protected operating system files", and click the radio button for "Show hidden files, folders, and drives".

They may already be set like that, since OTL sets them as such as it begins its scans. If so, just leave them as is.

Let me know then what the beginning of that path is, and once we've confirmed what it is, I'll ask you to zip up and move that entire sub-folder (leaving the things that should be there) so we can get scans completed.
  • 0

#9
Durre

Durre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
A. Nested path

Okay, I stopped OTL after 10 hours of scanning and it probably could have been going on for much longer, since I've detected the path of the nested folders and went clicking through it. I tried finding it manually like you suggested, but it didn't seem to work. So I decided to just copy paste the entire path from the OTL scan into the Windows Search bar and it instantly brought me to the right spot. The following string is the furthest I've been able to go into the nested path ('ALLUSE~1' stands for 'All Users'):

C:\Users\ALLUSE~1\Soluto\Temp\shadow10\Users\ALLUSE~1\Soluto\Temp\shadow10\Users\ALLUSE~1\Soluto\Temp\shadow10\Users\ALLUSE~1\
Soluto\Temp\shadow10\Users\ALLUSE~1\Soluto\Temp\shadow10\Users\ALLUSE~1\Soluto\Temp\shadow10\Users\ALLUSE~1\Soluto\Temp\shadow10

As you can see the bit called '\Mattias\..\All Users\' from the previous post is apparently the same as '\All Users\'. It seems it doesn't go any further. I can click on the last 'shadow10' folder and then it gives me the option to click 'users' again, but when I click it, it doesn't open anything. There are some more folders in the last 'shadow10' and clicking them doesn't do anything either. Another thing is that the 'users' folder is called 'users' in the last 'shadow10', but in the previous 'shadow10' folders it's called after the word in my mother tongue. Besides that, there are always 'shadow1' till 'shadow27' folders in the 'Temp' folders, of which numbers 3 till 27 are all nested according to the same pattern. Numbers 1 and 2 generate these errors when I try to open them (translated from my mother tongue to English):

Title bar:
Location is not available
Text:
This path refers to a location which is not available. The location can be a hard drive on this computer or in its network. Please verify if the hard drive is in place or if there's connection to the network or the internet and try again. If all fails, the information has possible been removed or moved to another location.

Title bar:
Location is not available
Text:
This path is not available. Access denied

One last note about these nested paths, the 'Temp' folders not only contain 'shadow' folders but also '.stf' files.

B. P2P programs

About the McAfee residues and P2P programs: I've come across them in the nested path and some other folders by clicking my way into the wonderful world of Windows and its files. Quite some time ago I deleted most of the P2P programs on my machine. I think 2 were left (BitTorrent and Azureus), but not used ever since if I recall correctly. I removed BitTorrent a week ago as I came across it in my list of programs (I had actually forgotten it was still on my laptop), but I didn't delete Azureus as it has actually allowed me to do downloads for subjects of my studies . I'll instantly remove it after finishing this post to make sure the risk on new infections is as low as possible. However, I think almost all of these programs have left residues behind in folders like AppData and so might Azureus after deinstalling. So assistance in this matter of complete removal would be greatly appreciated!

C. Java

In regards to the Java subject: after the removal of Azureus I'll have a look at how to update the development kit. I don't know if it might raise incompatibility issues with some programs, but if so it should be possible to revert back to an older version, shouldn't it? Although, I think I got JDK installed to be able to use a program called BlueJ and since that's not the case anymore, incompatibility with that program wouldn't matter.

D. File report

I had a look at the files you mentioned. My studies involve programming indeed (in environments like MATLAB, LabView, BlueJ, Maple), but I can't really tell what exactly these files are. GetValue and SetValue sound Like Matlab file names, but they shouldn't be in that folder and they shouldn't have the extension .bat or .vbs. Their date of creation is 7th of March 2012, so the day before I started this topic and when I was scanning with Spybot, MABM, ... I googled tmp.reg and it seems it shouldn't be there either. Same date of creation as the previous files. The update.bat file seems to be a Windows-batchfile and date of creation is 27th of January this year. That's odd too because it's in the middle of my exam period in which laptop usage is minimal. Last but not least, .swt is a folder containing several subfolders and all in all just two files named swt-win32-3802.dll and swt-gdip-win32-3802.dll. Date of creation was 18th of February 2012. I don't quite know what to these files exaclty are, but I don't trust them. I noticed the update.bat and .swt folder before, but didn't know if they were legit or what to do about it.

E. PowerSuite software

Now finally about the PowerSuite software: I'd like to wait a bit with deinstalling as the Driver and SpeedUpMyPC software of the package actually seem to have improved some things and my license is still running. I unchecked a lot of measures taken by the SpeedUpMyPC, because I didn't know what they did exactly and left the ones checked of which I could understand what they would do. That seems to have helped, because those checked measures have improved the speed of browsing through Windows folder and files of which the loading has annoyed me for a long time now. I hope you don't mind too much me not wanting to get rid of it immediatelly. However, I won't use the Registry software anymore and I'm not planning on trying to improve performance with SpeedUpMyPc either. Basically the one thing I still'd like to use to its full potential is the Driver scanning part, as it can assist me to keep an eye on wether some drivers could be outdated or not. But for downloads I go to Dell.support.com to download them from there, so I'm sure I have to right ones for my machine. If for any reason it's required to remove the program to continue the removal of infections or cleaning up the machine, I will do so.


I hope some of this information might help you to decide what to do next. Sorry for the long reply, but I wanted to make sure you would know enough of the details. If this kind of details are not necessary, please let me know, because I don't want to waste your time with reading useless information.


Edited by Durre, 13 March 2012 - 06:26 PM.

  • 0

#10
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
Outline format! I like your organization. :)

I also appreciate your thought-out and detailed responses.

  • Tell me, do you have a folder called C:\Users\Public\ ?

    The All Users folder (shortened to ALLUSE~1 for 8.3 naming for DOS compatibility) is legacy XP naming, and isn't used in Vista / 7. It seems to me that your Soluto software might be out of date? Anyway, I'd consider reinstalling it if it is.

    In the meantime, can you tell me what folders you see in the C:\Users folder? I believe we can zip up the All Users folder and remove it, to make scanning actually work properly. It might mess with the Soluto software, but it really should be pointing to C:\Public instead, and really shouldn't be using the path it is regardless of version.
  • I'll certainly help in removing P2P software residue. In the course of our other scanning/cleaning, I'll include those. You still have a BitTorrent toolbar installed. You should be able to uninstall that in Programs and Features, as normal, to get started.
  • You can revert to a previous version if there are compatibility issues, yes. Oracle does keep previous SDK installers I believe. You may wish to make sure you have your current version's installer (Java™ SE Development Kit 6 Update 18) handy before you attempt an upgrade, just in case.
  • The .swt folder is apparently connected to the "Standard Widget Toolkit". I don't know what software you're using that may use it, but I think that one is safe. If you wanted to know what was using it, you could look at the install date on your Programs and Features list to (hopefully) determine which it is.

    As for the others, you should be able to open .bat or .vbs with notepad.exe or another text editor, and perhaps determine what they are. Please also zip all of them up and attach them in your next response. I can help you with this if you aren't sure how to do it.
  • That's fine. I just wanted to put my recommendation out there. :)

    As for driver updating, there's an adage to keep in mind: If it's not broken, don't try to fix it. Still, I understand why you might wish to have the latest drivers in many cases. It's just something to consider.

    There should be no reason why you'd have to remove that software in the course of this topic.

After you deal with the folder issues in section A, please try an OTL scan again, per the instructions I gave earlier.

So, please include those .vbs, .reg and .bat files, zipped together, as an attachment in your next reply. Also, please zip up and remove that C:\Users\All Users folder; since you'll have it zipped, it will be replaceable if necessary. If you like, I can use OTL to do this instead. I'll leave that up to you, depending on your comfort level with carrying out this instruction. Also, please include OTL.txt from the fresh scan if it will run properly. Don't let the scan go over an hour this time.
  • 0

Advertisements


#11
Durre

Durre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Why thank you! Posted Image


A.

I do have a folder named 'Public'. I'm a bit confused about the Soluto software, since I removed, downloaded and installed it again 2 weeks ago. Either I must have accidentally downloaded the wrong version (?) or it must have been corrupted by some of the start-up issues I was having. I can't really think of any other reason. I looked at the properties of the soluto.exe application and some other of its files and it says their date of creation is the 25th of January 2012. I'm not sure if that means it must be the most recent version? Like you said, it might be best to reinstall, so should I do that right away? Or after the OTL scan?

In the Users folder I see the following folders when having 'show hidden files' checked:
Administrator, All Users, Default, Default User, Public, Mattias and a file named desktop.ini

I've never really zipped entire folders (just seperate files), but when I right click the All Users folder I get the option to zip it (for example to a .rar file), so I guess I could do it that way. Or I could use the Zip Wizard from Winzip? I'm not sure what you mean by removing after zipping: do you mean delete it into the trash can (and delete it there too?) or put it somewhere else?


B.

I honestly thought that toolbar had been removed. I noticed it in my Hijack log two weeks ago and tried to get rid of it by fixing it with Hijack this. But apparently it failed? I can't find any reference to it in Programs and Features. Hijack this hasn't shown any references to it in its logs ever since either.


C.

I already upgraded and the one problem that occured was that I was unable to run the only game I occasionally play, Minecraft. It gave me an error as in 'could not create the Java Virtual Machine.' I temporary solved it following a post about how to solve it with Notepad.exe (creating a Minecraft.bat file). But just now I noticed that by installing JDK, it also installed Java ™ 7 Update 3 and Java ™ 6 Update 18 is still there. I just now removed the Java ™ 6 Update 18 and after this post I'm going to reboot to see if that could have been the origin of the error. I'm a bit surprised because Java ™ Update 16 only dated back from the 5th of March (I completely reinstalled Java back then to make sure it would work fine) and I have scheduled updates for it, so I don't know why it didn't update to Java ™ 7 Update 3.


D.

I went through the list and the only program close to the creation date of the .swt folder (1 day later) is Microsoft Silverlight. The update.bat file contains the following text: @echo off "C:\\Users\\Mattias\\Maple1501WindowsUpgrade.exe" LAX_VM "C:\Program Files\Maple 15\jre\bin\java.exe" > nul 2> nul. It references to Maple (a maths program used for both programming and calculating, I still use that nowadays). I'm not sure what the text in the GetValue.vbv and SetValue.bat files means, but they seem to be related to each other and Windows.


E.

I understand your point. I didn't start updating them on my own behalf though, I started doing it on external advice from others and Dell as I used to have problems to connect to the Internet, both via cable and wireless. Those are long gone, but I kept doing the driver updates, because I thought it might be the best. I think I'll just stick to the drivers I have now, except if Dell puts an important update specifically for my machine for important components on their site. I think that could be a good balance between updating and not updating?

I'll try to zip up the All Users folder after posting, but will wait to run OTL after I know if I should place it somewhere else or just completely remove it. The requested files should be attached in a zip-file.

Attached Files


Edited by Durre, 14 March 2012 - 11:25 AM.

  • 0

#12
Durre

Durre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Quick note: I've been trying to zip the entire All Users folder, but Winzip gives an error trying to do so. Winrar is zipping right now, however its diagnostic messages window says it has already encountered 5656 errors, of which all of them seem to be 'not able to read this or that file'-errors. It's only searching for the files right now and it's close to one million files (progress 0%).
  • 0

#13
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
  • All Users in the Users folder is a shortcut (more or less) to C:\ProgramData. Removing the link would be a bad idea, but uninstalling Soluto, removing its ProgramData folder C:\ProgramData\Soluto, and reinstalling the software might be just what the doctor ordered in this case.

    I'll admit that I'm guessing here, as this obviously isn't normal program behavior. I think it's worth a try though.

    If you downloaded Soluto directly from Soluto.com, you probably do have the latest version. I would recommend downloading a fresh installation anyway though, just to be on the safe side.
  • This is what I noticed, which is an entry from your global installed software list:
    "BittorrentBar_NL Toolbar" = BittorrentBar_NL Toolbar
    If you can't locate it, don't worry too much about it. We'll deal with it later if necessary.
  • It's odd that it updated to v7. I was under the impression that it was still in beta, but I was wrong. Just goes to show how quickly things can change! Either way, if it updated fine and your software still works, I'd say go with it. The current v6 Java release version is 6 update 31.
  • Ok, your synopsis of update.bat is sufficient. I agree, it's related to Maple, and should stay. I don't believe Silverlight uses .swt folders, but I also don't believe the files are bad. I'll keep my eyes open though. Leave them be, for now.

    The GetValue and SetValue scripts may or may not be good. I'll know more after the custom OTL scan. I've adjusted it to include checking for something that may be related. The tmp.reg file can be removed. I'll do that with OTL later, so we have a back up of the file.
  • I agree that Dell's high priority updates should be done, and that is a good balance between being up to date, and updating things that don't necessarily need it. The choice to stay completely up to date with drivers is yours, but be aware that you could make your system unusable (but still fixable!) in some rare cases by doing this. That's the main reason why I recommended not using automatic driver update utilities.


I would like you to:
  • Uninstall Soluto using the Programs and Features uninstall.
  • Zip (or rar, or whatever suits you) the C:\ProgramData\Soluto folder, and store it for safe keeping, in case it's needed later.
  • Delete (drag to trash if you like) the C:\ProgramData\Soluto folder.
  • Please do not empty your trash folder until we get that first custom OTL scan completed.
  • Perform the OTL custom scan as I previously instructed, except please use the following custom scan instead of the one I gave you earlier. Stop the scan and let me know if it goes over an hour.
    netsvcs
    drives
    %SYSTEMDRIVE%\*.exe
    %appdata%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %ProgramFiles%\Common Files\ComObjects\*.* /s
    %ProgramFiles%(x86)\Common Files\ComObjects\*.* /s
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    volsnap.*
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

After we've completed a good OTL custom scan, you can reinstall Soluto if you wish.

Hopefully you are able to respond with a new OTL.txt log, and we can move forward. :)
  • 0

#14
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
I think you can safely remove the C:\ProgramData\Soluto folder after uninstalling Soluto, as discussed in my last post.

A million files just confirms my suspicion that the nesting goes on a lot further than we originally thought. Don't worry about backing it up, but do remove Soluto with a regular uninstall before deleting that folder.
  • 0

#15
Durre

Durre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Moving on!

I did as you asked and uninstalled Soluto. It wouldn't work on the first try, but it did the second time after rebooting. I then went to take a look in the 'All Users\Soluto' folder and the nested folders had apparently disappeared. There was no 'Temp' folder and trying to copy paste the long nested path resulted in an error saying it didn't exist (anymore). Next, I zipped 'ProgramData\Soluto' (using Winzip) to my desktop and then stored the zip-file on my USB-stick. I used cut to put it on my USB, so the zip-file isn't on my laptop anymore. Finally, I removed 'ProgramData\Soluto' (about 40 Megabytes). I took another look in the 'All Users' folder and the Soluto folder was gone there as well (I find it interesting to see how ProgramData and All Users is related). I'll probably not reinstall Soluto for now. I'd rather wait till some scans have been performed.

So, I'm happy I don't have to disappoint you by not responding with a fresh OTL log, we can move on! Posted Image
The scan only took about 20 to 25 minutes! The OTL log is at the end of the post, the Extras log will be in the next post.


P.S. I made a mistake 2 posts ago as you noticed, I meant Java ™ 6 Update 31. I think I got the numbers of Java and JDK mixed up.


OTL LOG


OTL logfile created on: 14/03/2012 20:18:36 - Run 2
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Mattias\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,49 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 59,76% Memory free
6,37 Gb Paging File | 5,06 Gb Available in Paging File | 79,30% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230,67 Gb Total Space | 91,31 Gb Free Space | 39,59% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 0,79 Gb Free Space | 39,34% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 7,42 Gb Free Space | 99,50% Space Free | Partition Type: FAT32

Computer Name: DURRE | User Name: Mattias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/13 11:29:03 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Mattias\Desktop\OTL.exe
PRC - [2012/03/13 10:55:25 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/13 10:55:20 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/12/18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011/11/03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 15:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/01/04 16:48:12 | 000,488,816 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/11/09 05:55:18 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2010/07/06 21:59:22 | 000,054,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2010/05/30 22:17:06 | 000,054,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/04/05 07:56:06 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/03/25 19:38:26 | 000,983,040 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/13 10:55:20 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2010/06/29 09:31:12 | 000,652,800 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2009/08/16 16:06:04 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/12/22 13:13:54 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2008/03/25 19:38:26 | 000,066,048 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\xmltok.dll
MOD - [2008/03/25 19:38:26 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\xmlparse.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/13 10:55:25 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/11/03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/12 00:35:12 | 000,056,040 | ---- | M] (Xobni Corporation) [Auto | Stopped] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2010/07/19 16:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/07/19 16:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/04/05 07:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\stacsv.exe -- (STacSV)
SRV - [2010/04/05 07:54:56 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\AEstSrv.exe -- (AESTFilters)
SRV - [2009/04/22 09:05:34 | 001,703,936 | ---- | M] (Wave Systems Corp.) [Disabled | Stopped] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/04/10 11:08:00 | 000,077,824 | ---- | M] (Smith Micro Software, Inc.) [Auto | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009/04/09 12:58:16 | 000,447,264 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/02/11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/22 09:19:20 | 000,808,296 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2009/01/22 09:19:20 | 000,020,840 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008/12/29 10:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/12/12 08:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [Disabled | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/12 12:25:48 | 001,273,856 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/06/09 22:06:30 | 000,036,864 | ---- | M] (How2 Studios) [Auto | Stopped] -- C:\Program Files\ISP Monitor\ISPMonitorSrv.exe -- (ISPMonitorSrv)
SRV - [2008/06/03 14:16:30 | 000,382,232 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe -- (alssvc)
SRV - [2008/01/21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/19 04:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NvtSp50)
DRV - File not found [File_System | Boot | Stopped] -- -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012/03/05 13:25:56 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2012/03/05 12:53:32 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/03 15:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/29 22:14:53 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/05/07 17:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2011/03/23 15:05:24 | 000,223,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2011/01/05 19:42:14 | 000,284,792 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/11/19 10:44:48 | 009,936,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/14 03:34:16 | 006,680,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32) ___ Intel®
DRV - [2010/04/05 07:56:08 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/09/25 20:19:35 | 000,023,680 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH.SYS -- (FNETTBOH)
DRV - [2009/09/25 20:19:35 | 000,007,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/04/22 13:16:00 | 000,205,624 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/04/16 03:58:22 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/04/11 05:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2009/04/03 13:25:52 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/04/03 13:25:50 | 000,045,056 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/03 13:25:42 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/04/03 13:25:40 | 000,048,640 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/04/03 13:25:40 | 000,045,056 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/03/08 16:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 06:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/09/25 06:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/09/16 10:41:20 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\heci.sys -- (HECI) Intel®
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/01/21 03:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Stuurprogramma voor Intel®
DRV - [2007/04/19 04:28:12 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2007/04/04 08:53:32 | 000,039,424 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DUBE100B.sys -- (DUBE100B)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {2d8d9acc-f6d7-4362-8876-a275ca929591} - No CLSID value found
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{15098183-B1D3-40BA-BE3F-92508E338118}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2849859


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2819909428-556207271-747428731-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2819909428-556207271-747428731-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2819909428-556207271-747428731-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2819909428-556207271-747428731-1000\..\SearchScopes\{15098183-B1D3-40BA-BE3F-92508E338118}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2819909428-556207271-747428731-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...CC-863238CDD529
IE - HKU\S-1-5-21-2819909428-556207271-747428731-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-03-07 13:33:11&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2819909428-556207271-747428731-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2849859
IE - HKU\S-1-5-21-2819909428-556207271-747428731-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2819909428-556207271-747428731-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_NL Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {D2A6A719-7CBC-4594-85FD-C36AD881424F}:4.5.22
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {2d8d9acc-f6d7-4362-8876-a275ca929591}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Mattias\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mattias\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mattias\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/22 20:45:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 22:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/03/06 00:27:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/09 21:02:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/13 10:55:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/05 22:43:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/14 01:28:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/22 20:45:48 | 000,000,000 | ---D | M]

[2009/09/21 10:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mattias\AppData\Roaming\mozilla\Extensions
[2009/09/21 10:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mattias\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/03/06 03:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions
[2010/05/03 18:21:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/05 23:33:27 | 000,000,000 | ---D | M] (BittorrentBar_NL Community Toolbar) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}
[2012/03/05 22:45:04 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/03/14 01:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/10/05 17:48:49 | 000,002,392 | ---- | M] () -- C:\Users\Mattias\AppData\Roaming\Mozilla\Firefox\Profiles\e6lw46f2.default\searchplugins\askcom.xml
[2011/01/04 19:28:24 | 000,000,935 | ---- | M] () -- C:\Users\Mattias\AppData\Roaming\Mozilla\Firefox\Profiles\e6lw46f2.default\searchplugins\conduit.xml
[2012/03/07 01:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/06 00:27:33 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MATTIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E6LW46F2.DEFAULT\EXTENSIONS\{582195F5-92E7-40A0-A127-DB71295901D7}.XPI
() (No name found) -- C:\USERS\MATTIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E6LW46F2.DEFAULT\EXTENSIONS\[email protected]
[2012/02/16 16:12:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2008/01/08 01:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2012/03/13 10:55:18 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 11:53:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 11:58:11 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/02/16 11:58:11 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/02/16 11:58:11 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - Extension: YouTube = C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AVG Safe Search = C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/08 00:37:57 | 000,440,678 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15173 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-2819909428-556207271-747428731-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2819909428-556207271-747428731-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-2819909428-556207271-747428731-1000\..\Toolbar\WebBrowser: (no name) - {F6BD6330-76F8-44D9-B775-87614E2D8374} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe (Genie-soft)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-2819909428-556207271-747428731-1000..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe (Genie-soft)
O4 - HKU\S-1-5-21-2819909428-556207271-747428731-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2819909428-556207271-747428731-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2819909428-556207271-747428731-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2819909428-556207271-747428731-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-21-2819909428-556207271-747428731-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - Reg Error: Value error. File not found
O8 - Extra context menu item: &Download with FlashGet - Reg Error: Value error. File not found
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Instellingen voor Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.58.126.3 134.58.127.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B533727C-CE2D-425B-A8FC-42DD86D75ED3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC7BD8BB-6558-46B4-948E-5D82E620B611}: DhcpNameServer = 134.58.126.3 134.58.127.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Mattias\Pictures\Q.O.P\Scrabble love.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mattias\Pictures\Q.O.P\Scrabble love.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/14 12:23:54 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2012/03/14 12:23:53 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2012/03/14 12:21:13 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/03/14 02:33:45 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/14 02:33:40 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/14 02:33:40 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 02:33:40 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/14 02:33:40 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/14 02:33:40 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/14 02:33:30 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/14 01:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/03/14 01:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/14 01:28:31 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/03/14 01:28:29 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/03/14 01:28:29 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/03/14 01:28:29 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/03/13 11:29:01 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Mattias\Desktop\OTL.exe
[2012/03/08 13:53:20 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\NOK
[2012/03/08 13:53:14 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\OK
[2012/03/08 12:43:46 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\Logs
[2012/03/08 02:30:41 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\RootkitBuster_2.80.1077
[2012/03/08 00:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/08 00:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/08 00:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/03/07 15:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/03/07 15:38:38 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\SystemRequirementsLab
[2012/03/07 14:01:44 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\Uniblue Power Suite 2011
[2012/03/07 13:34:22 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\3v
[2012/03/07 13:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RadarSync
[2012/03/07 13:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/03/07 13:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/03/07 13:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/03/07 12:52:05 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/07 12:43:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/07 03:25:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/07 01:22:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\SmitfraudFix
[2012/03/06 23:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012/03/06 23:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2012/03/06 23:13:35 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/03/06 13:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/03/06 13:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012/03/06 13:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/03/06 12:09:20 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/03/06 04:31:49 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/06 04:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/06 04:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/06 04:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/06 04:20:48 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\f-secure
[2012/03/06 04:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/03/06 03:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/06 03:33:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/06 03:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/06 00:28:04 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\AVG2012
[2012/03/06 00:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/03/06 00:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/03/06 00:25:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/03/06 00:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/03/06 00:12:28 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{9AA674DA-C66B-4514-9C14-FBBAF77AD15E}
[2012/03/06 00:12:15 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{57B55C14-9623-4595-814D-230F64AB6B89}
[2012/03/05 23:53:28 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Documents\ForceField Shared Files
[2012/03/05 23:53:26 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\CheckPoint
[2012/03/05 23:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/03/05 23:50:59 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/03/05 22:58:48 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/03/05 22:52:55 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/05 20:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/03/05 20:41:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/03/05 20:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/03/05 15:11:00 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\.minecraft
[2012/03/05 13:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/03/05 13:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/03/05 13:30:27 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/03/05 13:30:22 | 000,914,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/03/05 13:30:22 | 000,875,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2012/03/05 13:30:20 | 017,193,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/03/05 13:25:56 | 000,046,592 | ---- | C] (REDC) -- C:\Windows\System32\drivers\risdptsk.sys
[2012/03/05 12:53:32 | 000,046,592 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2012/03/05 12:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/03/05 12:00:30 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{84349503-FA63-4DDF-921D-ED7B7C06AB6C}
[2012/03/05 12:00:07 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{4D0AE794-E9AC-4E38-A684-B6B8319B4160}
[2012/03/04 14:53:47 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\Uniblue
[2012/03/04 14:53:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/03/04 14:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/03/04 14:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/03/04 14:51:33 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\PackageAware
[2012/03/04 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{A3D233B2-FBD0-4A3A-9DAA-75648BE10FD4}
[2012/03/04 10:00:51 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{259405A5-6200-4BED-A31A-C210E20B6D7C}
[2012/03/03 12:44:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{29B82725-11E5-445D-B393-8BFC115EA6BE}
[2012/03/03 12:43:55 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{DC9A96F1-2719-46D8-986F-E8DB552DAEF9}
[2012/03/02 17:14:49 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{76E158CE-4CAF-4D8D-A405-C9CC4685E3D1}
[2012/03/02 17:14:35 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2608C4D7-2F80-40FC-934D-1A3519A08637}
[2012/03/02 15:25:42 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{3B391CC6-19F2-4977-9E4E-C1B2BF3B1242}
[2012/03/01 19:30:47 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{4448BE9E-0111-4C1D-BA47-27F90C7B6DA8}
[2012/03/01 19:30:24 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{EFC818F4-12B0-48EB-B9B0-A93B506DB65C}
[2012/03/01 14:07:10 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{7DF2E479-5B6E-4E63-B471-4088D5FD9F0A}
[2012/02/29 23:47:10 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Documents\MCEdit-schematics
[2012/02/29 23:47:09 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\pymclevel
[2012/02/29 23:46:51 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MCEdit
[2012/02/29 23:46:35 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\MCEdit
[2012/02/29 14:41:51 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{6D620C16-74A3-4F78-A275-3F832DEEFA91}
[2012/02/29 14:41:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{9A804AAD-76F0-4C63-8377-DECD77180B1E}
[2012/02/29 14:34:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{417E04D2-4135-48AC-8BDE-348CFC64E8F0}
[2012/02/28 21:34:14 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{F2E17226-C45A-45DE-B663-39820A61DA75}
[2012/02/28 12:27:00 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{219B2868-4912-4AC9-8C91-54F8F4A67C7D}
[2012/02/27 12:43:19 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2CC2DDC7-4C37-47E9-9D70-79F52578CFF8}
[2012/02/26 10:31:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{AD9A7B41-50DF-4C30-883C-9A83DE462183}
[2012/02/26 10:30:54 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2163BAC3-5AAD-4ABD-A0A0-6A12EFA2893C}
[2012/02/25 14:40:57 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{8F100642-8A28-4133-8847-B915756660DF}
[2012/02/25 14:40:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{09C79F6E-D106-4B5F-B964-A0F30114B3FD}
[2012/02/25 11:51:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{51E57A87-1594-4F15-9FD4-31E96C793FA3}
[2012/02/25 11:50:57 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{ADFC392E-FE18-48F7-A7D5-9A0BFCDFA69B}
[2012/02/24 21:38:07 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{875657E5-57E6-45DA-AB67-26AAB4136A2B}
[2012/02/24 21:37:55 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{44F15145-04CE-4B34-AE5C-AFA1032B1F70}
[2012/02/24 18:17:53 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{B761084C-C17A-4846-BEFE-DED46E21D005}
[2012/02/24 13:20:49 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{1E423208-FE10-4BB9-8A3E-89290CDF2C72}
[2012/02/24 12:27:42 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{BAA9D580-2D1A-4CC1-A7CA-944696F5C1B4}
[2012/02/23 13:17:08 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{495D38E6-8003-40E1-8158-89B8C75226D8}
[2012/02/23 13:16:58 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{90DBE53F-0F19-46AB-99CA-AA0D4A5439B6}
[2012/02/23 12:05:28 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{BEB7DE08-D57D-454E-8C47-B638071E8914}
[2012/02/22 16:40:31 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2EBC9284-E0FF-4928-99C5-672DEDC0CEE9}
[2012/02/22 12:15:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{935E2295-FB5B-4044-A8ED-7B46D595A46C}
[2012/02/21 22:39:50 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{30DD94D1-72C2-45CC-9119-1F1A6A79E707}
[2012/02/21 16:31:08 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{F6A6F7D6-0A2A-4072-81F2-B3F5B04E898E}
[2012/02/21 07:45:27 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{ADFB157B-B5D0-4F2D-BD23-857F0FB6D4B5}
[2012/02/21 07:36:32 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{771D5FF4-3027-4896-99CD-3EA69988D629}
[2012/02/20 19:09:52 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{36C5B681-7EE0-4B8F-B03C-1385F6FAD143}
[2012/02/20 11:29:07 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{EA4B0C15-950B-4262-8B7E-A364CB37A072}
[2012/02/19 10:17:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{1313607D-608D-4350-9C73-9E4B29561E98}
[2012/02/19 10:17:02 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{023BE0FA-D99E-4C2D-9A44-3C5920655B97}
[2012/02/18 22:38:01 | 000,000,000 | ---D | C] -- C:\Users\Mattias\.swt
[2012/02/18 11:36:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{DBA25761-8847-4DB9-89BA-95D74C6F546B}
[2012/02/18 11:36:09 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{33A7DBC8-853B-4205-953C-E822132DA7E5}
[2012/02/17 20:35:02 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{C1FE67A1-161E-41D9-AC15-4399666E0198}
[2012/02/17 15:35:12 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{D3AA29D1-311E-4990-BB1D-25D9A07DFB28}
[2012/02/17 09:51:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{18AD1CE6-DD4D-4F53-B073-B8EB2FB1F04D}
[2012/02/16 20:36:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 20:36:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 20:36:43 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/16 20:36:43 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/02/16 20:36:43 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/16 20:36:42 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/16 20:36:42 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/16 20:36:42 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 20:36:42 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/16 20:36:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/16 20:36:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/16 20:36:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/16 20:36:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/16 20:36:39 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/16 20:36:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/16 20:36:38 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 20:36:38 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/16 20:36:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/16 17:09:36 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{FF97EE7A-9514-494B-915A-FFF7B2337DAF}
[2012/02/16 17:09:22 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{6324BDD3-5746-422F-9B85-A25087C8DAB4}
[2012/02/16 09:54:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{C6EEED01-AFCB-4CBE-82CC-3960666A2BAF}
[2012/02/15 10:39:55 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{0EB52F94-4995-4C23-81A3-A048E03A9491}
[2012/02/15 10:04:34 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{AA70B19D-74B3-477A-A3FF-11C0B295E30C}
[2012/02/15 10:04:09 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{D7943DE8-21B9-46E6-9FCE-2B735FE089CF}
[2012/02/15 09:56:48 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{DE03CB09-06D2-4BDC-B6B2-76014FCA696A}
[2012/02/15 09:39:50 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{695A94BA-F83D-4C76-BC58-BB560E4513B9}
[2012/02/15 09:21:45 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{47E8E653-8B5D-4209-B5F9-C9225BCCAA66}
[2012/02/14 23:32:28 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2120352B-53B7-40C4-93F9-5A018724DFE5}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/14 20:12:17 | 000,718,982 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2012/03/14 20:12:17 | 000,632,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/14 20:12:17 | 000,149,064 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2012/03/14 20:12:17 | 000,118,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/14 20:02:02 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000UA.job
[2012/03/14 19:58:42 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/14 19:37:01 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/14 19:34:00 | 000,032,069 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/03/14 19:33:36 | 000,032,069 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/03/14 19:32:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 19:32:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 19:31:09 | 000,439,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/14 19:30:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/14 19:28:23 | 3745,411,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/14 19:26:28 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/14 18:50:01 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0E026961-7E77-443B-A740-1A5D423ED0D8}.job
[2012/03/14 18:15:55 | 000,001,578 | ---- | M] () -- C:\Users\Mattias\Desktop\RequestedFiles.zip
[2012/03/14 16:55:55 | 000,239,666 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/14 16:51:30 | 000,002,946 | ---- | M] () -- C:\Users\Mattias\Documents\mcedit.ini
[2012/03/14 13:15:08 | 091,761,561 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/14 12:46:46 | 000,000,075 | ---- | M] () -- C:\Users\Mattias\Desktop\Minecraft.bat
[2012/03/14 01:27:45 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/03/14 01:27:45 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/03/14 01:27:44 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/03/13 23:02:01 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000Core.job
[2012/03/13 22:26:16 | 000,000,035 | ---- | M] () -- C:\Users\Mattias\AppData\Roaming\SetValue.bat
[2012/03/13 11:29:03 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Mattias\Desktop\OTL.exe
[2012/03/13 03:58:20 | 000,622,429 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/03/13 03:03:13 | 000,002,022 | ---- | M] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/13 03:03:12 | 000,002,060 | ---- | M] () -- C:\Users\Mattias\Desktop\Google Chrome.lnk
[2012/03/08 02:19:19 | 001,008,141 | ---- | M] () -- C:\Users\Mattias\Desktop\rkill.exe
[2012/03/08 00:37:57 | 000,440,678 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/08 00:16:48 | 000,001,063 | ---- | M] () -- C:\Users\Mattias\Desktop\Spybot - Search & Destroy.lnk
[2012/03/08 00:08:53 | 000,002,521 | ---- | M] () -- C:\Users\Mattias\Desktop\HiJackThis.lnk
[2012/03/07 17:07:29 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/03/07 17:05:32 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.0.lnk
[2012/03/07 16:24:33 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/03/07 16:04:21 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/03/07 14:58:14 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\PowerSuite.lnk
[2012/03/07 12:58:46 | 463,905,923 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/07 04:47:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120308-003757.backup
[2012/03/07 01:34:14 | 000,000,691 | ---- | M] () -- C:\Users\Mattias\AppData\Roaming\GetValue.vbs
[2012/03/07 01:34:13 | 000,002,394 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2012/03/06 23:36:40 | 000,415,859 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/03/06 15:53:34 | 001,872,472 | ---- | M] () -- C:\Users\Mattias\Desktop\SmitfraudFix.exe
[2012/03/06 04:28:13 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/06 03:33:52 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 01:54:48 | 000,001,356 | ---- | M] () -- C:\Users\Mattias\AppData\Local\d3d9caps.dat
[2012/03/06 00:27:34 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/03/05 22:52:55 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/05 22:43:58 | 000,000,878 | ---- | M] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/05 22:43:58 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/05 19:09:17 | 000,002,716 | ---- | M] () -- C:\Windows\System32\.rsp
[2012/03/05 19:09:17 | 000,001,479 | ---- | M] () -- C:\Windows\System32\.lck
[2012/03/05 14:05:46 | 000,004,358 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012/03/05 13:30:27 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/03/05 13:30:22 | 000,914,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/03/05 13:30:22 | 000,875,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2012/03/05 13:30:20 | 017,193,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/03/05 13:25:56 | 000,046,592 | ---- | M] (REDC) -- C:\Windows\System32\drivers\risdptsk.sys
[2012/03/05 12:53:32 | 000,046,592 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2012/03/04 14:53:39 | 000,001,583 | ---- | M] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2012/02/26 14:39:06 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/02/26 14:39:06 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/02/17 15:41:15 | 000,000,134 | ---- | M] () -- C:\Users\Mattias\Desktop\Netwerkcentrum - Snelkoppeling.lnk
[2012/02/14 16:45:30 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/02/14 16:45:30 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/14 18:15:55 | 000,001,578 | ---- | C] () -- C:\Users\Mattias\Desktop\RequestedFiles.zip
[2012/03/14 16:55:54 | 000,239,666 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/14 13:15:08 | 091,761,561 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/14 12:46:46 | 000,000,075 | ---- | C] () -- C:\Users\Mattias\Desktop\Minecraft.bat
[2012/03/13 03:58:20 | 000,622,429 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/03/08 02:19:15 | 001,008,141 | ---- | C] () -- C:\Users\Mattias\Desktop\rkill.exe
[2012/03/08 00:16:48 | 000,001,063 | ---- | C] () -- C:\Users\Mattias\Desktop\Spybot - Search & Destroy.lnk
[2012/03/07 16:04:21 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/03/07 14:58:14 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\PowerSuite.lnk
[2012/03/07 03:13:58 | 000,000,428 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{0E026961-7E77-443B-A740-1A5D423ED0D8}.job
[2012/03/07 01:44:11 | 3745,411,072 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/07 01:34:14 | 000,000,691 | ---- | C] () -- C:\Users\Mattias\AppData\Roaming\GetValue.vbs
[2012/03/07 01:34:14 | 000,000,035 | ---- | C] () -- C:\Users\Mattias\AppData\Roaming\SetValue.bat
[2012/03/07 01:25:07 | 000,002,394 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2012/03/06 23:30:42 | 000,415,859 | ---- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/03/06 23:13:35 | 000,002,521 | ---- | C] () -- C:\Users\Mattias\Desktop\HiJackThis.lnk
[2012/03/06 15:53:21 | 001,872,472 | ---- | C] () -- C:\Users\Mattias\Desktop\SmitfraudFix.exe
[2012/03/06 04:28:13 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/06 03:33:52 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 00:27:34 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/03/05 22:58:50 | 000,002,060 | ---- | C] () -- C:\Users\Mattias\Desktop\Google Chrome.lnk
[2012/03/05 22:58:50 | 000,002,022 | ---- | C] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/05 22:57:56 | 000,001,074 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000UA.job
[2012/03/05 22:57:54 | 000,001,022 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000Core.job
[2012/03/05 22:43:58 | 000,000,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/05 21:14:21 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/05 15:08:51 | 000,270,142 | ---- | C] () -- C:\Users\Mattias\Desktop\Minecraft.exe
[2012/03/05 13:30:23 | 000,004,358 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/03/04 14:53:39 | 000,001,583 | ---- | C] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2012/02/29 23:46:51 | 000,002,946 | ---- | C] () -- C:\Users\Mattias\Documents\mcedit.ini
[2012/02/17 15:41:15 | 000,000,134 | ---- | C] () -- C:\Users\Mattias\Desktop\Netwerkcentrum - Snelkoppeling.lnk
[2012/01/25 16:23:42 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2012/01/25 16:23:42 | 000,031,744 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2012/01/25 16:23:42 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2011/12/25 23:28:51 | 000,000,000 | ---- | C] () -- C:\Windows\PCFriend.INI
[2011/10/06 21:23:41 | 000,032,069 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/10/06 21:23:21 | 000,032,069 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/10/06 21:21:58 | 001,657,448 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2011/10/06 21:21:58 | 001,612,392 | ---- | C] () -- C:\Windows\System32\nView.dll
[2011/10/06 21:21:58 | 001,108,584 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2011/10/06 21:21:58 | 000,449,128 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2011/10/06 21:21:58 | 000,267,368 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe
[2011/10/06 21:21:58 | 000,262,248 | ---- | C] () -- C:\Windows\System32\nViewSetup.exe
[2011/10/06 21:21:57 | 001,731,176 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2011/10/06 21:21:57 | 000,473,704 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2011/10/06 20:24:48 | 000,000,000 | ---- | C] () -- C:\Users\Mattias\AppData\Local\{C44EA8F1-26C3-4500-A660-B86F610B5AA2}
[2011/10/06 18:37:26 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2011/10/03 10:43:33 | 000,000,000 | ---- | C] () -- C:\Users\Mattias\AppData\Local\{215171B1-D18C-4DFF-813C-5A92EF77FF63}
[2011/09/29 19:00:24 | 000,000,022 | -HS- | C] () -- C:\Users\Mattias\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/06/30 15:57:18 | 000,177,597 | ---- | C] () -- C:\Windows\hpoins28.dat
[2011/05/27 22:55:53 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/05/02 13:38:27 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/04/26 12:33:42 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/26 12:33:42 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/11/15 20:27:45 | 000,054,694 | ---- | C] () -- C:\Windows\System32\pthreadGC.dll
[2010/10/27 23:46:02 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/10/27 22:47:13 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/06/23 20:03:00 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat

========== LOP Check ==========

[2012/03/05 15:16:14 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\.minecraft
[2011/04/24 20:21:51 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\.Nitrous
[2012/03/07 13:34:22 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\3v
[2011/07/25 10:37:00 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\acccore
[2011/05/28 09:41:57 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Audacity
[2012/03/06 00:28:04 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\AVG2012
[2012/03/14 00:15:38 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Azureus
[2012/03/07 13:39:18 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\BitTorrent
[2009/08/31 15:24:40 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Broadcom
[2012/03/05 23:53:26 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\CheckPoint
[2010/10/10 18:23:52 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\DNA
[2009/09/29 17:40:30 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\DriverCure
[2012/03/06 04:20:48 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\f-secure
[2009/09/05 09:47:06 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\FlashGet
[2009/09/25 20:21:51 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Genie-Soft
[2011/08/11 10:06:15 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\GetRightToGo
[2010/02/01 18:42:18 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\gtk-2.0
[2010/01/29 18:59:43 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Inkscape
[2010/10/17 20:31:22 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\ISP Monitor
[2009/11/10 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\iTelevision
[2012/01/25 17:03:55 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Maple
[2011/04/24 10:47:35 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Minecraft Backup Tool
[2011/11/19 18:22:57 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\pdf995
[2012/02/29 23:47:09 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\pymclevel
[2011/03/02 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Raptr
[2009/09/29 18:06:37 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\SoundSpectrum
[2012/02/15 10:40:39 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Spotify
[2012/03/07 15:38:47 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\SystemRequirementsLab
[2011/07/25 08:57:31 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Trillian
[2010/12/23 17:26:39 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\TuneUpMedia
[2012/03/07 14:58:35 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Uniblue
[2010/02/12 23:30:44 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Unigraphics Solutions
[2011/08/09 15:03:09 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Unity
[2012/03/07 13:38:55 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\uTorrent
[2009/08/31 15:25:03 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Wave Systems Corp
[2010/11/23 23:38:26 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Windows Live Writer
[2012/03/14 19:26:29 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/14 18:50:01 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0E026961-7E77-443B-A740-1A5D423ED0D8}.job

========== Purity Check ==========



========== Custom Scans ==========



========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: ST9250320AS
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: IDE
Media Type:
Model: Ricoh SD/MMC Disk Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: Sony Storage Media USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0,00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 2,00GB
Starting Offset: 230686720
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 231,00GB
Starting Offset: 2378170368
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 7,00GB
Starting Offset: 9216
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %appdata%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %ProgramFiles%\Common Files\ComObjects\*.* /s >

< %ProgramFiles%(x86)\Common Files\ComObjects\*.* /s >


< MD5 for: EXPLORER.EXE >
[2009/04/29 22:47:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/29 22:47:00 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/29 22:47:00 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/29 22:47:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 03:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: VOLSNAP.INF >
[2006/11/02 11:25:18 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows\inf\volsnap.inf
[2006/11/02 07:35:04 | 000,001,790 | ---- | M] () MD5=E5EE5E075DAB1367001C467C70E8C580 -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.inf

< MD5 for: VOLSNAP.INF_LOC >
[2008/01/21 07:21:56 | 000,000,210 | ---- | M] () MD5=E8B92320114486024BA21647BEA6E7EA -- C:\Windows\System32\DriverStore\nl-NL\volsnap.inf_loc
[2008/01/21 07:21:56 | 000,000,210 | ---- | M] () MD5=E8B92320114486024BA21647BEA6E7EA -- C:\Windows\winsxs\x86_volsnap.inf.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_ca385a580d5aebfd\volsnap.inf_loc

< MD5 for: VOLSNAP.PNF >
[2009/04/29 14:17:45 | 000,005,028 | ---- | M] () MD5=2AA68DD7BCA7B9509A951FC1F70B4D74 -- C:\Windows\inf\volsnap.PNF
[2009/04/29 14:17:44 | 000,005,028 | ---- | M] () MD5=9ECE5F05FA3883C1E681DE76D3747E13 -- C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_7eb8cdb5\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2006/11/02 10:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2008/01/21 03:23:46 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/21 03:23:46 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: VOLSNAP.SYS.MUI >
[2008/01/21 07:30:50 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=AD708C14EE6407675CC0B77147D279CC -- C:\Windows\System32\drivers\nl-NL\volsnap.sys.mui
[2008/01/21 07:30:50 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=AD708C14EE6407675CC0B77147D279CC -- C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6001.18000_nl-nl_34323b9748fd593c\volsnap.sys.mui
[2008/01/21 07:23:06 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=F4A4DC179F088D404AE9B7F33D66B2AE -- C:\Windows\winsxs\x86_volume.inf.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_31fb799b4c124868\volsnap.sys.mui

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/04/11 05:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 12
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{191C346C-0FA3-4DD1-8D72-60223DD80BDA}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{465DE486-DFE9-47F8-94CC-711342298FA5}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{7E7D8205-6794-4688-B89D-11466A060C9D}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{B533727C-CE2D-425B-A8FC-42DD86D75ED3}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{FC7BD8BB-6558-46B4-948E-5D82E620B611}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/21 03:24:46 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 0A 01 0B 01 02 01 07 01 04 01 0F 01 0D 01 10 01 06 01 00 01 0E 01 0C 01 09 01 03 01 08 01 05 01 01 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 16
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 10:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 16:12:46 | 000,836,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 16:12:46 | 000,836,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 16:12:46 | 000,836,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 16:12:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 16:12:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 16:12:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Mattias\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/10 10:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Mattias\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/10 10:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Mattias\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/10 10:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Mattias\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/03/10 10:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/12/15 05:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/12/15 05:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/12/15 05:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/15 07:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/12/15 07:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 16:12:46 | 000,836,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 16:12:46 | 000,836,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 16:12:46 | 000,836,544 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 16:12:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 16:12:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 16:12:44 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Mattias\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/10 10:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Mattias\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/10 10:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Mattias\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/10 10:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Mattias\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/03/10 10:21:44 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/12/15 05:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/12/15 05:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/12/15 05:45:00 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/12/15 07:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/12/15 07:22:33 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe"

< End of report >

Edited by Durre, 14 March 2012 - 01:55 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP