Hello,
I went through the guide of this forum and decided to give this a go. It's my first time asking help online
and I'm not fully sure what data exactly I should provide about my pc. Anyways, I'll just cut to it.
(I'll highlight all programs and services used, as it might make it easier to get the total view).
1. BSOD's
I've been getting a lot of BSOD's lately. It was fairly uncommon at first for several months, but 2 days ago a BSOD appeared every time I encountered an object requiring flash (like a youtube video). I decided to remove McAfee and install AVG (licensed) and ZoneAlarm (Free version) instead, together with Malwarebytes Anti-Malware and SuperAntiSpyware. AVG encountered a CoolWebSearch variant and a rootkit, MABM found one infected file (and called it Riskware) and SuperAntiSpware said it had found 2 Trace.Known Threat Sources. Besides that an online scan F-secure noticed printdft.exe, but that particular file has not given any errors to me, so I didn't remove it. However, when I removed the others, after some reboots and changing the settings of the flash player, the BSOD's had gone. Good news, if it wasn't for other things starting to show up since I decided to run HijackThis.
Going through it's log and deleting several entries in it, I noticed some enhancements in my notebooks behaviour (Windows Vista 32-bit, Dell Latitude E6500), but it was way slower than before. The registry fixing program Powersuite (from Uniblue) that I had been using before said my registry was clean however and using Soluto to manage my startup together with msconfig and services.msc, I definetely had even less programs in startup than before (while scanning I had been deleting unnecessary programs or leftovers from deletions from the notebook). So I was rather surprised when it kept taking so long to load the desktop while on first sight things should be good.
2. Bad Explorer.exe behaviour
Following general forum threads (not here) I decided to take it a bit further and used both Smitfraudfix (in safe mode) and ComboFix to see if any other suspicious behaviour was left. After they had been done, things were a tad better, but still not as it should be. The only big improvement over the whole process I have been describing was the CPU staying around an acceptable percentage and the BSOD's not occuring anymore. Then I decided to re-run the scanning software described before (AVG, SuperAnti... etc.) and SuperAntiSpyware found some new infections. Therefor I thought it might be best to download Spybot and let it check my system too. Now that's where things went totally downhill. Spybot found 4 infections, of which 2 could be removed. The other 2 required startup and it asked me if I would allow to run Spybot at starttup for that occasion. So I did. However, after startup, the usual delay of my desktop appearing never went away, so I was left without desktop. Using Task Manager (I have been using this constantly to look for suspicious processes, however never noticed any) I found my explorer.exe running. Yet I had no desktop. So I made a new task, entered explorer.exe as command and only after deleting the original explorer.exe running from the list, I got my desktop back. Meanwhile Spybot has been running and hasn't found the infections files anymore, but it did find 8 others. So did the registry fixing program notice strange behavior, which was confirmed afterwards by Rootkitbuster (but it hasn't deleted those malicious files and it can't).
Both Rkill and OTL have also been running just half an hour ago. Rkill didn't find anything. I'll paste the OTL log afterwards. Using the Search funtcion I have found over 8 explorer.exe files of which many in "x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3" named like maps and (the real) one in C\Windows. I've ran out of ideas in what to do and I'm afraid I might have done too much already. I think my registry might either be broken or infected when it comes to loading the desktop (everything else works perfectly). I haven't yet restarted my notbook after this first occurence of the desktop not loading. Would you be so kind to try and help me out please?
UPDATE A
I just rebooted my notebook and the desktop came back. However, it still took well over 2 minutes for it to appear after logging in and over 6 minutes of booting (measured by Soluto), which it used to be 2 and a half. While opening up Task Manager, I noticed two csrss.exe processes running at the same time (only one explorer.exe) and I can't see their properties when I want to open them. So I can't trace the path. I don't know if it's normal as I never really paid attention to it. On the other hand, when I look for explorer.exe by using the Search option in Vista, it only shows one in C\windows folder and not in any other folders anymore.
UPDATE B
After a night of rest for the notebook (he had been scanning the all the time the night before since the MABM scan took well over 17 hours)the start-up time has gone down to 4 and a half minutes, while the desktop loaded almost immediatelly after logging in. However, if you would be so kind, please still take a look at the log (or do I need to replace it with a new one?) because I'm afraid it might be a rather random behaviour from the start-up process and I don't dare to use Spybot anymore. I won't take any further steps to scan or fix my registry untill I get an answer, I'll just reboot my notebook once in a while. On a side note: the Search option found just one explorer.exe again (C\windows) so whatever was causing the multiple files seems to have either gone or is not activated. The two csrss.exe files are still there, of which one shows before I tell the Task Manager to show the processes of all users. Only afterwards the second one shows up.
The log
OTL logfile created on: 8/03/2012 02:53:33 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Mattias\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy
3,49 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 44,10% Memory free
6,37 Gb Paging File | 4,18 Gb Available in Paging File | 65,53% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230,67 Gb Total Space | 90,32 Gb Free Space | 39,16% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 0,77 Gb Free Space | 38,43% Space Free | Partition Type: NTFS
Computer Name: DURRE | User Name: Mattias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/03/08 02:53:06 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mattias\Desktop\OTL.exe
PRC - [2012/03/07 13:33:06 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2012/01/25 19:05:44 | 001,712,176 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2012/01/25 19:05:44 | 000,547,872 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011/11/03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 15:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/11/02 13:23:56 | 002,457,600 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mattias\Desktop\RootkitBuster_2.80.1077\RootkitBuster.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/01/26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/21 03:25:09 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
========== Modules (No Company Name) ==========
MOD - [2012/03/06 12:49:48 | 000,429,040 | ---- | M] () -- C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
MOD - [2012/03/06 12:49:46 | 003,772,912 | ---- | M] () -- C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll
MOD - [2012/03/06 12:48:22 | 000,122,880 | ---- | M] () -- C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\avutil-51.dll
MOD - [2012/03/06 12:48:20 | 000,220,672 | ---- | M] () -- C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\avformat-53.dll
MOD - [2012/03/06 12:48:19 | 001,747,456 | ---- | M] () -- C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\avcodec-53.dll
MOD - [2012/03/06 09:25:19 | 008,593,056 | ---- | M] () -- C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll
MOD - [2012/03/06 09:25:19 | 008,593,056 | ---- | M] () -- C:\Users\Mattias\AppData\Local\Google\Chrome\APPLIC~1\170963~1.66\gcswf32.dll
MOD - [2012/03/06 03:46:50 | 000,645,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\5dd159c5351d4108eaca2308d8dc74f7\PCGPostBootResources.ni.dll
MOD - [2012/03/06 03:46:50 | 000,060,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\4f9d4277c88289615a042223a47eb29b\PCGHIDProbe.ni.dll
MOD - [2012/03/06 03:46:49 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\7fd935bff96b4d2c47494a82637ff41b\PCGRSPProbe.ni.dll
MOD - [2012/03/06 03:46:48 | 002,327,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\43faaab221f93cc1e08daa557d243535\Community.CsharpSqlite.ni.dll
MOD - [2012/03/06 03:46:46 | 000,202,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\162eb71288ae8578de7c60d6cacff2fe\PCGWuInfo.ni.dll
MOD - [2012/03/06 03:46:46 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\2dadac7311c15d47aeec1ca4b05cfc88\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2012/03/06 03:46:45 | 000,067,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\1212360ee6a49e8bd041838d8478170e\PCGUsersCenter.ni.dll
MOD - [2012/03/06 03:46:42 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\0be97d1937d3284bd783d09ef6e1bfa5\PCGAppControlPluginLoader.ni.dll
MOD - [2012/03/06 03:46:41 | 004,109,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\78cd00b1db45a3689e1c1cf8a47c30cf\PCGClientCommon.ni.dll
MOD - [2012/03/06 03:46:36 | 000,197,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\0ab8dacec7797070ae70c843de0210f7\PCGBootVisualizingCommon.ni.dll
MOD - [2012/03/06 03:46:34 | 000,065,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\a10b7e669320ed621c32992dff80038e\PCGConfiguration.ni.dll
MOD - [2012/03/06 03:46:30 | 003,903,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDatabase\26e3248ba01ce88f2966c9e912e57ac8\PCGDatabase.ni.dll
MOD - [2012/03/06 03:46:24 | 000,047,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\ae69d58fadcc49693f7299813eb6731e\PCGAzureEntityFramework.ni.dll
MOD - [2012/03/06 03:46:23 | 001,308,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\f2914a979af7db2eed580bc35a8f6c01\PCGAzureShared.ni.dll
MOD - [2012/03/06 03:46:22 | 001,278,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGCommunication\e06a3df237a6f53df5937aeb4e9c2ce4\PCGCommunication.ni.dll
MOD - [2012/03/06 03:46:19 | 000,194,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\a78969904fab39fe7c2b2dcff884a1ad\PCGDriverProbe.ni.dll
MOD - [2012/03/06 03:46:11 | 002,845,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\c0aa0701f75c13ce80a8ac6de9fa6516\PCGPreCompiled.ni.dll
MOD - [2012/03/06 03:46:08 | 000,205,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\3a183499e84bd777a8e30a421fa0a3f9\PCGPrestoSerializer.ni.dll
MOD - [2012/03/06 03:46:07 | 000,596,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\c3d248651f3296ec1ca1716dc0f0359b\Ionic.Zip.Reduced.ni.dll
MOD - [2012/03/06 03:45:59 | 002,652,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PCGFramework\2b161b66357f2113864f59cb1eb6af31\PCGFramework.ni.dll
MOD - [2012/03/06 03:45:46 | 001,999,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Soluto\6028cb5ccf83c76fbae9bec1fe823383\Soluto.ni.exe
MOD - [2012/02/17 11:23:20 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll
MOD - [2012/02/17 11:22:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/17 09:52:39 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/17 09:52:13 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/02/17 09:52:02 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/17 09:51:40 | 002,516,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44f933054413500a61afb01e87d8f3fa\System.Data.Linq.ni.dll
MOD - [2012/02/17 09:51:29 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bc01d91f95947c7f25f3ae4e16db2cb5\System.Core.ni.dll
MOD - [2012/02/17 09:49:54 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/01/25 18:57:02 | 000,071,216 | ---- | M] () -- C:\Program Files\Soluto\PCGDllExportInspector.dll
MOD - [2011/12/16 23:58:30 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d72212e0e98b6ea4339d453bf540b5a6\CustomMarshalers.ni.dll
MOD - [2011/12/16 19:21:59 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2010/06/29 09:31:12 | 000,652,800 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2009/08/16 16:06:04 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/03/31 19:04:19 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_nl_b77a5c561934e089\System.resources.dll
MOD - [2009/03/31 19:04:18 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/03/30 05:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2008/12/22 13:13:54 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2008/06/19 17:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008/03/05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008/03/04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008/02/26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007/12/24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/03/07 13:33:06 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2012/01/25 19:05:44 | 000,547,872 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/11/03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/12 00:35:12 | 000,056,040 | ---- | M] (Xobni Corporation) [On_Demand | Stopped] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2010/07/19 16:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/07/19 16:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/04/05 07:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\stacsv.exe -- (STacSV)
SRV - [2010/04/05 07:54:56 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\AEstSrv.exe -- (AESTFilters)
SRV - [2009/04/22 09:05:34 | 001,703,936 | ---- | M] (Wave Systems Corp.) [Disabled | Stopped] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/04/10 11:08:00 | 000,077,824 | ---- | M] (Smith Micro Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009/04/09 12:58:16 | 000,447,264 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/02/11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/22 09:19:20 | 000,808,296 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2009/01/22 09:19:20 | 000,020,840 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008/12/29 10:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/12/12 08:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [Disabled | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/12 12:25:48 | 001,273,856 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/06/09 22:06:30 | 000,036,864 | ---- | M] (How2 Studios) [On_Demand | Stopped] -- C:\Program Files\ISP Monitor\ISPMonitorSrv.exe -- (ISPMonitorSrv)
SRV - [2008/06/03 14:16:30 | 000,382,232 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe -- (alssvc)
SRV - [2008/01/21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/19 04:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NvtSp50)
DRV - File not found [File_System | Boot | Stopped] -- -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012/03/08 02:31:00 | 000,161,296 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012/03/05 13:25:56 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2012/03/05 12:53:32 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2012/01/25 18:56:46 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Soluto.sys -- (Soluto)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/03 15:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/29 22:14:53 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/05/07 17:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2011/03/23 15:05:24 | 000,223,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2011/01/05 19:42:14 | 000,284,792 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/11/19 10:44:48 | 009,936,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/14 03:34:16 | 006,680,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32) ___ Intel®
DRV - [2010/04/05 07:56:08 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/09/25 20:19:35 | 000,023,680 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH.SYS -- (FNETTBOH)
DRV - [2009/09/25 20:19:35 | 000,007,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/04/22 13:16:00 | 000,205,624 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/04/16 03:58:22 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/04/11 05:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2009/04/03 13:25:52 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/04/03 13:25:50 | 000,045,056 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/03 13:25:42 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/04/03 13:25:40 | 000,048,640 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/04/03 13:25:40 | 000,045,056 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/03/08 16:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 06:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/09/25 06:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/09/16 10:41:20 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\heci.sys -- (HECI) Intel®
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/01/21 03:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Stuurprogramma voor Intel®
DRV - [2007/04/19 04:28:12 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2007/04/04 08:53:32 | 000,039,424 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DUBE100B.sys -- (DUBE100B)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {2d8d9acc-f6d7-4362-8876-a275ca929591} - No CLSID value found
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{15098183-B1D3-40BA-BE3F-92508E338118}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2849859
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{15098183-B1D3-40BA-BE3F-92508E338118}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...CC-863238CDD529
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-03-07 13:33:11&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2849859
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_NL Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {D2A6A719-7CBC-4594-85FD-C36AD881424F}:4.5.22
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {2d8d9acc-f6d7-4362-8876-a275ca929591}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Mattias\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mattias\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mattias\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/22 20:45:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 22:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/03/06 00:27:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/06 23:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.23\ [2012/03/07 13:33:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/05 22:43:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/05 22:43:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/22 20:45:48 | 000,000,000 | ---D | M]
[2009/09/21 10:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mattias\AppData\Roaming\mozilla\Extensions
[2009/09/21 10:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mattias\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/03/06 03:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions
[2010/05/03 18:21:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/05 23:33:27 | 000,000,000 | ---D | M] (BittorrentBar_NL Community Toolbar) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}
[2012/03/05 22:45:04 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/03/05 23:44:46 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/10/05 17:48:49 | 000,002,392 | ---- | M] () -- C:\Users\Mattias\AppData\Roaming\Mozilla\Firefox\Profiles\e6lw46f2.default\searchplugins\askcom.xml
[2011/01/04 19:28:24 | 000,000,935 | ---- | M] () -- C:\Users\Mattias\AppData\Roaming\Mozilla\Firefox\Profiles\e6lw46f2.default\searchplugins\conduit.xml
[2012/03/07 01:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/07 01:18:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/06 00:27:33 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\MATTIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E6LW46F2.DEFAULT\EXTENSIONS\{582195F5-92E7-40A0-A127-DB71295901D7}.XPI
() (No name found) -- C:\USERS\MATTIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E6LW46F2.DEFAULT\EXTENSIONS\[email protected]
[2012/02/16 16:12:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2008/01/08 01:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2012/03/07 01:17:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/07 13:33:03 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 11:53:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 11:58:11 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/02/16 11:58:11 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/02/16 11:58:11 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitTorrent (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: DivX Player Netscape Plugin (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX VOD Helper Plug-in (Disabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Disabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - Extension: YouTube = C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AVG Safe Search = C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/03/08 00:37:57 | 000,440,678 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15173 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F6BD6330-76F8-44D9-B775-87614E2D8374} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - Reg Error: Value error. File not found
O8 - Extra context menu item: &Download with FlashGet - Reg Error: Value error. File not found
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Instellingen voor Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.58.126.3 134.58.127.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC7BD8BB-6558-46B4-948E-5D82E620B611}: DhcpNameServer = 134.58.126.3 134.58.127.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Mattias\Pictures\Q.O.P\Scrabble love.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mattias\Pictures\Q.O.P\Scrabble love.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/03/08 02:53:07 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Mattias\Desktop\OTL.exe
[2012/03/08 02:30:51 | 000,161,296 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/03/08 02:30:41 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\RootkitBuster_2.80.1077
[2012/03/08 00:27:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/08 00:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/08 00:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/08 00:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/03/07 15:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/03/07 15:38:38 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\SystemRequirementsLab
[2012/03/07 14:01:44 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\Uniblue Power Suite 2011
[2012/03/07 13:34:22 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\3v
[2012/03/07 13:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RadarSync
[2012/03/07 13:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/03/07 13:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/03/07 13:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/03/07 12:52:05 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/07 12:43:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/07 03:25:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/07 01:22:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\SmitfraudFix
[2012/03/07 01:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/06 23:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012/03/06 23:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2012/03/06 23:13:35 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/03/06 13:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/03/06 13:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012/03/06 13:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/03/06 12:09:20 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/03/06 04:31:49 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/06 04:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/06 04:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/06 04:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/06 04:20:48 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\f-secure
[2012/03/06 04:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/03/06 03:41:18 | 000,051,144 | ---- | C] (Soluto LTD.) -- C:\Windows\System32\drivers\Soluto.sys
[2012/03/06 03:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2012/03/06 03:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2012/03/06 03:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/06 03:33:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/06 03:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/06 00:28:04 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\AVG2012
[2012/03/06 00:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/03/06 00:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/03/06 00:25:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/03/06 00:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/03/06 00:12:28 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{9AA674DA-C66B-4514-9C14-FBBAF77AD15E}
[2012/03/06 00:12:15 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{57B55C14-9623-4595-814D-230F64AB6B89}
[2012/03/05 23:53:28 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Documents\ForceField Shared Files
[2012/03/05 23:53:26 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\CheckPoint
[2012/03/05 23:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/03/05 22:58:48 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/03/05 20:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/03/05 20:41:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/03/05 20:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/03/05 15:11:00 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\.minecraft
[2012/03/05 13:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/03/05 13:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/03/05 13:30:27 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/03/05 13:25:56 | 000,046,592 | ---- | C] (REDC) -- C:\Windows\System32\drivers\risdptsk.sys
[2012/03/05 12:53:32 | 000,046,592 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2012/03/05 12:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/03/05 12:00:30 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{84349503-FA63-4DDF-921D-ED7B7C06AB6C}
[2012/03/05 12:00:07 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{4D0AE794-E9AC-4E38-A684-B6B8319B4160}
[2012/03/04 14:53:47 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\Uniblue
[2012/03/04 14:53:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/03/04 14:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/03/04 14:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/03/04 14:51:33 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\PackageAware
[2012/03/04 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{A3D233B2-FBD0-4A3A-9DAA-75648BE10FD4}
[2012/03/04 10:00:51 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{259405A5-6200-4BED-A31A-C210E20B6D7C}
[2012/03/03 12:44:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{29B82725-11E5-445D-B393-8BFC115EA6BE}
[2012/03/03 12:43:55 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{DC9A96F1-2719-46D8-986F-E8DB552DAEF9}
[2012/03/02 17:14:49 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{76E158CE-4CAF-4D8D-A405-C9CC4685E3D1}
[2012/03/02 17:14:35 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2608C4D7-2F80-40FC-934D-1A3519A08637}
[2012/03/02 15:25:42 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{3B391CC6-19F2-4977-9E4E-C1B2BF3B1242}
[2012/03/01 19:30:47 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{4448BE9E-0111-4C1D-BA47-27F90C7B6DA8}
[2012/03/01 19:30:24 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{EFC818F4-12B0-48EB-B9B0-A93B506DB65C}
[2012/03/01 14:07:10 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{7DF2E479-5B6E-4E63-B471-4088D5FD9F0A}
[2012/02/29 23:47:10 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Documents\MCEdit-schematics
[2012/02/29 23:47:09 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\pymclevel
[2012/02/29 23:46:51 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MCEdit
[2012/02/29 23:46:35 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\MCEdit
[2012/02/29 14:41:51 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{6D620C16-74A3-4F78-A275-3F832DEEFA91}
[2012/02/29 14:41:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{9A804AAD-76F0-4C63-8377-DECD77180B1E}
[2012/02/29 14:34:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{417E04D2-4135-48AC-8BDE-348CFC64E8F0}
[2012/02/28 21:34:14 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{F2E17226-C45A-45DE-B663-39820A61DA75}
[2012/02/28 12:27:00 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{219B2868-4912-4AC9-8C91-54F8F4A67C7D}
[2012/02/27 12:43:19 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2CC2DDC7-4C37-47E9-9D70-79F52578CFF8}
[2012/02/26 10:31:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{AD9A7B41-50DF-4C30-883C-9A83DE462183}
[2012/02/26 10:30:54 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2163BAC3-5AAD-4ABD-A0A0-6A12EFA2893C}
[2012/02/25 14:40:57 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{8F100642-8A28-4133-8847-B915756660DF}
[2012/02/25 14:40:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{09C79F6E-D106-4B5F-B964-A0F30114B3FD}
[2012/02/25 11:51:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{51E57A87-1594-4F15-9FD4-31E96C793FA3}
[2012/02/25 11:50:57 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{ADFC392E-FE18-48F7-A7D5-9A0BFCDFA69B}
[2012/02/24 21:38:07 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{875657E5-57E6-45DA-AB67-26AAB4136A2B}
[2012/02/24 21:37:55 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{44F15145-04CE-4B34-AE5C-AFA1032B1F70}
[2012/02/24 18:17:53 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{B761084C-C17A-4846-BEFE-DED46E21D005}
[2012/02/24 13:20:49 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{1E423208-FE10-4BB9-8A3E-89290CDF2C72}
[2012/02/24 12:27:42 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{BAA9D580-2D1A-4CC1-A7CA-944696F5C1B4}
[2012/02/23 13:17:08 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{495D38E6-8003-40E1-8158-89B8C75226D8}
[2012/02/23 13:16:58 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{90DBE53F-0F19-46AB-99CA-AA0D4A5439B6}
[2012/02/23 12:05:28 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{BEB7DE08-D57D-454E-8C47-B638071E8914}
[2012/02/22 16:40:31 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2EBC9284-E0FF-4928-99C5-672DEDC0CEE9}
[2012/02/22 12:15:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{935E2295-FB5B-4044-A8ED-7B46D595A46C}
[2012/02/21 22:39:50 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{30DD94D1-72C2-45CC-9119-1F1A6A79E707}
[2012/02/21 16:31:08 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{F6A6F7D6-0A2A-4072-81F2-B3F5B04E898E}
[2012/02/21 07:45:27 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{ADFB157B-B5D0-4F2D-BD23-857F0FB6D4B5}
[2012/02/21 07:36:32 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{771D5FF4-3027-4896-99CD-3EA69988D629}
[2012/02/20 19:09:52 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{36C5B681-7EE0-4B8F-B03C-1385F6FAD143}
[2012/02/20 11:29:07 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{EA4B0C15-950B-4262-8B7E-A364CB37A072}
[2012/02/19 10:17:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{1313607D-608D-4350-9C73-9E4B29561E98}
[2012/02/19 10:17:02 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{023BE0FA-D99E-4C2D-9A44-3C5920655B97}
[2012/02/18 22:38:01 | 000,000,000 | ---D | C] -- C:\Users\Mattias\.swt
[2012/02/18 11:36:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{DBA25761-8847-4DB9-89BA-95D74C6F546B}
[2012/02/18 11:36:09 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{33A7DBC8-853B-4205-953C-E822132DA7E5}
[2012/02/17 20:35:02 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{C1FE67A1-161E-41D9-AC15-4399666E0198}
[2012/02/17 15:35:12 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{D3AA29D1-311E-4990-BB1D-25D9A07DFB28}
[2012/02/17 09:51:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{18AD1CE6-DD4D-4F53-B073-B8EB2FB1F04D}
[2012/02/16 17:09:36 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{FF97EE7A-9514-494B-915A-FFF7B2337DAF}
[2012/02/16 17:09:22 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{6324BDD3-5746-422F-9B85-A25087C8DAB4}
[2012/02/16 09:54:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{C6EEED01-AFCB-4CBE-82CC-3960666A2BAF}
[2012/02/15 10:39:55 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{0EB52F94-4995-4C23-81A3-A048E03A9491}
[2012/02/15 10:04:34 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{AA70B19D-74B3-477A-A3FF-11C0B295E30C}
[2012/02/15 10:04:09 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{D7943DE8-21B9-46E6-9FCE-2B735FE089CF}
[2012/02/15 09:56:48 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{DE03CB09-06D2-4BDC-B6B2-76014FCA696A}
[2012/02/15 09:39:50 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{695A94BA-F83D-4C76-BC58-BB560E4513B9}
[2012/02/15 09:21:45 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{47E8E653-8B5D-4209-B5F9-C9225BCCAA66}
[2012/02/14 23:32:28 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2120352B-53B7-40C4-93F9-5A018724DFE5}
[2012/02/09 10:20:23 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{AA257B6C-BA24-4864-891F-72D5FBF53731}
[2012/02/09 10:19:58 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{F34E4AFB-F87F-4D6B-AEE1-4E5F18B97D22}
[2012/02/08 10:34:49 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{B4BF37B6-EBA4-441B-BC11-7619C15720FC}
[2012/02/08 10:34:24 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{3C022C8C-3C68-40BB-936B-36E5F8973B82}
[2012/02/07 10:25:59 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{341E4AA9-1793-47A5-BDEB-93DDD26A3842}
[2012/02/07 10:25:10 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{3AE62DD6-11F0-434C-83C3-6D8E3A76F893}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/03/08 03:02:02 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000UA.job
[2012/03/08 02:53:06 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mattias\Desktop\OTL.exe
[2012/03/08 02:37:05 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/08 02:31:00 | 000,161,296 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012/03/08 02:19:19 | 001,008,141 | ---- | M] () -- C:\Users\Mattias\Desktop\rkill.exe
[2012/03/08 01:38:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 01:38:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 01:38:00 | 000,032,069 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/03/08 01:37:59 | 000,032,069 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/03/08 01:37:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/08 01:37:11 | 3745,411,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/08 01:35:27 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/08 00:57:17 | 091,084,966 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/08 00:37:57 | 000,440,678 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/08 00:16:48 | 000,001,063 | ---- | M] () -- C:\Users\Mattias\Desktop\Spybot - Search & Destroy.lnk
[2012/03/08 00:08:53 | 000,002,521 | ---- | M] () -- C:\Users\Mattias\Desktop\HiJackThis.lnk
[2012/03/07 23:02:11 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000Core.job
[2012/03/07 20:48:14 | 000,002,946 | ---- | M] () -- C:\Users\Mattias\Documents\mcedit.ini
[2012/03/07 17:07:29 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/03/07 17:05:32 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.0.lnk
[2012/03/07 16:24:33 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/03/07 16:04:21 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/03/07 14:58:14 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\PowerSuite.lnk
[2012/03/07 13:07:36 | 000,002,060 | ---- | M] () -- C:\Users\Mattias\Desktop\Google Chrome.lnk
[2012/03/07 13:07:36 | 000,002,022 | ---- | M] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/07 12:58:46 | 463,905,923 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/07 04:47:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120308-003757.backup
[2012/03/07 03:16:22 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0E026961-7E77-443B-A740-1A5D423ED0D8}.job
[2012/03/07 01:44:36 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/07 01:34:14 | 000,000,691 | ---- | M] () -- C:\Users\Mattias\AppData\Roaming\GetValue.vbs
[2012/03/07 01:34:14 | 000,000,035 | ---- | M] () -- C:\Users\Mattias\AppData\Roaming\SetValue.bat
[2012/03/07 01:34:13 | 000,002,394 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2012/03/07 00:01:09 | 000,718,982 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2012/03/07 00:01:09 | 000,632,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/07 00:01:09 | 000,149,064 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2012/03/07 00:01:09 | 000,118,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/06 23:36:40 | 000,415,859 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/03/06 15:53:34 | 001,872,472 | ---- | M] () -- C:\Users\Mattias\Desktop\SmitfraudFix.exe
[2012/03/06 13:18:22 | 000,046,177 | ---- | M] () -- C:\Users\Mattias\Desktop\processinfo 2012_03_06 13_18.html
[2012/03/06 08:58:39 | 000,029,013 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/06 04:28:13 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/06 03:33:52 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 01:54:48 | 000,001,356 | ---- | M] () -- C:\Users\Mattias\AppData\Local\d3d9caps.dat
[2012/03/06 00:56:43 | 000,622,359 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/03/06 00:27:34 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/03/05 22:43:58 | 000,000,878 | ---- | M] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/05 22:43:58 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/05 19:09:17 | 000,002,716 | ---- | M] () -- C:\Windows\System32\.rsp
[2012/03/05 19:09:17 | 000,001,479 | ---- | M] () -- C:\Windows\System32\.lck
[2012/03/05 14:05:46 | 000,004,358 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012/03/05 13:30:27 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/03/05 13:25:56 | 000,046,592 | ---- | M] (REDC) -- C:\Windows\System32\drivers\risdptsk.sys
[2012/03/05 12:53:32 | 000,046,592 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2012/03/04 14:53:39 | 000,001,583 | ---- | M] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2012/02/26 14:39:06 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/02/26 14:39:06 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/02/17 15:41:15 | 000,000,134 | ---- | M] () -- C:\Users\Mattias\Desktop\Netwerkcentrum - Snelkoppeling.lnk
[2012/02/17 09:46:39 | 000,439,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/07 19:05:11 | 000,112,006 | ---- | M] () -- C:\Users\Mattias\Desktop\ItemslistV110.png
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/03/08 02:19:15 | 001,008,141 | ---- | C] () -- C:\Users\Mattias\Desktop\rkill.exe
[2012/03/08 00:57:17 | 091,084,966 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/08 00:16:48 | 000,001,063 | ---- | C] () -- C:\Users\Mattias\Desktop\Spybot - Search & Destroy.lnk
[2012/03/07 16:04:21 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/03/07 14:58:14 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\PowerSuite.lnk
[2012/03/07 03:13:58 | 000,000,428 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{0E026961-7E77-443B-A740-1A5D423ED0D8}.job
[2012/03/07 01:44:11 | 3745,411,072 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/07 01:34:14 | 000,000,691 | ---- | C] () -- C:\Users\Mattias\AppData\Roaming\GetValue.vbs
[2012/03/07 01:34:14 | 000,000,035 | ---- | C] () -- C:\Users\Mattias\AppData\Roaming\SetValue.bat
[2012/03/07 01:25:07 | 000,002,394 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2012/03/06 23:30:42 | 000,415,859 | ---- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/03/06 23:13:35 | 000,002,521 | ---- | C] () -- C:\Users\Mattias\Desktop\HiJackThis.lnk
[2012/03/06 15:53:21 | 001,872,472 | ---- | C] () -- C:\Users\Mattias\Desktop\SmitfraudFix.exe
[2012/03/06 13:18:21 | 000,046,177 | ---- | C] () -- C:\Users\Mattias\Desktop\processinfo 2012_03_06 13_18.html
[2012/03/06 08:58:36 | 000,029,013 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/06 04:28:13 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/06 03:33:52 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 00:56:43 | 000,622,359 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/03/06 00:27:34 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/03/05 22:58:50 | 000,002,060 | ---- | C] () -- C:\Users\Mattias\Desktop\Google Chrome.lnk
[2012/03/05 22:58:50 | 000,002,022 | ---- | C] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/05 22:57:56 | 000,001,074 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000UA.job
[2012/03/05 22:57:54 | 000,001,022 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000Core.job
[2012/03/05 22:43:58 | 000,000,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/05 21:14:21 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/05 13:30:23 | 000,004,358 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/03/04 14:53:39 | 000,001,583 | ---- | C] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2012/02/29 23:46:51 | 000,002,946 | ---- | C] () -- C:\Users\Mattias\Documents\mcedit.ini
[2012/02/17 15:41:15 | 000,000,134 | ---- | C] () -- C:\Users\Mattias\Desktop\Netwerkcentrum - Snelkoppeling.lnk
[2012/02/07 19:05:19 | 000,112,006 | ---- | C] () -- C:\Users\Mattias\Desktop\ItemslistV110.png
[2012/01/25 16:23:42 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2012/01/25 16:23:42 | 000,031,744 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2012/01/25 16:23:42 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2011/12/25 23:28:51 | 000,000,000 | ---- | C] () -- C:\Windows\PCFriend.INI
[2011/10/06 21:23:41 | 000,032,069 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/10/06 21:23:21 | 000,032,069 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/10/06 21:21:58 | 001,657,448 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2011/10/06 21:21:58 | 001,612,392 | ---- | C] () -- C:\Windows\System32\nView.dll
[2011/10/06 21:21:58 | 001,108,584 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2011/10/06 21:21:58 | 000,449,128 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2011/10/06 21:21:58 | 000,267,368 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe
[2011/10/06 21:21:58 | 000,262,248 | ---- | C] () -- C:\Windows\System32\nViewSetup.exe
[2011/10/06 21:21:57 | 001,731,176 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2011/10/06 21:21:57 | 000,473,704 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2011/10/06 20:24:48 | 000,000,000 | ---- | C] () -- C:\Users\Mattias\AppData\Local\{C44EA8F1-26C3-4500-A660-B86F610B5AA2}
[2011/10/06 18:37:26 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2011/10/03 10:43:33 | 000,000,000 | ---- | C] () -- C:\Users\Mattias\AppData\Local\{215171B1-D18C-4DFF-813C-5A92EF77FF63}
[2011/09/29 19:00:24 | 000,000,022 | -HS- | C] () -- C:\Users\Mattias\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/06/30 15:57:18 | 000,177,597 | ---- | C] () -- C:\Windows\hpoins28.dat
[2011/05/27 22:55:53 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/05/02 13:38:27 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/04/26 12:33:42 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/26 12:33:42 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/11/15 20:27:45 | 000,054,694 | ---- | C] () -- C:\Windows\System32\pthreadGC.dll
[2010/10/27 23:46:02 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/10/27 22:47:13 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/06/23 20:03:00 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
========== LOP Check ==========
[2012/03/05 15:16:14 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\.minecraft
[2011/04/24 20:21:51 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\.Nitrous
[2012/03/07 13:34:22 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\3v
[2011/07/25 10:37:00 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\acccore
[2011/05/28 09:41:57 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Audacity
[2012/03/06 00:28:04 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\AVG2012
[2012/02/18 22:38:25 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Azureus
[2012/03/07 13:39:18 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\BitTorrent
[2009/08/31 15:24:40 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Broadcom
[2012/03/05 23:53:26 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\CheckPoint
[2010/10/10 18:23:52 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\DNA
[2009/09/29 17:40:30 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\DriverCure
[2012/03/06 04:20:48 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\f-secure
[2009/09/05 09:47:06 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\FlashGet
[2009/09/25 20:21:51 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Genie-Soft
[2011/08/11 10:06:15 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\GetRightToGo
[2010/02/01 18:42:18 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\gtk-2.0
[2010/01/29 18:59:43 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Inkscape
[2010/10/17 20:31:22 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\ISP Monitor
[2009/11/10 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\iTelevision
[2012/01/25 17:03:55 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Maple
[2011/04/24 10:47:35 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Minecraft Backup Tool
[2011/11/19 18:22:57 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\pdf995
[2012/02/29 23:47:09 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\pymclevel
[2011/03/02 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Raptr
[2009/09/29 18:06:37 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\SoundSpectrum
[2012/02/15 10:40:39 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Spotify
[2012/03/07 15:38:47 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\SystemRequirementsLab
[2011/07/25 08:57:31 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Trillian
[2010/12/23 17:26:39 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\TuneUpMedia
[2012/03/07 14:58:35 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Uniblue
[2010/02/12 23:30:44 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Unigraphics Solutions
[2011/08/09 15:03:09 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Unity
[2012/03/07 13:38:55 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\uTorrent
[2009/08/31 15:25:03 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Wave Systems Corp
[2010/11/23 23:38:26 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Windows Live Writer
[2012/03/08 01:35:30 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/07 03:16:22 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0E026961-7E77-443B-A740-1A5D423ED0D8}.job
========== Purity Check ==========
< End of report >
Edited by Durre, 08 March 2012 - 02:22 PM.