Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

No desktop at start-up, many explorer.exe files (BSOD problems too) [S


  • This topic is locked This topic is locked

#16
Durre

Durre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
EXTRAS LOG


OTL Extras logfile created on: 14/03/2012 20:18:36 - Run 2
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Mattias\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,49 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 59,76% Memory free
6,37 Gb Paging File | 5,06 Gb Available in Paging File | 79,30% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230,67 Gb Total Space | 91,31 Gb Free Space | 39,59% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 0,79 Gb Free Space | 39,34% Space Free | Partition Type: NTFS
Drive G: | 7,45 Gb Total Space | 7,42 Gb Free Space | 99,50% Space Free | Partition Type: FAT32

Computer Name: DURRE | User Name: Mattias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0098A0A9-0F43-406E-91D5-34C97A8C4826}" = lport=445 | protocol=6 | dir=in | app=system |
"{20C7D81C-F181-45AC-B0B3-E5BF1D855284}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{38E2545A-0727-4D00-807E-3B6A3A4921AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{44EE337E-FBF2-4033-9B95-2E366C50EE7B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46570C5B-B391-475A-B8D4-A5BEB7A2A343}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{622EF7E3-9DC4-4B5E-9048-90F5A2687C86}" = lport=137 | protocol=17 | dir=in | app=system |
"{84A99E14-3D9D-4887-88DD-108840A2D25D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{95CBDB12-EFA9-4123-804F-933375F5DE74}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A8938D15-EFCC-4AA0-9BD9-AE0C36D6F9F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ADEA2BAC-D4DF-4034-8A2B-82F8127A3D80}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B0C5D3B9-EDAA-4C7F-AFE3-9934CD07BAF9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B95664E6-BCB3-4488-9545-4B8D822DEF4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BEF9CBDB-313E-4BE9-986A-0AB96716C35E}" = rport=138 | protocol=17 | dir=out | app=system |
"{CABD95E4-90CB-438F-A0DA-1E4A730C37DD}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9DF9AB7-D460-46A6-9B8E-EF6C75CFD097}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DD9DF3D2-7E68-4452-858C-C1815ED4B0C9}" = lport=138 | protocol=17 | dir=in | app=system |
"{E1EE8F72-399A-45A6-BD34-FDD1E7CA8997}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E205B970-A143-46E5-A207-C0FD12CF3960}" = rport=445 | protocol=6 | dir=out | app=system |
"{E371A0F4-0672-498F-9519-59F497D3EA86}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2E28C65-AF92-459D-90D7-0881EC63B0A5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05176351-737E-4F65-AA27-A1963FD158BE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1513F8FB-24EA-47A6-B3B4-BC541E1A2904}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{16F9D661-836F-4146-B68C-ED02F67AFCB7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{1763E456-73D4-4006-877F-DB34352D342D}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{19032475-7AB2-4CB1-802A-BB14A73A352A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1C9B48BC-1C46-4EE8-87BE-64AB2FC6DA5C}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{1D14465A-EAED-4A03-AA89-362CB4FC0C4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1F97655F-2A81-4AB7-A1D0-7CB484EC438A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{210825B0-1A2A-42E0-8612-900ED33F93EE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{280F0F16-3251-4324-8BCC-DFE302172FB4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2AC35B04-5AB9-4A0E-BFAF-C231D57361C4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{2FF5161F-58F2-4219-A1C7-2CD495005511}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{33D23100-8122-40AE-9E76-981D0F3C7120}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{370AB495-7A11-4DF5-BCF1-A67F90FDB1C3}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{3D80061F-44A2-4255-9B03-9734E830D23B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{40E065B7-7C50-46F5-B27B-E54A3F8B8FC5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{46ED0104-238D-4B20-81FC-2C086B6EC561}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{47E09EF4-ADD0-40EA-A4E6-497A9BD935E4}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4C489A9F-88B0-458E-8C38-CA5D52236F3F}" = protocol=1 | dir=out | [email protected],-28544 |
"{5267B108-BE29-484B-836D-20EE4C0929CA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{53EEE652-6099-4BE7-9959-EE8786C9DEAC}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{59E67CCA-47A1-4A1B-ACE0-7ACE08A8A665}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6383B1A3-077C-4474-B9AB-487822E6AA2B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{659304E6-4CF4-4C48-B118-EEB876AC010D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{67D86987-5D3C-42F4-8770-329CFBF33F42}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{6B893228-8435-414B-B2EC-B3822C8A2456}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{6CA04788-8822-4DAD-BD79-C0A1963A250E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{7165514A-EB31-4B25-A4F9-2633156AF3C1}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{75DFFCCD-C589-41A0-B37E-99E62F0FA12A}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{783CCCB4-7C22-4D38-BE33-21CCD7DF7B52}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{7B803477-91E9-4A5F-932B-450F71B0D602}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{7DB05117-B642-4E65-A61B-E656A2EB3034}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{7F623459-7A38-4AC2-BD9C-677E4FED95B6}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{8E610D33-E6F6-442F-9898-ED2F07D650EC}" = protocol=6 | dir=in | app=c:\users\mattias\downloads\installers\hardware\solutoinstaller.exe |
"{9174F262-7E5E-4097-A823-F9C4ED4A57B0}" = protocol=6 | dir=in | app=c:\users\mattias\downloads\installers\hardware\solutoinstaller-di3g1nto56.exe |
"{93F424A4-587B-426A-9D66-37F88AE59EA3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{95A2F338-A1A8-472A-BB0B-7953DAEB4270}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{9CED4BFE-62B2-476C-B701-E6D286B1DFAD}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{9D644262-63FA-4223-8D25-3F79B8D51BA6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{9E29A00B-0270-4B6C-B430-E31E54DD417A}" = protocol=58 | dir=out | [email protected],-28546 |
"{A048B64B-2FF8-4003-A31A-7112875776E9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{A46387B3-520F-45FF-9389-658D4FB26EF9}" = protocol=1 | dir=in | [email protected],-28543 |
"{A5C2E0EB-37B4-4541-9217-AA2619B3E0D1}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{A71A4CFB-1B67-4869-B781-ECB8FBAC702F}" = protocol=17 | dir=in | app=c:\users\mattias\downloads\installers\hardware\solutoinstaller.exe |
"{B400D17B-1938-4C12-92FD-27C9F1C6D489}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{B8DECB4C-1994-45F4-A016-E397C925A299}" = protocol=17 | dir=in | app=c:\users\mattias\downloads\installers\hardware\solutoinstaller-di3g1nto56.exe |
"{BBAD0101-5496-45D0-A511-AE2EED64FBE3}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{C1CD8521-BB05-48F9-BE61-78C582FC1D80}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{C5C24417-6E35-4FE7-A3D7-808D22116E6B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C6958E14-7517-4762-9B86-F7EB5A44CEE5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{D618A95F-2E67-44F9-A59C-8623ED916DCF}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{D770E15D-6093-41A2-A128-D6B334EE3432}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{E4FEDFE6-25F9-4DBA-B53E-B6BA8FE334F3}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{EC4EC761-EAD7-43B8-98E7-6EF3028092B6}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EC5E5BD7-4345-425B-B857-DED020F6EA73}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{EC62EB67-E2B9-4B0B-9CB6-EF0BA461B04A}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F929AC4B-16E5-4465-8669-3AD72DF0FCC5}" = protocol=58 | dir=in | [email protected],-28545 |
"{FB5AB5FA-513B-4B76-B55F-7342BAF1D43C}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"TCP Query User{01A008F5-2C27-457B-AB0D-37B86638DCB6}C:\users\mattias\desktop\dcoo cs1.6\cstrike.exe" = protocol=6 | dir=in | app=c:\users\mattias\desktop\dcoo cs1.6\cstrike.exe |
"TCP Query User{0C35E21F-53D4-40E1-ADB8-AF58D24EAB57}C:\program files\acclaim\revolt\revolt.exe" = protocol=6 | dir=in | app=c:\program files\acclaim\revolt\revolt.exe |
"TCP Query User{1822E432-2722-4793-ABB1-84E376B76039}C:\program files\maple 14\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 14\jre\bin\maple.exe |
"TCP Query User{1B698683-C3CC-495A-9688-FD6D3C3224DA}C:\program files\maple 14\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\maple 14\jre\bin\java.exe |
"TCP Query User{25D0924D-5B23-4C3F-B59A-3BC5091FCB4F}C:\users\mattias\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mattias\appdata\roaming\spotify\spotify.exe |
"TCP Query User{2E6C2558-8DF6-4F28-AB57-565EB8A39D47}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{3359A99E-515D-4185-A935-DFA5D562B07A}C:\program files\microsoft games\project s\spartan.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\project s\spartan.exe |
"TCP Query User{3F461D24-CA07-4A2E-87A5-ABC4B124B38E}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{4B9E40F4-343D-491D-8CF4-ED56BBAFDC94}C:\program files\maple 14\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 14\jre\bin\maple.exe |
"TCP Query User{4BECDE68-8C39-4F7F-A2A0-76DE2203C8B1}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{61D403F5-BDAE-4126-9694-FB4A704BD54D}C:\program files\rv house\rv_house.exe" = protocol=6 | dir=in | app=c:\program files\rv house\rv_house.exe |
"TCP Query User{652ACB31-EE37-49FB-BCF3-D8FB8A849517}C:\program files\maple 15\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 15\jre\bin\maple.exe |
"TCP Query User{69651142-8797-4F17-9D11-61C4B8DF2FA1}C:\users\mattias\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mattias\program files\dna\btdna.exe |
"TCP Query User{6AD7C6BE-9936-4A23-9B22-C3A574BD7FAD}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{6D22C41A-2ECC-43AA-BD76-4B1E0FFC09F2}C:\program files\matlab\r2008b\bin\win32\matlab.exe" = protocol=6 | dir=in | app=c:\program files\matlab\r2008b\bin\win32\matlab.exe |
"TCP Query User{7C1BAAA3-92F0-4994-BCC8-78150EB74E3B}C:\users\mattias\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mattias\appdata\roaming\spotify\spotify.exe |
"TCP Query User{7E20895F-A40A-4675-9DDC-AF6B92B876D9}C:\users\mattias\desktop\dcoo cs1.6\cstrike.exe" = protocol=6 | dir=in | app=c:\users\mattias\desktop\dcoo cs1.6\cstrike.exe |
"TCP Query User{7F156EF7-A5DD-46B0-818E-A1D9A91B3DEC}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{8EEC318B-6369-48EB-BD17-7B576B343626}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{90C14934-E511-4297-AD5C-3C473743EA72}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{A9FA7099-3C06-497E-9969-D04ED81C6F89}C:\program files\raptr\raptr.exe" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"TCP Query User{BDCDE674-8355-4A04-BF85-408530AAA4AD}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{BEF42C09-0277-4433-97B2-EDE15D3E99E1}C:\users\mattias\downloads\installers\download\utorrent.exe" = protocol=6 | dir=in | app=c:\users\mattias\downloads\installers\download\utorrent.exe |
"TCP Query User{C00FDF2D-6094-41C0-A75D-97987D3F8178}C:\users\mattias\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mattias\program files\dna\btdna.exe |
"TCP Query User{D4DBCCBF-D49D-4F78-95FD-524A10E4B641}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{F1136063-0FFF-4275-B769-9667FC4AD75A}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{FD58D85A-D896-46D7-AC7E-A2330EB76C9C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{0F7F22E8-14DA-4088-9E84-7222286F7070}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{164C95A7-C4A3-4508-BAAC-929DD78D4E41}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{3612D8B9-E4A0-48BE-850C-46B36A1ACA00}C:\program files\maple 14\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\maple 14\jre\bin\java.exe |
"UDP Query User{453DDC18-C856-4193-A57E-B65B1C785E18}C:\users\mattias\downloads\installers\download\utorrent.exe" = protocol=17 | dir=in | app=c:\users\mattias\downloads\installers\download\utorrent.exe |
"UDP Query User{49EDF545-3088-4AF6-8927-F39E2AC76014}C:\users\mattias\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mattias\program files\dna\btdna.exe |
"UDP Query User{536681B8-3E04-42D8-98EE-F94E6F7BCF5F}C:\users\mattias\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mattias\program files\dna\btdna.exe |
"UDP Query User{5F723B55-71F3-42A5-906B-2EDB7481BF13}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"UDP Query User{6799ED17-C35B-4111-A5C0-54D71F3A4280}C:\users\mattias\desktop\dcoo cs1.6\cstrike.exe" = protocol=17 | dir=in | app=c:\users\mattias\desktop\dcoo cs1.6\cstrike.exe |
"UDP Query User{70C79C7E-6F20-416E-9180-B08135D37B12}C:\program files\raptr\raptr.exe" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"UDP Query User{780B0D7F-44B5-4BAB-829F-4A3CDDA30627}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{96DFE6EC-4B77-40F5-A6B3-645563BC1530}C:\program files\maple 14\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 14\jre\bin\maple.exe |
"UDP Query User{AFBC0859-60B3-453D-BE3C-791276DCEF6B}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{B4021CC5-DED4-4D1A-B29A-4A055C8297A3}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{B51BC73D-DEF3-4855-AF14-B60AFF1A0C50}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{C3728C00-A212-4672-831A-FB244A68A4F0}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{CBC914D4-9451-4BC9-A54D-569271E4997B}C:\program files\maple 14\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 14\jre\bin\maple.exe |
"UDP Query User{CF61BA41-9809-4EB3-B103-3D771A84D3B8}C:\program files\microsoft games\project s\spartan.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\project s\spartan.exe |
"UDP Query User{D0B4058A-8E1F-47BA-A5CB-210346A9982C}C:\program files\maple 15\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 15\jre\bin\maple.exe |
"UDP Query User{D398BD44-ADE6-4559-ACBA-16A6E4E89F80}C:\program files\matlab\r2008b\bin\win32\matlab.exe" = protocol=17 | dir=in | app=c:\program files\matlab\r2008b\bin\win32\matlab.exe |
"UDP Query User{DEAB374E-9E68-4AC7-99F3-E5750E707AAE}C:\users\mattias\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mattias\appdata\roaming\spotify\spotify.exe |
"UDP Query User{E4B8B5C9-BD99-4D69-BE61-BC760848CCE1}C:\program files\acclaim\revolt\revolt.exe" = protocol=17 | dir=in | app=c:\program files\acclaim\revolt\revolt.exe |
"UDP Query User{F0D0BBA4-DD62-4F5C-97D8-933F79675250}C:\users\mattias\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mattias\appdata\roaming\spotify\spotify.exe |
"UDP Query User{F6DD4521-F1ED-4A8A-ADE0-C440B334A901}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{F7AA9244-02C0-4FC4-A7C0-59C22AA55760}C:\program files\rv house\rv_house.exe" = protocol=17 | dir=in | app=c:\program files\rv house\rv_house.exe |
"UDP Query User{FB0F8E06-6015-4487-B482-AB2F0D6407A7}C:\users\mattias\desktop\dcoo cs1.6\cstrike.exe" = protocol=17 | dir=in | app=c:\users\mattias\desktop\dcoo cs1.6\cstrike.exe |
"UDP Query User{FEF4B869-D87D-49A7-AEA4-651A2039E14E}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{072B53D7-DAAD-4562-8764-B528D0ADA7C4}" = Windows Live Family Safety
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E11EE30-C0D4-46BC-9142-27EB4C37BE35}" = Angry Birds
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{2222706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3 SDK
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2484631E-A7B3-4847-ACBB-4D881E6E9D5A}" = Dell ControlPoint Connection Manager
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java™ 7 Update 3
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH R5U241 / R5C847 Media Driver ver.2.04.01.00
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C086D06-187A-4050-ADD4-2F9D033651B4}" = Aan de slag met Dell
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{32A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java™ SE Development Kit 7 Update 3
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{4994A7CB-2BF4-4664-8FCE-DB66055ECEBC}" = Broadcom USH Host Components
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530942-9B89-4186-98B7-F51000000100}" = Project S
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4F2D3995-1EC5-3C05-B7E5-3449F802E6DE}" = Microsoft .NET Framework 4 Extended NLD Language Pack
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions ŕ distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AF4F4C5-C71C-418F-B0B1-3903A345BD71}" = Ambient Light Sensor
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67436268-FB14-4DFB-AE73-1B1EFA2B0213}" = Dell ControlPoint System Manager
"{6753BD39-312A-43D0-81FD-B983D776F0C7}" = Blogger For Word
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel® PRO Alerting Agent
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{865A8951-8D9A-46CB-84A2-3D67BA38B923}" = EASEUS Deleted File Recovery 2.1.1
"{86A8FD76-3268-4102-9674-7118881EC2C0}" = Wave Infrastructure Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{886F91D5-4B45-45DC-938E-6B0276C6B015}" = Solid Edge V20
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISER_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_ENTERPRISER_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}_ENTERPRISER_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2
"{99E39418-A6C1-4D2B-AF9F-9152C93F03A9}" = Dell Control Point
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE41AF3-FAD1-4A34-8976-747FDC19FE08}" = Software van Intel® PROSet/Wireless WiFi
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E4B37D6-D7F8-4067-B900-3F314C709916}" = Intel® PROSet/Wireless WiFi Software
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Nederlands
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1" = Genie Backup Assistant
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCC68887-6E07-4438-A035-7C22EFBDC15E}" = Intel® Network Connections 14.6.7.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DAC07FB2-2C63-44B2-8344-AB7542C936D2}" = DCP32MMWrapper
"{DB58A549-42CA-4081-986A-633479DE413F}" = SO32MMWrapper
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows-stuurprogrammapakket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows-stuurprogrammapakket - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"AC3File_is1" = AC3File 0.7b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"AVS Audio Editor_is1" = AVS Audio Editor version 6.1
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 5
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"BittorrentBar_NL Toolbar" = BittorrentBar_NL Toolbar
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = Configuration DivX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"F-Manager" = Fiesta Download Manager
"GFWL_{4D530942-9B89-4186-98B7-F51000000100}" = Project S
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"Inkscape" = Inkscape 0.45
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"ISPMonitor" = ISP Monitor
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Maple 15" = Maple 15
"Maple Toolbox" = Maple Toolbox
"MatlabR2008b" = MATLAB R2008b
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
"Mozilla Firefox 10.0.2 (x86 nl)" = Mozilla Firefox 10.0.2 (x86 nl)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"PCFriendly" = PCFriendly
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"PDFTools_is1" = PDFTools Version 1.3 (08/26/2007)
"Pet Racer" = Pet Racer
"PhotoScape" = PhotoScape
"Plants vs. Zombies" = Plants vs. Zombies
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel® Network Connections 14.6.7.0
"PunkBusterSvc" = PunkBuster Services
"Reimage Repair" = Reimage Repair
"Re-Volt" = Re-Volt patch 12.07
"Security Task Manager" = Security Task Manager 1.8d
"Shop for HP Supplies" = Shop for HP Supplies
"Signature995" = Signature995
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Speccy" = Speccy
"SystemRequirementsLab" = System Requirements Lab
"TuneUpMedia" = TuneUp Companion 1.9.0
"UsbBoost" = UsbBoost
"VLC media player" = VLC media player 1.0.3
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WhiteCap" = WhiteCap
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"XobniMain" = Xobni
"ZC2.10w" = Zelda Classic 2.10w
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2819909428-556207271-747428731-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BorderDemo" = BorderDemo
"CardLayoutDemo" = CardLayoutDemo
"Combo Box" = Combo Box
"DynamicTreeDemo" = DynamicTreeDemo
"FormattedTextFieldDemo" = FormattedTextFieldDemo
"GlassPaneDemo" = GlassPaneDemo
"Google Chrome" = Google Chrome
"GridLayoutDemo" = GridLayoutDemo
"LayeredPaneDemo2" = LayeredPaneDemo2
"ListDemo" = ListDemo
"ListDialogRunner" = ListDialogRunner
"Menu Layout Demo" = Menu Layout Demo
"MenuSelectionManagerDemo" = MenuSelectionManagerDemo
"PasswordDemo" = PasswordDemo
"Popup Menu Demo" = Popup Menu Demo
"Progress Bar" = Progress Bar
"RootLayeredPaneDemo" = RootLayeredPaneDemo
"ScrollDemo" = ScrollDemo
"Simple Table Selection Demo Application" = Simple Table Selection Demo Application
"SliderDemo" = SliderDemo
"SliderDemo2" = SliderDemo2
"SpinnerDemo" = SpinnerDemo
"SpinnerDemo4" = SpinnerDemo4
"SplitPaneDemo2" = SplitPaneDemo2
"Spotify" = Spotify
"TabbedPaneDemo" = TabbedPaneDemo
"TabComponentsDemo" = TabComponentsDemo
"TextFieldDemo" = TextFieldDemo
"TopLevelDemo" = TopLevelDemo
"TreeIconDemo" = TreeIconDemo

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/03/2012 07:29:16 | Computer Name = Durre | Source = Windows Search Service | ID = 3013
Description =

Error - 14/03/2012 07:29:16 | Computer Name = Durre | Source = Windows Search Service | ID = 3013
Description =

Error - 14/03/2012 08:02:20 | Computer Name = Durre | Source = Windows Search Service | ID = 3013
Description =

Error - 14/03/2012 08:02:36 | Computer Name = Durre | Source = Windows Search Service | ID = 3013
Description =

Error - 14/03/2012 08:02:36 | Computer Name = Durre | Source = Windows Search Service | ID = 3013
Description =

Error - 14/03/2012 08:26:34 | Computer Name = Durre | Source = Windows Search Service | ID = 3013
Description =

Error - 14/03/2012 08:26:34 | Computer Name = Durre | Source = Windows Search Service | ID = 3013
Description =

Error - 14/03/2012 08:26:37 | Computer Name = Durre | Source = Windows Search Service | ID = 3013
Description =

Error - 14/03/2012 14:25:39 | Computer Name = Durre | Source = MsiInstaller | ID = 1013
Description =

Error - 14/03/2012 15:21:29 | Computer Name = Durre | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

[ OSession Events ]
Error - 23/11/2009 21:07:20 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12120
seconds with 960 seconds of active time. This session ended with a crash.

Error - 17/08/2010 13:32:43 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 378
seconds with 360 seconds of active time. This session ended with a crash.

Error - 19/08/2010 10:55:01 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 21 seconds with 0 seconds of active time. This session ended with a crash.

Error - 30/12/2010 11:55:46 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/02/2011 06:21:40 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/02/2011 17:58:37 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7730
seconds with 3120 seconds of active time. This session ended with a crash.

Error - 12/05/2011 18:53:34 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25/07/2011 16:12:33 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/12/2011 08:48:42 | Computer Name = Durre | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 14/03/2012 07:11:43 | Computer Name = Durre | Source = Service Control Manager | ID = 7000
Description =

Error - 14/03/2012 07:16:52 | Computer Name = Durre | Source = DCOM | ID = 10005
Description =

Error - 14/03/2012 07:16:53 | Computer Name = Durre | Source = Service Control Manager | ID = 7009
Description =

Error - 14/03/2012 07:16:53 | Computer Name = Durre | Source = Service Control Manager | ID = 7000
Description =

Error - 14/03/2012 07:24:23 | Computer Name = Durre | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 14/03/2012 14:25:41 | Computer Name = Durre | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 14/03/2012 14:27:59 | Computer Name = Durre | Source = volmgr | ID = 262193
Description = Het configureren van het paginabestand voor de crashdump is mislukt.
Zorg ervoor dat er zich een paginabestand op de opstartpartitie bevindt en dat deze
groot
genoeg is om het gehele fysieke geheugen te bevatten.

Error - 14/03/2012 14:28:18 | Computer Name = Durre | Source = volmgr | ID = 262193
Description = Het configureren van het paginabestand voor de crashdump is mislukt.
Zorg ervoor dat er zich een paginabestand op de opstartpartitie bevindt en dat deze
groot
genoeg is om het gehele fysieke geheugen te bevatten.

Error - 14/03/2012 14:32:32 | Computer Name = Durre | Source = Service Control Manager | ID = 7026
Description =

Error - 14/03/2012 14:57:53 | Computer Name = Durre | Source = Service Control Manager | ID = 7034
Description =


< End of report >
  • 0

Advertisements


#17
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
First, we'll remove those questionable files, plus some chaff left from your P2P software. Also, I did see a couple things that just shouldn't be there.

This script is just moving things for the time being. We can go backward if necessary.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..extensions.enabledItems: {2d8d9acc-f6d7-4362-8876-a275ca929591}:3.2.5.2
    FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_NL Customized Web Search"
    IE - HKLM\..\URLSearchHook: {2d8d9acc-f6d7-4362-8876-a275ca929591} - No CLSID value found
    
    :Files
    C:\Users\Mattias\AppData\Roaming\uTorrent
    C:\Users\Mattias\AppData\Roaming\BitTorrent
    C:\Users\Mattias\AppData\Roaming\Azureus
    C:\Windows\System32\tmp.reg
    C:\Users\Mattias\AppData\Roaming\GetValue.vbs
    C:\Users\Mattias\AppData\Roaming\SetValue.bat
    C:\Users\Mattias\AppData\Roaming\3v
    C:\Windows\System32\%APPDATA%
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent\bittorrent.exe" =-
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{4BECDE68-8C39-4F7F-A2A0-76DE2203C8B1}C:\program files\bittorrent\bittorrent.exe" =-
    "TCP Query User{69651142-8797-4F17-9D11-61C4B8DF2FA1}C:\users\mattias\program files\dna\btdna.exe" =-
    "TCP Query User{6AD7C6BE-9936-4A23-9B22-C3A574BD7FAD}C:\program files\vuze\azureus.exe" =-
    "TCP Query User{7F156EF7-A5DD-46B0-818E-A1D9A91B3DEC}C:\program files\limewire\limewire.exe" =-
    "TCP Query User{90C14934-E511-4297-AD5C-3C473743EA72}C:\program files\limewire\limewire.exe" =-
    "TCP Query User{BEF42C09-0277-4433-97B2-EDE15D3E99E1}C:\users\mattias\downloads\installers\download\utorrent.exe" =-
    "TCP Query User{C00FDF2D-6094-41C0-A75D-97987D3F8178}C:\users\mattias\program files\dna\btdna.exe" =-
    "UDP Query User{49EDF545-3088-4AF6-8927-F39E2AC76014}C:\users\mattias\program files\dna\btdna.exe" =-
    "UDP Query User{536681B8-3E04-42D8-98EE-F94E6F7BCF5F}C:\users\mattias\program files\dna\btdna.exe" =-
    "UDP Query User{B4021CC5-DED4-4D1A-B29A-4A055C8297A3}C:\program files\limewire\limewire.exe" =-
    "UDP Query User{B51BC73D-DEF3-4855-AF14-B60AFF1A0C50}C:\program files\vuze\azureus.exe" =-
    "UDP Query User{C3728C00-A212-4672-831A-FB244A68A4F0}C:\program files\limewire\limewire.exe" =-
    "UDP Query User{FEF4B869-D87D-49A7-AEA4-651A2039E14E}C:\program files\bittorrent\bittorrent.exe" =-
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next, open Chrome and type chrome://plugins into the omnibar (address bar). You can select and disable the BitTorrent plugin there. If you would like to try an experiment with me, I can try to remove the plugin completely.

I have a couple of files I'm still investigating, so I'll get back to you on those.

Out of the initial problems of BSODs, multiple explorer.exe files (which are in normal locations, incidentally), and no desktop at startup, which issues are still outstanding?
  • 0

#18
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
In addition to the last post's instructions, would you also zip up these two files, and attach them in a response? They're the ones I've been researching, and I've found out what they should be, but I can't account for them not having a file name other than the extension. I'd like to take a peek at them to confirm what I think they are.

The file names are:
C:\Windows\System32\.rsp
C:\Windows\System32\.lck

  • 0

#19
Durre

Durre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
The OTL scan is running and I'll reply to the rest soon (I'm a tad busy at the moment), but I thought I might already send you the zip files.

Attached Files


  • 0

#20
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
As I expected, the two files .lck and .rsp are both innocuous and are related to Soluto. You may delete them both if you wish, after Soluto is uninstalled.

Take your time. I only have an hour left in my work-day, so I'll be unavailable after that anyway. I'll be back in the (my) morning however. I did want to get back to you on those files though. :)
  • 0

#21
Durre

Durre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Okay, the files should be (re)moved according to the log produced by OTL after the fix.

The plugin should be disabled, but I'd like to take on your experiment to completely remove it if you'd want to.

I have only had one BSOD since the start of the topic and that must have been the same day or the day after. I haven't encountered the multiple explorer.exe files anymore. What mainly worries me now is the irregular start-up time, ranging up to 7 minutes (today's record, probably because some programs are loaded now which aren't necessary for the start-up after deinstalling soluto). The desktop is most of the time loaded quite instantly, except for the really long start-up times.

OTL LOG


OTL logfile created on: 14/03/2012 23:16:58 - Run 3
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Mattias\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,49 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 70,62% Memory free
6,37 Gb Paging File | 5,43 Gb Available in Paging File | 85,14% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230,67 Gb Total Space | 89,30 Gb Free Space | 38,71% Space Free | Partition Type: NTFS
Drive D: | 2,00 Gb Total Space | 0,79 Gb Free Space | 39,34% Space Free | Partition Type: NTFS

Computer Name: DURRE | User Name: Mattias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/13 11:29:03 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Mattias\Desktop\OTL.exe
PRC - [2012/03/13 10:55:25 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/13 10:55:20 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/01/31 14:31:58 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/12/18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011/11/03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 15:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/04 16:48:12 | 000,488,816 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/08/12 00:35:12 | 000,056,040 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2010/05/06 01:58:02 | 001,657,448 | ---- | M] () -- C:\Windows\System32\nwiz.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 11:08:00 | 000,077,824 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/04 20:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/26 10:14:26 | 000,189,056 | ---- | M] (Genie-soft) -- C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe
PRC - [2008/06/09 22:06:30 | 000,036,864 | ---- | M] (How2 Studios) -- C:\Program Files\ISP Monitor\ISPMonitorSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/13 10:55:20 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/03/21 22:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 22:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/06/29 09:31:12 | 000,652,800 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2009/08/16 16:06:04 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/12/22 13:13:54 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2008/04/06 08:52:48 | 000,196,608 | ---- | M] () -- C:\Program Files\Genie-Soft\GBALite8LaCie\gs_encryption.dll
MOD - [2008/04/06 08:45:48 | 000,196,608 | ---- | M] () -- C:\Program Files\Genie-Soft\GBALite8LaCie\GSLogging.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/13 10:55:25 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/11/03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/12 00:35:12 | 000,056,040 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2010/07/19 16:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/07/19 16:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/04/05 07:56:02 | 000,229,458 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\stacsv.exe -- (STacSV)
SRV - [2010/04/05 07:54:56 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c3f58890\AEstSrv.exe -- (AESTFilters)
SRV - [2009/04/22 09:05:34 | 001,703,936 | ---- | M] (Wave Systems Corp.) [Disabled | Stopped] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/04/10 11:08:00 | 000,077,824 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009/04/09 12:58:16 | 000,447,264 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/02/11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/22 09:19:20 | 000,808,296 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2009/01/22 09:19:20 | 000,020,840 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2008/12/29 10:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/12/12 08:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [Disabled | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/12 12:25:48 | 001,273,856 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/06/09 22:06:30 | 000,036,864 | ---- | M] (How2 Studios) [Auto | Running] -- C:\Program Files\ISP Monitor\ISPMonitorSrv.exe -- (ISPMonitorSrv)
SRV - [2008/06/03 14:16:30 | 000,382,232 | ---- | M] (Dell Inc.) [Disabled | Stopped] -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe -- (alssvc)
SRV - [2008/01/21 03:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/19 04:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NvtSp50)
DRV - File not found [File_System | Boot | Stopped] -- -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012/03/05 13:25:56 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2012/03/05 12:53:32 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/03 15:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/29 22:14:53 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/05/07 17:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2011/03/23 15:05:24 | 000,223,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel®
DRV - [2011/01/05 19:42:14 | 000,284,792 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/11/19 10:44:48 | 009,936,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/07/14 03:34:16 | 006,680,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32) ___ Intel®
DRV - [2010/04/05 07:56:08 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/09/25 20:19:35 | 000,023,680 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH.SYS -- (FNETTBOH)
DRV - [2009/09/25 20:19:35 | 000,007,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/04/22 13:16:00 | 000,205,624 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/04/16 03:58:22 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/04/11 05:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2009/04/03 13:25:52 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/04/03 13:25:50 | 000,045,056 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/04/03 13:25:42 | 000,038,400 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/04/03 13:25:40 | 000,048,640 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/04/03 13:25:40 | 000,045,056 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/03/08 16:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 06:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/09/25 06:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/09/16 10:41:20 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\heci.sys -- (HECI) Intel®
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/01/21 03:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Stuurprogramma voor Intel®
DRV - [2007/04/19 04:28:12 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2007/04/04 08:53:32 | 000,039,424 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DUBE100B.sys -- (DUBE100B)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{15098183-B1D3-40BA-BE3F-92508E338118}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2849859

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{15098183-B1D3-40BA-BE3F-92508E338118}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...CC-863238CDD529
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-03-07 13:33:11&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2849859
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {D2A6A719-7CBC-4594-85FD-C36AD881424F}:4.5.22
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Mattias\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mattias\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mattias\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/22 20:45:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 22:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/03/06 00:27:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/09 21:02:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/13 10:55:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/05 22:43:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/14 01:28:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/22 20:45:48 | 000,000,000 | ---D | M]

[2009/09/21 10:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mattias\AppData\Roaming\mozilla\Extensions
[2009/09/21 10:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mattias\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/03/06 03:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions
[2010/05/03 18:21:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/05 23:33:27 | 000,000,000 | ---D | M] (BittorrentBar_NL Community Toolbar) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}
[2012/03/05 22:45:04 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/03/14 01:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mattias\AppData\Roaming\mozilla\Firefox\Profiles\e6lw46f2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/10/05 17:48:49 | 000,002,392 | ---- | M] () -- C:\Users\Mattias\AppData\Roaming\Mozilla\Firefox\Profiles\e6lw46f2.default\searchplugins\askcom.xml
[2011/01/04 19:28:24 | 000,000,935 | ---- | M] () -- C:\Users\Mattias\AppData\Roaming\Mozilla\Firefox\Profiles\e6lw46f2.default\searchplugins\conduit.xml
[2012/03/07 01:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/06 00:27:33 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MATTIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E6LW46F2.DEFAULT\EXTENSIONS\{582195F5-92E7-40A0-A127-DB71295901D7}.XPI
() (No name found) -- C:\USERS\MATTIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E6LW46F2.DEFAULT\EXTENSIONS\[email protected]
[2012/02/16 16:12:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2008/01/08 01:45:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2012/03/13 10:55:18 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 11:53:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 11:58:11 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/02/16 11:58:11 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/02/16 11:58:11 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mattias\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - Extension: YouTube = C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Zoeken = C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AVG Safe Search = C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\Mattias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/08 00:37:57 | 000,440,678 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15173 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F6BD6330-76F8-44D9-B775-87614E2D8374} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe (Genie-soft)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [GBMLite8AgentLaCie] C:\Program Files\Genie-Soft\GBALite8LaCie\GBMAgent.exe (Genie-soft)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - Reg Error: Value error. File not found
O8 - Extra context menu item: &Download with FlashGet - Reg Error: Value error. File not found
O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Instellingen voor Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.58.126.3 134.58.127.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B533727C-CE2D-425B-A8FC-42DD86D75ED3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC7BD8BB-6558-46B4-948E-5D82E620B611}: DhcpNameServer = 134.58.126.3 134.58.127.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Mattias\Pictures\Q.O.P\Scrabble love.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mattias\Pictures\Q.O.P\Scrabble love.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/14 23:09:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/14 01:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/03/14 01:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/13 11:29:01 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Mattias\Desktop\OTL.exe
[2012/03/08 13:53:20 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\NOK
[2012/03/08 13:53:14 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\OK
[2012/03/08 12:43:46 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\Logs
[2012/03/08 02:30:41 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\RootkitBuster_2.80.1077
[2012/03/08 00:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/08 00:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/08 00:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/03/07 15:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/03/07 15:38:38 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\SystemRequirementsLab
[2012/03/07 14:01:44 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\Uniblue Power Suite 2011
[2012/03/07 13:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RadarSync
[2012/03/07 13:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/03/07 13:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/03/07 13:33:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/03/07 12:52:05 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/07 12:43:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/07 03:25:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/07 01:22:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Desktop\SmitfraudFix
[2012/03/06 23:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012/03/06 23:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2012/03/06 23:13:35 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/03/06 13:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/03/06 13:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012/03/06 13:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012/03/06 12:09:20 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/03/06 04:31:49 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/06 04:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/06 04:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/06 04:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/06 04:20:48 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\f-secure
[2012/03/06 04:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012/03/06 03:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/06 03:33:49 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/06 03:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/06 00:28:04 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\AVG2012
[2012/03/06 00:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/03/06 00:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/03/06 00:25:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/03/06 00:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/03/06 00:12:28 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{9AA674DA-C66B-4514-9C14-FBBAF77AD15E}
[2012/03/06 00:12:15 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{57B55C14-9623-4595-814D-230F64AB6B89}
[2012/03/05 23:53:28 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Documents\ForceField Shared Files
[2012/03/05 23:53:26 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\CheckPoint
[2012/03/05 23:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/03/05 22:58:48 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/03/05 20:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/03/05 20:41:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/03/05 20:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/03/05 15:11:00 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\.minecraft
[2012/03/05 13:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/03/05 13:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/03/05 13:30:27 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/03/05 13:25:56 | 000,046,592 | ---- | C] (REDC) -- C:\Windows\System32\drivers\risdptsk.sys
[2012/03/05 12:53:32 | 000,046,592 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2012/03/05 12:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/03/05 12:00:30 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{84349503-FA63-4DDF-921D-ED7B7C06AB6C}
[2012/03/05 12:00:07 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{4D0AE794-E9AC-4E38-A684-B6B8319B4160}
[2012/03/04 14:53:47 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\Uniblue
[2012/03/04 14:53:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/03/04 14:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/03/04 14:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/03/04 14:51:33 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\PackageAware
[2012/03/04 10:01:09 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{A3D233B2-FBD0-4A3A-9DAA-75648BE10FD4}
[2012/03/04 10:00:51 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{259405A5-6200-4BED-A31A-C210E20B6D7C}
[2012/03/03 12:44:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{29B82725-11E5-445D-B393-8BFC115EA6BE}
[2012/03/03 12:43:55 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{DC9A96F1-2719-46D8-986F-E8DB552DAEF9}
[2012/03/02 17:14:49 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{76E158CE-4CAF-4D8D-A405-C9CC4685E3D1}
[2012/03/02 17:14:35 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2608C4D7-2F80-40FC-934D-1A3519A08637}
[2012/03/02 15:25:42 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{3B391CC6-19F2-4977-9E4E-C1B2BF3B1242}
[2012/03/01 19:30:47 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{4448BE9E-0111-4C1D-BA47-27F90C7B6DA8}
[2012/03/01 19:30:24 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{EFC818F4-12B0-48EB-B9B0-A93B506DB65C}
[2012/03/01 14:07:10 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{7DF2E479-5B6E-4E63-B471-4088D5FD9F0A}
[2012/02/29 23:47:10 | 000,000,000 | ---D | C] -- C:\Users\Mattias\Documents\MCEdit-schematics
[2012/02/29 23:47:09 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\pymclevel
[2012/02/29 23:46:51 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MCEdit
[2012/02/29 23:46:35 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\MCEdit
[2012/02/29 14:41:51 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{6D620C16-74A3-4F78-A275-3F832DEEFA91}
[2012/02/29 14:41:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{9A804AAD-76F0-4C63-8377-DECD77180B1E}
[2012/02/29 14:34:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{417E04D2-4135-48AC-8BDE-348CFC64E8F0}
[2012/02/28 21:34:14 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{F2E17226-C45A-45DE-B663-39820A61DA75}
[2012/02/28 12:27:00 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{219B2868-4912-4AC9-8C91-54F8F4A67C7D}
[2012/02/27 12:43:19 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2CC2DDC7-4C37-47E9-9D70-79F52578CFF8}
[2012/02/26 10:31:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{AD9A7B41-50DF-4C30-883C-9A83DE462183}
[2012/02/26 10:30:54 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2163BAC3-5AAD-4ABD-A0A0-6A12EFA2893C}
[2012/02/25 14:40:57 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{8F100642-8A28-4133-8847-B915756660DF}
[2012/02/25 14:40:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{09C79F6E-D106-4B5F-B964-A0F30114B3FD}
[2012/02/25 11:51:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{51E57A87-1594-4F15-9FD4-31E96C793FA3}
[2012/02/25 11:50:57 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{ADFC392E-FE18-48F7-A7D5-9A0BFCDFA69B}
[2012/02/24 21:38:07 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{875657E5-57E6-45DA-AB67-26AAB4136A2B}
[2012/02/24 21:37:55 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{44F15145-04CE-4B34-AE5C-AFA1032B1F70}
[2012/02/24 18:17:53 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{B761084C-C17A-4846-BEFE-DED46E21D005}
[2012/02/24 13:20:49 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{1E423208-FE10-4BB9-8A3E-89290CDF2C72}
[2012/02/24 12:27:42 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{BAA9D580-2D1A-4CC1-A7CA-944696F5C1B4}
[2012/02/23 13:17:08 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{495D38E6-8003-40E1-8158-89B8C75226D8}
[2012/02/23 13:16:58 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{90DBE53F-0F19-46AB-99CA-AA0D4A5439B6}
[2012/02/23 12:05:28 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{BEB7DE08-D57D-454E-8C47-B638071E8914}
[2012/02/22 16:40:31 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2EBC9284-E0FF-4928-99C5-672DEDC0CEE9}
[2012/02/22 12:15:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{935E2295-FB5B-4044-A8ED-7B46D595A46C}
[2012/02/21 22:39:50 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{30DD94D1-72C2-45CC-9119-1F1A6A79E707}
[2012/02/21 16:31:08 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{F6A6F7D6-0A2A-4072-81F2-B3F5B04E898E}
[2012/02/21 07:45:27 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{ADFB157B-B5D0-4F2D-BD23-857F0FB6D4B5}
[2012/02/21 07:36:32 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{771D5FF4-3027-4896-99CD-3EA69988D629}
[2012/02/20 19:09:52 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{36C5B681-7EE0-4B8F-B03C-1385F6FAD143}
[2012/02/20 11:29:07 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{EA4B0C15-950B-4262-8B7E-A364CB37A072}
[2012/02/19 10:17:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{1313607D-608D-4350-9C73-9E4B29561E98}
[2012/02/19 10:17:02 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{023BE0FA-D99E-4C2D-9A44-3C5920655B97}
[2012/02/18 22:38:01 | 000,000,000 | ---D | C] -- C:\Users\Mattias\.swt
[2012/02/18 11:36:29 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{DBA25761-8847-4DB9-89BA-95D74C6F546B}
[2012/02/18 11:36:09 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{33A7DBC8-853B-4205-953C-E822132DA7E5}
[2012/02/17 20:35:02 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{C1FE67A1-161E-41D9-AC15-4399666E0198}
[2012/02/17 15:35:12 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{D3AA29D1-311E-4990-BB1D-25D9A07DFB28}
[2012/02/17 09:51:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{18AD1CE6-DD4D-4F53-B073-B8EB2FB1F04D}
[2012/02/16 17:09:36 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{FF97EE7A-9514-494B-915A-FFF7B2337DAF}
[2012/02/16 17:09:22 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{6324BDD3-5746-422F-9B85-A25087C8DAB4}
[2012/02/16 09:54:17 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{C6EEED01-AFCB-4CBE-82CC-3960666A2BAF}
[2012/02/15 10:39:55 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{0EB52F94-4995-4C23-81A3-A048E03A9491}
[2012/02/15 10:04:34 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{AA70B19D-74B3-477A-A3FF-11C0B295E30C}
[2012/02/15 10:04:09 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{D7943DE8-21B9-46E6-9FCE-2B735FE089CF}
[2012/02/15 09:56:48 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{DE03CB09-06D2-4BDC-B6B2-76014FCA696A}
[2012/02/15 09:39:50 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{695A94BA-F83D-4C76-BC58-BB560E4513B9}
[2012/02/15 09:21:45 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{47E8E653-8B5D-4209-B5F9-C9225BCCAA66}
[2012/02/14 23:32:28 | 000,000,000 | ---D | C] -- C:\Users\Mattias\AppData\Local\{2120352B-53B7-40C4-93F9-5A018724DFE5}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/14 23:26:50 | 000,001,330 | ---- | M] () -- C:\Users\Mattias\Desktop\System32Files.zip
[2012/03/14 23:23:38 | 091,835,608 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/14 23:16:20 | 000,032,069 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/03/14 23:15:27 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/14 23:14:57 | 000,032,069 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/03/14 23:14:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 23:14:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 23:13:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/14 23:12:53 | 3745,411,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/14 23:11:28 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/14 23:02:01 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000UA.job
[2012/03/14 23:02:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000Core.job
[2012/03/14 22:37:01 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/14 20:12:17 | 000,718,982 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2012/03/14 20:12:17 | 000,632,152 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/14 20:12:17 | 000,149,064 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2012/03/14 20:12:17 | 000,118,778 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/14 19:31:09 | 000,439,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/14 18:50:01 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0E026961-7E77-443B-A740-1A5D423ED0D8}.job
[2012/03/14 18:15:55 | 000,001,578 | ---- | M] () -- C:\Users\Mattias\Desktop\RequestedFiles.zip
[2012/03/14 16:55:55 | 000,239,666 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/14 16:51:30 | 000,002,946 | ---- | M] () -- C:\Users\Mattias\Documents\mcedit.ini
[2012/03/14 12:46:46 | 000,000,075 | ---- | M] () -- C:\Users\Mattias\Desktop\Minecraft.bat
[2012/03/13 11:29:03 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Mattias\Desktop\OTL.exe
[2012/03/13 03:58:20 | 000,622,429 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/03/13 03:03:13 | 000,002,022 | ---- | M] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/13 03:03:12 | 000,002,060 | ---- | M] () -- C:\Users\Mattias\Desktop\Google Chrome.lnk
[2012/03/08 02:19:19 | 001,008,141 | ---- | M] () -- C:\Users\Mattias\Desktop\rkill.exe
[2012/03/08 00:37:57 | 000,440,678 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/08 00:16:48 | 000,001,063 | ---- | M] () -- C:\Users\Mattias\Desktop\Spybot - Search & Destroy.lnk
[2012/03/08 00:08:53 | 000,002,521 | ---- | M] () -- C:\Users\Mattias\Desktop\HiJackThis.lnk
[2012/03/07 17:07:29 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/03/07 17:05:32 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Essential 3.0.lnk
[2012/03/07 16:24:33 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/03/07 16:04:21 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/03/07 14:58:14 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\PowerSuite.lnk
[2012/03/07 12:58:46 | 463,905,923 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/07 04:47:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120308-003757.backup
[2012/03/06 23:36:40 | 000,415,859 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/03/06 15:53:34 | 001,872,472 | ---- | M] () -- C:\Users\Mattias\Desktop\SmitfraudFix.exe
[2012/03/06 04:28:13 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/06 03:33:52 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 01:54:48 | 000,001,356 | ---- | M] () -- C:\Users\Mattias\AppData\Local\d3d9caps.dat
[2012/03/06 00:27:34 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/03/05 22:43:58 | 000,000,878 | ---- | M] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/05 22:43:58 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/05 19:09:17 | 000,002,716 | ---- | M] () -- C:\Windows\System32\.rsp
[2012/03/05 19:09:17 | 000,001,479 | ---- | M] () -- C:\Windows\System32\.lck
[2012/03/05 14:05:46 | 000,004,358 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012/03/05 13:30:27 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/03/05 13:25:56 | 000,046,592 | ---- | M] (REDC) -- C:\Windows\System32\drivers\risdptsk.sys
[2012/03/05 12:53:32 | 000,046,592 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys
[2012/03/04 14:53:39 | 000,001,583 | ---- | M] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2012/02/26 14:39:06 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/02/26 14:39:06 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/02/17 15:41:15 | 000,000,134 | ---- | M] () -- C:\Users\Mattias\Desktop\Netwerkcentrum - Snelkoppeling.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/14 23:26:50 | 000,001,330 | ---- | C] () -- C:\Users\Mattias\Desktop\System32Files.zip
[2012/03/14 23:23:38 | 091,835,608 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/14 18:15:55 | 000,001,578 | ---- | C] () -- C:\Users\Mattias\Desktop\RequestedFiles.zip
[2012/03/14 16:55:54 | 000,239,666 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/14 12:46:46 | 000,000,075 | ---- | C] () -- C:\Users\Mattias\Desktop\Minecraft.bat
[2012/03/13 03:58:20 | 000,622,429 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/03/08 02:19:15 | 001,008,141 | ---- | C] () -- C:\Users\Mattias\Desktop\rkill.exe
[2012/03/08 00:16:48 | 000,001,063 | ---- | C] () -- C:\Users\Mattias\Desktop\Spybot - Search & Destroy.lnk
[2012/03/07 16:04:21 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2012/03/07 14:58:14 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\PowerSuite.lnk
[2012/03/07 03:13:58 | 000,000,428 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{0E026961-7E77-443B-A740-1A5D423ED0D8}.job
[2012/03/07 01:44:11 | 3745,411,072 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/06 23:30:42 | 000,415,859 | ---- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/03/06 23:13:35 | 000,002,521 | ---- | C] () -- C:\Users\Mattias\Desktop\HiJackThis.lnk
[2012/03/06 15:53:21 | 001,872,472 | ---- | C] () -- C:\Users\Mattias\Desktop\SmitfraudFix.exe
[2012/03/06 04:28:13 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/06 03:33:52 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 00:27:34 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/03/05 22:58:50 | 000,002,060 | ---- | C] () -- C:\Users\Mattias\Desktop\Google Chrome.lnk
[2012/03/05 22:58:50 | 000,002,022 | ---- | C] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/05 22:57:56 | 000,001,074 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000UA.job
[2012/03/05 22:57:54 | 000,001,022 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2819909428-556207271-747428731-1000Core.job
[2012/03/05 22:43:58 | 000,000,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/05 21:14:21 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/05 15:08:51 | 000,270,142 | ---- | C] () -- C:\Users\Mattias\Desktop\Minecraft.exe
[2012/03/05 13:30:23 | 000,004,358 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/03/04 14:53:39 | 000,001,583 | ---- | C] () -- C:\Users\Mattias\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2012/02/29 23:46:51 | 000,002,946 | ---- | C] () -- C:\Users\Mattias\Documents\mcedit.ini
[2012/02/17 15:41:15 | 000,000,134 | ---- | C] () -- C:\Users\Mattias\Desktop\Netwerkcentrum - Snelkoppeling.lnk
[2012/01/25 16:23:42 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll
[2012/01/25 16:23:42 | 000,031,744 | ---- | C] () -- C:\Windows\System32\maplec.dll
[2012/01/25 16:23:42 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll
[2011/12/25 23:28:51 | 000,000,000 | ---- | C] () -- C:\Windows\PCFriend.INI
[2011/10/06 21:23:41 | 000,032,069 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/10/06 21:23:21 | 000,032,069 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/10/06 21:21:58 | 001,657,448 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2011/10/06 21:21:58 | 001,612,392 | ---- | C] () -- C:\Windows\System32\nView.dll
[2011/10/06 21:21:58 | 001,108,584 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2011/10/06 21:21:58 | 000,449,128 | ---- | C] () -- C:\Windows\System32\nvAppBar.exe
[2011/10/06 21:21:58 | 000,267,368 | ---- | C] () -- C:\Windows\System32\nvTaskbar.exe
[2011/10/06 21:21:58 | 000,262,248 | ---- | C] () -- C:\Windows\System32\nViewSetup.exe
[2011/10/06 21:21:57 | 001,731,176 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2011/10/06 21:21:57 | 000,473,704 | ---- | C] () -- C:\Windows\System32\nvShell.dll
[2011/10/06 20:24:48 | 000,000,000 | ---- | C] () -- C:\Users\Mattias\AppData\Local\{C44EA8F1-26C3-4500-A660-B86F610B5AA2}
[2011/10/06 18:37:26 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2011/10/03 10:43:33 | 000,000,000 | ---- | C] () -- C:\Users\Mattias\AppData\Local\{215171B1-D18C-4DFF-813C-5A92EF77FF63}
[2011/09/29 19:00:24 | 000,000,022 | -HS- | C] () -- C:\Users\Mattias\AppData\Roaming\Sys2662.Config.Repository.bin
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/06/30 15:57:18 | 000,177,597 | ---- | C] () -- C:\Windows\hpoins28.dat
[2011/05/27 22:55:53 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/05/02 13:38:27 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/04/26 12:33:42 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/26 12:33:42 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/11/15 20:27:45 | 000,054,694 | ---- | C] () -- C:\Windows\System32\pthreadGC.dll
[2010/10/27 23:46:02 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/10/27 22:47:13 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/06/23 20:03:00 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat

========== LOP Check ==========

[2012/03/05 15:16:14 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\.minecraft
[2011/04/24 20:21:51 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\.Nitrous
[2011/07/25 10:37:00 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\acccore
[2011/05/28 09:41:57 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Audacity
[2012/03/06 00:28:04 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\AVG2012
[2009/08/31 15:24:40 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Broadcom
[2012/03/05 23:53:26 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\CheckPoint
[2010/10/10 18:23:52 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\DNA
[2009/09/29 17:40:30 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\DriverCure
[2012/03/06 04:20:48 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\f-secure
[2009/09/05 09:47:06 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\FlashGet
[2009/09/25 20:21:51 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Genie-Soft
[2011/08/11 10:06:15 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\GetRightToGo
[2010/02/01 18:42:18 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\gtk-2.0
[2010/01/29 18:59:43 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Inkscape
[2010/10/17 20:31:22 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\ISP Monitor
[2009/11/10 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\iTelevision
[2012/01/25 17:03:55 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Maple
[2011/04/24 10:47:35 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Minecraft Backup Tool
[2011/11/19 18:22:57 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\pdf995
[2012/02/29 23:47:09 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\pymclevel
[2011/03/02 21:07:56 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Raptr
[2009/09/29 18:06:37 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\SoundSpectrum
[2012/02/15 10:40:39 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Spotify
[2012/03/07 15:38:47 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\SystemRequirementsLab
[2011/07/25 08:57:31 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Trillian
[2010/12/23 17:26:39 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\TuneUpMedia
[2012/03/07 14:58:35 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Uniblue
[2010/02/12 23:30:44 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Unigraphics Solutions
[2011/08/09 15:03:09 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Unity
[2009/08/31 15:25:03 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Wave Systems Corp
[2010/11/23 23:38:26 | 000,000,000 | ---D | M] -- C:\Users\Mattias\AppData\Roaming\Windows Live Writer
[2012/03/14 23:11:29 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/14 18:50:01 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0E026961-7E77-443B-A740-1A5D423ED0D8}.job

========== Purity Check ==========



< End of report >

Edited by Durre, 14 March 2012 - 04:49 PM.

  • 0

#22
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
You do have quite a bit of software loading on start up, so I don't think I'm too surprised at the long load times. If you want, we can try to tackle that problem as well.

I don't believe you are further infected, but please run aswMBR per my initial post, and report back with that log.

As for the experiment (plus a couple bits I missed earlier), please close Chrome if you have it running, then run OTL again:
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Mattias\Program Files\DNA\plugins\npbtdna.dll File not found
    
    :Files
    C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, and post back with the log it produces.

After OTL runs, open up Chrome, and type chrome://plugins into the omnibar, and press enter. Hopefully you won't find the BitTorrent plugin in the list anymore. If this is the case, our experiment worked. :)
  • 0

#23
Durre

Durre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Okay, I'll carry out your advice and post back later with the logs. I just wanted to say that I removed both nameless files
and that I really appreciate all of your advice and follow-up. It's an interesting process to go through for me and I'm glad I've got your support.

Have a nice evening!

Edited by Durre, 14 March 2012 - 05:21 PM.

  • 0

#24
Durre

Durre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Scans and fixes

AswMBR.exe ran a scan and saved a short log to my desktop, which can be found at the end of this post. It also left an MBR.dat file on m
y dektop, which I suppose is related to the downloaded definitions from Avast?

As for the experiment, mission accomplished! No sign of the toolbar after running OTL and it doesn't come back after reboot. I have copy pasted the log after the aswMBR log.


Boot and CPU usage

On a side note, when I got my laptop its boot time was around 1 minute to 2 minutes, then it gradually elongated by adding software and wrong, dangerous usage (like the use of P2P programs) too I think. McAfee was my protection for several years, together with Ad-Aware. In overall McAfee found an infection twice as far as I recall (of which one was a Trojan) and Ad-Aware mostly found cookies (maybe some spyware too, but it's been too long). I remember having trouble with booting the laptop twice when both McAfee and Ad-Aware didn't seem to find anything. Similarly to the situation right before I posted this topic.

Back then, when I was finally able to get a boot off with network connection, I went searching on the web and decided to do a System Restore. It worked the first time around in a sense that the machine booted and went back to rather normal behaviour (but I might just have reinstored the infection if any). Around this time a normal boot took 4 to 5 and a half minutes. The second time System Restore wouldn't load, so I tried some other boot options using F8 when booting. Then all of a sudden the normal booting behaviour came back. In between both booting problems (seperated by about a few months to maximum a year, it's been a while now), I installed Soluto and the boot went down to 2 and a half to 4 minutes.

Then BSOD's started to appear rarely which also gave me booting problems sometimes, but a fresh reboot almost always did the trick. The past month, they suddenly started to appear more frequently, especially when viewing flash content. So having booting problems once more, I went to search for another solution than System Restore as I was suspicious it might just put an infection back (which some online threads confirmed, others didn't). That's how I decided to get rid of McAfee and later on Ad-Aware and install new programs as a first step of taking care of this problem. Now at this time, I had been configurng the programs at boot with msconfig and services.msc too, which resulted in a boot of 1 and a half minutes to 3 minutes.

This to illustrate that before posting this topic the boot time (the performance had its ups and downs though with the CPU acting irregularly) was rather good. So I'm a bit confused as to what makes the current boot taking rather long. Although, it might be the case that the recent changes made to the laptop (running scans, fixes and an automatic Windows Update) have elongated it temporarily. So it might just settle down like it has done before.

Then I'm left with one more issue which keeps playing up recently. Right before posting this topic my laptop's performance had been really good for a couple of days. Maybe because I had used services.msc and msconfig together with online information to determine which processes could be removed from start-up (and from running in the background or even from my laptop). CPU usage was between 0 and 5% when I just left the laptop. About 81 to 87 processes were running at that time. Nowadays (at this very moment too), CPU usage is between 20 to 70% when I use and leave the laptop. The amount of processes varies from 95 to 105 (because start-up options have been reset after using Soluto). The extra amount of processes isn't really an issue, they use up to 3% maximum most of the time. It's just one application which has been using a lot of CPU for almost a week, named SearchIndexer.exe. SearchFilterHost.exe and SearchProtocolHost.exe also use a bit of CPU. Do you think it might be related to some issue I had before?


ASWMBR LOG

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-15 00:24:18
-----------------------------
00:24:18.461 OS Version: Windows 6.0.6002 Service Pack 2
00:24:18.461 Number of processors: 2 586 0x170A
00:24:18.462 ComputerName: DURRE UserName:
00:24:23.471 Initialize success
00:25:53.074 AVAST engine defs: 12031401
00:26:49.989 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:26:49.992 Disk 0 Vendor: ST925032 DE06 Size: 238475MB BusType: 8
00:26:49.996 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007b
00:26:49.998 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
00:26:50.033 Disk 0 MBR read successfully
00:26:50.036 Disk 0 MBR scan
00:26:50.047 Disk 0 Windows VISTA default MBR code
00:26:50.052 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 219 MB offset 63
00:26:50.076 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 450560
00:26:50.098 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 236206 MB offset 4644864
00:26:50.112 Disk 0 scanning sectors +488394752
00:26:50.372 Disk 0 scanning C:\Windows\system32\drivers
00:27:14.712 Service scanning
00:28:05.265 Modules scanning
00:28:14.037 Disk 0 trace - called modules:
00:28:14.057 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
00:28:14.058 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8741eac8]
00:28:14.058 3 CLASSPNP.SYS[8c7b78b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86963028]
00:28:18.299 AVAST engine scan C:\Windows
00:28:24.905 AVAST engine scan C:\Windows\system32
00:37:20.796 AVAST engine scan C:\Windows\system32\drivers
00:38:06.802 AVAST engine scan C:\Users\Mattias
01:58:14.696 AVAST engine scan C:\ProgramData
02:14:39.421 Scan finished successfully
02:22:36.992 Disk 0 MBR has been saved successfully to "C:\Users\Mattias\Desktop\MBR.dat"
02:22:36.998 The log file has been saved successfully to "C:\Users\Mattias\Desktop\aswMBR.txt"


OTL FIX LOG

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA\ deleted successfully.
C:\Program Files\DNA\plugins\npbtdna.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA\ deleted successfully.
========== FILES ==========
C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll moved successfully.

OTL by OldTimer - Version 3.2.36.3 log created on 03152012_022519

Edited by Durre, 15 March 2012 - 05:22 AM.

  • 0

#25
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
The MBR.dat file is actually a copy of your master boot record. I have no reason to believe there's an issue with it, as your aswMBR log looks fine, but if you like you can upload it to Virustotal and check it for infection.

Your boot times from power-on to desktop do seem somewhat excessive to me. Still, disabling services and working with msconfig isn't exactly the best way to fix that, in my opinion. It does work however, at least from the perspective of faster boot times. Keep in mind that it's pretty easy to disable a service and have your boot times increase, such as in the case of storage enhancement services like Intel's RST service.

If you haven't already, please run a full scan with AVG, which will likely take a while. If it comes back clean, I think we're in good shape as far as infection is concerned. The next step then is to find out exactly why your boot times are so high. Let me know how AVG comes out, and we'll go from there. :)
  • 0

Advertisements


#26
Durre

Durre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
I uploaded the file to Virustotal and it says detection ratio 0/43 and all results are empty.

About disabling certain processes: I've only disabled processes in the past when I was sure about what exactly the process was doing. Therefor I used online libraries which contain information about a variety of processes and files and compared them to each other. Often they contained references to the company or origin of the process, so I then looked that up. When that was done and the unnecessity (like not related to a system task) of the task was sure to me, I removed it from boot. When it comes to Soluto, the program gives information and statistics on processes and automatically puts system and most known antivirus processes aside, so you can't delete those from boot. Some processes I knew what they did just by seeing their name, so I could easily remove them from boot, others I researched a bit and left them in if I was unsure. There has been one process in overall which I recall not being fully sure about, yet I removed it from boot because of high CPU usage. That was ISPMonitorSrv.exe. I couldn't find enough additional info on it, but at the same time that seemed to mean it was not vital. Removing it from boot took my CPU usage down and that was all I noticed. That sums up how I've dealt with trying to organise my boot in the past. Is that more or less acceptable? Do you have any suggestions? Right now I haven't adjusted anything.

The AVG scan is done, no rootkits or other infections have been found. So zero threats were detected, although it gave me a warning about an installar for Comodo I had on my pc. It said the certificate had been damaged. The installer has been deleted from my laptop as I do not need it. It was a backup for when my other scanning programs would fail.

P.S. I noticed for the second time that AVG's Identity protection unit wasn't enabled, however it was before. I can just enable it again, but I don't have a clue why it randomly disables it.

Edited by Durre, 15 March 2012 - 03:26 PM.

  • 0

#27
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
I expected the Virustotal results to come back clean. Still, it never hurts to check. :)

ISPMonitorSrv.exe appears to be part of ISP Monitor. It's used to monitor your online usage, for instance in cases where you pay per Gb rather than a per-month flat rate. It's legitimate, and may be of use to you depending on your ISP.

It sounds as if you are researching things sufficiently, so yes, that's a good way to go about learning what can be disabled.

At this point, I'm going to ask that you remove the software we used to clean up the machine, including Combofix and such. You really won't want to leave it on the machine anyway, as things like that are constantly updated and that version won't be useful for long.

That said, please disable your antivirus/antimalware software, rename Combofix.exe to uninstall.exe, and double-click on it. It will remove itself, and reboot the computer. Don't forget to re-enable your antivirus software afterward.

Next, please run OTL and click the CleanUp button, which will remove OTL and a few other utilities, such as SmitfraudFix, commonly used for one-shot cleaning like we've done.

I would also recommend uninstalling HijackThis. It recently went open source, so I expect it to be changing soon, but for now it's not really worth a whole lot.

Rootkitbuster you can remove on your own, if you wish.

Next, remove aswMBR.exe. You can also delete the MBR.dat file, as it's not needed any longer. If you would like to keep it as a backup MBR however, you sure can.


Now that your computer appears to be clean, there are some steps you can take to help keep it clean.

Create a new restore point.
  • Why: We want to be able to restore to a known-good clean spot in the computer's history, and that would be right now, so let's take a snapshot.
  • How: Follow the instructions below depending on the version of Windows that you have.
  • Windows ME: Click Start -> Programs -> Accessories -> System Tools -> System Restore. Tick the "Create a restore point" radio button, and press next. Give it a good name, like Geeks-cleaned, and click "Create". All done!
  • Windows XP: Start -> Help and Support Center -> "Undo changes to your computer with System Restore". Tick the "Create a restore point" radio button, and press next. Give it a good name and click "Create", as above.
  • Windows Vista and Windows 7: Right-click your "My Computer" or "Computer" link on your start menu. Choose properties from the menu that appears. On the left-hand side of the window that comes up, click "System Protection", then click the "Create" button, and give your new restore point a name, as above.
Keep temporary files cleaned out.
  • Why: This can not only help your machine run a bit faster with less clutter, but potentially clean out infected files before you even know they're there.
  • How: The easiest method for just about everyone to use is Windows' Disk Cleanup. This can be found by clicking Start and choosing Run in Windows XP/2000, or simply typing into the search box on Vista and Windows 7, and entering "cleanmgr" (without the quotes). It really is quite easy to use. The defaults should be fine.
Keep software up to date.
  • Why: Exploitable issues in software are found all the time, especially in network-aware software such as Windows itself, or your web browser and its addons.
  • How: For a normal user, there are a few programs I pay special attention to confirming that they're up to date: Adobe Reader, Adobe Flash, and Java, and of course Windows itself. To this list, add your antivirus and antispyware products, and your firewall product. For your antivirus, antispyware and firewall products, see the manufacturer documentation for the software in question. Typically you'll find an update feature under the help or tools pulldowns, or on a button somewhere on the software's interface. If you just can't figure out how to update one or more products, just ask - I'd be happy to help; let me know specifically what software it is and what version you have, and I'll try to provide clear instructions.
  • Adobe Reader: Start up Adobe Reader, click the Help pull-down, and choose "Check for Updates". Follow on-screen instructions to install any updates if applicable. Repeat this after each update until it tells you there are no updates available.
  • Adobe Flash: Follow the instructions here. Once you are finished, go here to download and install the newest version.
  • Java: Open your control panel (on the start menu) and find the Java icon. Depending on your control panel configuration and Windows version, this might be obvious, or it might be hidden a bit. You can click the "Programs" link on Vista and 7 to find it, or "Switch to Classic View" in the upper left corner in Windows XP (granted you're not already using classic view). If you can't find Java in any of those places, it's entirely possible you don't have it installed. That fine; if it is installed, it needs to be up to date. If it's not installed, ignore this step. There is a caveat here: If you run certain programs that require Java, you might find that they won't work with the newest version. If you do run into this situation, contact the software manufacturer and ask them what the newest version of Java is that their software supports, and where to obtain it.
  • Windows: On your start menu, under All Programs or Programs depending on your version, you'll find either Windows Update or Microsoft Update at the top of the menu. Click here and follow the instructions to install the high priority updates that are available. Optional updates are just that; you can install them, but you don't have to in most situations. Repeat this process until no further high priority updates are available.
Clear possibly infected restore pointsWhy: Having the ability to restore your system is a great thing, as long as you're not restoring an infection!
How: The most simple way to do this is to utilize Disk Cleanup, detailed above in the "Keep temporary files cleaned out" step. Simply click on the "More Options" tab, and use the system restore clean up button. This works with all versions of Windows that had system restore; namely, Windows ME and later. This will remove all but the most recent restore point on the system (that we created earlier), which is what we're after.Defragment
  • Why: Defragmenting your files helps your hard drive access them faster, and in as few sweeps of the read head as possible, reducing drive wear and tear.
  • How: Using the built-in Windows Disk Defragmenter is one safe option, found in Start -> All Programs -> Accessories -> System Tools. I would do this once a month unless the system is heavily used, then perhaps weekly.

There's also a good article here that goes into a few other details.



On to the performance tweaking bit. :)

I think right now I'd recommend you get rid of all vestiges of McAfee, as just the standard uninstall can leave services and other files behind. As you probably know, antivirus software can conflict with other antivirus software. I suggest running the McAfee Removal Tool to get the rest. You'll find the download link under step 2 of the solution section on that document.

I'd also probably remove Spybot Search & Destroy, or at the very least, disable its TeaTimer functionality. While it's serving a good purpose in educated hands, it's also using up system resources, and in my opinion is an unnecessary layer in your case.

When you're ready of course, the Uniblue software I mentioned for keeping drivers and such up to date can also be removed, or at least disabled from running all the time.



After you've absorbed and dealt with all of this, let me know how it went, and whether or not your machine is still booting very slowly.
  • 0

#28
Durre

Durre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Okay, I think I've absorbed and dealt with your information! Posted Image

I printed out your post and the article it referred to, so I could make some annotions while going through it. Here goes!


A. ISP Monitor

I researched the ISP Monitor program a bit. I think I might want to disable and/or get rid of it completely. Here's why: at home we pay a per-month flat rate. At the place were I study, internet is provided free of charge, but you have limited download and upload capacities (you need to login to the local network and after logging in it shows your statistics). Although, as far as I've noticed, these are not monitored using ISP Monitor.
First reason to believe so is that ISPMonitorSrv.exe ALWAYS runs in the background, whether at home or not (the actual isp.exe process never runs). Secondly, I have disabled it for a short period before and didn't notice any problems using the internet at home or at my university. Statistics about my download and upload were still provided. Thirdly, it seems to me that it's not a tool provided by your internet provider, but a tool provided by a company for users so they can monitor their own usage and keep an eye out on not surpassing the download limit if it is constrained. This would mean I must have downloaded it on my own account some time ago or it must have been related to the period when I had problems connecting to the internet. This could very well be the case as the files seem to date back from 17 October 2010 or later. This is one month after I first used the internet at university and well after using it at home, which again indicates they are not related to my provider.
So, if you'd think this is sufficient info to remove the (outdated) tool (no updates since 2010) from my laptop (or at the very least place it in the bin), I would go ahead and do so. If you have objections, I'll reconsider. I'd like to remove it because it's using CPU (max. 10%), but when at high usage, enough to make it hit 100% and slow down the system. I could still download it again if removing would cause troubles.


B. Removal of cleaning software

  • Combofix.exe: you adviced me to remove it, but I had already done so immediatelly after I had used it (before posting this topic). I used it following a threat (not a personal one) in another forum and in there it said to click Start > Run and copy/paste the following text between *...* into the run box and click OK: *ComboFix /Uninstall* . So I did and it removed itself. Not sure if additional steps should be taken as you recommended another method?
  • OTL: removed itself and SmitfraudFix.
  • HijackThis: removed using Programs and Features.
  • Rootkitbuster: removed by deleting its folder.
  • aswMBR.exe: removed by deleting the application, I kept the MBR.dat file.

C. Create a new restore point

I've went through your post chronologically, so I created a restore point when I came to this section. However, the current restore point has been made today and is now the only one on the system (I also made one for the recovery disk). It has been made after all of your post had been dealt with (defragmenting took a while), after removing some more programs and residues manually (I'll come back to that topic later) and after running two additional scans, mainly to remove cookies. Just because I wasn't sure if cookies are also stored in a restore point.


D. Keep temporary files cleaned out

  • Done. However I also selected the option to remove crash dump files (over 500 Mb) as I probably won't be debugging them anytime soon.
  • Question: I googled before removing the crash dump files, but it also gave the option to remove files from Windows Error Reporting (also 500 Mb in total). I thought those files could be a bit more useful in the future than the crash dump ones, so I just left it. What do you suggest?
  • I've seen many threads on many forums referring to CCleaner. As it seems to involve registry related stuff and as I've gotten cautious with downloading external programs who operate in basic system spots (as they say "to make it perform better"), I wanted to know what you think about it? I'm not thinking about downloading, I'm just rather curious as it seems to be adviced quite often. Is this really a tool which can be used commonly or only under supervision? Does it have any benefits over by Windows provided tools on your system like cleanmgr?

E. Keep software up to date

  • Adobe Reader: up to date, automatic updates.
  • Adobe Flash: up to date, automatic updates via Google Chrome. I ran the uninstall tool for Flash, rebooted and I could still watch content on youtube. I repeated the same process and no changes. Then I noticed Chrome has a built-in Flash-player. So if any Adobe Flash player outside of Chrome was installed on my laptop, it should have been removed.
  • Java: up to date (or even ahead since Java's download page still offers Version 6 Update 31 and I have Version 7), scheduled updates via Task Manager.
  • Windows: up to date, automatic updates. There was only one optional download which I installed as it was IE9. Apparently that's optional and not important ...
  • AVG: up to date, scheduled in AVG to update after start-up.
  • Zone Alarm: up to date, manual updates
  • MABM: up to date, scheduled updates via Task Manager and manual
  • SuperAntiSpyware: up to date, scheduled updates via Task Manager and manual
  • Google chrome: up to date, automatic updates (main browser)
  • IE9: up to date, automatic updates via Windows Update I think (browser is never used)
  • Mozilla Firefox: apparently out of date, yet should be automatically updated. However, it doesn't do so for some reason (I noticed it being out of date using PSI). I've opened and used the browser, but it didn't show any sign of updating. Do you recommend reinstalling? (browser is seldomly used)

F. Clear possibly infected restore points

Done.


G. Defragment

Done. Scheduled defragmenting has been on for a while already, but apparently isn't the best option as the manual one seemed to have done the real job. I disabled scheduled defragmenting again and am planning to make Windows (or some other daily used program) remind me to defragment once every two weeks. I'm going to look into that after finishing this post.


H. The performance tweaking bit

  • McAfee Removal Tool: Ran twice, because I had to interrupt it the first time around. All "leftovers" should be gone.
  • Spybot Search and Destroy: disabled TeaTimer at first, then removed the program using Programs and Features. Manually removed two folders afterwards, which were left behind, following Spybot's uninstall information.
  • Uniblue Powersuite: I can't really uninstall the Driver software as it's part of the Powersuite (I would have to uninstall the whole thing). But Powersuite has been disabled from running at start-up or in the background ever since it has been installed. So it'll only run if I would decide to let it run.

I. Manual removal of residues

As I mentioned before, I removed some more files and folders left behind from programs which I once uninstalled, like P2P programs. I noticed by accident some of these folders and files were still there. I was clicking my way into ProgramData and Appdata. Both of these paths still contained some references to old programs. Often just .txt files. There was also a somewhat hidden reference to a P2P program in my list of Programs in the start menu. Therefore I went into Appdata\Roaming\Microsoft\Windows\startup and deleted it. Some more (empty) references to old programs were sitting there and got deleted. As far as I can see now, there are no references to P2P or old programs in AppData as well as ProgramData anymore.


J. The article you referred to: "How did I get infected in the first place?"

  • Watch what you download: I certainly will and am e.g. not planning or willing to download P2P programs at all.
  • Update Windows, IE, Java, ...: OK!
  • Adjust IE settings and/or use other browser: OK!
  • Install Spywareblaster: would you recommend me doing so?
  • Install Spywareguard: would you recommend me doing so?
  • MABM: Got it! Manual scanning.
  • SuperAntiSpyware: Got it! Manual scanning.
  • MVPS Hosts file: woudl you recommend me downloading it?
  • McAfee Site Advisor: already using AVG's site advisor (Zone Alarm's for IE)
  • Install either OnlineArmor, Outpost Firewall Free or Sunbelt Personal Firewall: already using ZoneAlarm. Would you recommend changing to something else?
  • Install either AntiVir Personal, Avast! Free or Microsoft Security Essentials: already using AVG. Would you recommend changing to something else? AVG is set to scan on weekly basis (rootkit scan included)
  • Check for outdated programs using PSI: downloaded and installed PSI. Checked for outdated programs. 6 programs were outdated out of 122. Updated 3 of them, removed 1. Firefox is still outdated. The other one will be dealt with after this post.

K. Questions

  • Some time ago you told me not to empty the bin. The Soluto folder and two unnamed files related to it are still in there. I emptied all the rest which I had put in there on my own account (deleted programs and such). Can I empty it? Can I also remove the zipped Soluto path from my USB and delete it?
  • I still have Rkill.exe on my desktop. Remove or leave it?
  • I researched the .swt folder some more and it might be related to the P2P program Azureus (Vuze). Should I move it to the bin and see if everything keeps working normally, then delete it after a month, or would it be safer to keep it where it is?

On a side note: you once mentioned there was an XP naming protocol being usind in the path naming (ALLUSE~1). I don't know, but might that be related to me not using Windows Vista's interface and the old one instead? I don't know the naming of it, but it's start menu is very different from Vista's and it doesn't use Windows Aero or any graphical tricks Posted Image


CONCLUSION

  • Boot time: 5 minutes max., should be able to be reduced to an average of about 3 to 3 and a half by cleaning the start-up list (or maybe reinstalling Soluto?)
  • Available disk space: went from 89 Gb to 121 Gb during the whole process of going through your post.
  • Available work memory: seems to be higher too
  • Performance: In overall good. Yet it is slow and the machine is hot because SearchIndexer.exe keeps using up 50% or more of the memory. Indexing seems to get stuck when it hits 310 to 315000 items. Right now it's stuck at 311 575 items and says that indexing is being slowed down because of laptop usage, yet it takes up more than 50% of the CPU.
UPDATE

I said before that all instances of the Flash player outside of Chrome should be removed, but I don't think that's the case. I used PSI again to find the one program that I still have to update (except for Mozilla). It pointed me towards Macromedia Flash Player (ActiveX). I opened its text box up for additional information and it revealed this path C:\Windows\System32\Macromed\Flash which contains two files: FlashInstall.txt and swflash.ocx. PSI recommends either upgrading to a newer version or removing it from my laptop, as the product is 'end of life'. When I googled the path, I find that it is related to Adobe's flash player (for IE I think). Can I remove it?

Besides that I just made basic tasks in Windows Task Scheduler to remind me of doing scans, cleanups, defrags and program updates Posted Image

Edited by Durre, 18 March 2012 - 10:08 AM.

  • 0

#29
havredave

havredave

    GeekU Moderator

  • GeekU Moderator
  • 1,689 posts
Here we go! Lettering won't match up; I skipped a few where it was obvious a response wasn't necessary.

  • ISP Monitor: Based on both of our conclusions, I believe that it's safe to remove. Create a restore point ahead of time, just in case it turns out to be used by something that you don't want to do without.
  • Removal of cleaning software:
    It sounds like things went well here. The /uninstall method of Combofix is one of a couple ways to remove it. I've always preferred renaming, just because it's quicker for me. Both work fine.
  • Create a new restore point:
    I do not believe cookies are saved in a restore point. It's more for system files and such, including your personal registry settings. User documents aren't saved in restore points as far as I know, which includes cookies. Why "as far as I know"? Because I just woke up. :)

    It sounds like you did ok here anyway. The restore point in the finishing up portion of the instructions is mainly so you can remove old and possibly infected restore points so they aren't accidentally used, re-infecting your machine.
  • Keep temporary files cleaned out:
    Personally, once I'm happy that my machine isn't logging further errors due to something bad happening, I clean up the error logs as well. If there are actual error messages rather than simple notifications, then keep the logs until they're dealt with.

    I use CCleaner almost every day. I do not however use its registry cleaning functionality. I don't believe the risk is worth the gain, which is why I'll also not instruct anyone to use its registry portion. The file cleaning portion is quite good, but do look through the options. Defaults should be ok. Still, you might wish to keep cookies and such so you don't have to be typing in information at commonly visited sites all that often.

    If you'd prefer, TFC by OldTimer is pretty good too. It's a bit easier to use in my opinion. It does lack options though, if you like having them available.

    After I run programs like CCleaner or OTL though, I use the built-in disk cleanup, located in Programs->Accessories->System Tools, under your start button. It hits slightly different areas, and leaves me with slightly more material removed.
  • Keep software up to date
    • You are correct that Adobe Reader in your case will update itself automatically. That's simply part of my closing speech. However, for anyone else reading this, Adobe Reader 9 or earlier will not auto-update to version 10. That has to be done by hand, and really should be done.
    • Adobe Flash is "built in" to Chrome, and updates with Chrome. Internet Explorer uses the ActiveX installation of Flash, and Firefox and others use the plugin version. If all you use is Chrome, you're safe removing Flash from your installed programs list entirely. Even when IE is used for things like updates, flash isn't necessary.
    • IE9 will land in your optional updates if you've ever told it not to install in the past. Otherwise it wants to be a high priority update. There are other factors of which I'm not aware that can also make it an optional update; I haven't sorted those out yet. Anyway, as it sounds like you're using Chrome for day to day use anyway, yes, I'd update IE to version 9. Sounds like you did the right thing here.
    • Firefox won't always automatically update itself. It tries, and usually succeeds. If you seldom use Firefox, I'd recommend removing it. If you want to keep it, click its help menu, and choose About Firefox, where it'll check for the latest version and download it if one is found. Firefox cannot update itself if it is not run often enough for it to check.
    In all, it's a good idea to double check your installed software for current versions. Secunia PSI is good for that as well. It's a system load all by itself however, so that's something to keep in mind as you try to increase performance.
  • Defragmenting
    Believe it or not, there is some pretty good reasoning why you should not use scheduled defragmenting. I won't go into that in depth here, but what you have done is probably the best option, having it remind you instead.
  • Performance tweaking
    McAfee did leave a handful of services which were gobbling up system resources. Hopefully that's cleared up.

    Leaving Powersuite as a run-on-demand program is not a bad idea. That way you can run only the bits you want, and when you want.

    Running Secunia PSI on your own schedule might be a good idea as well, since it takes a bit to start up. That is of course only a good idea if you can remember to regularly run it. :) Also, you can simply accept its performance hit, and run it all the time. It does serve a good purpose.
  • Manual removal of residue
    You seem to be doing things intelligently; reading, researching, and testing before doing anything permanent. That's a very good sign, and a tactic you should be commended for. Keep doing that. :)
  • How did I get infected...
    • No, I don't recommend you install Spywareblaster or Spywareguard. I believe you're sufficiently protected, and they would simply add more load to your system. Keeping in mind that a machine can get infected no matter what protection you're running, sometimes you have to decide that enough is enough. However, it might not be a bad thing to at least investigate them for your own knowledge.
    • I recommend you make up your own mind about downloading the MVPS hosts file. I won't recommend against or for it. It's not a bad idea, but I prefer less things on my machine than more. If you would rather have more protection, it's not such a bad thing. Read about it, and see what you think.
    • I don't mind the ZoneAlarm firewall product, but on a Win7 or Vista machine, I use the built-in firewall. I don't personally feel the extra firewall functionality is worth the performance hit.
    • My personal opinion about antivirus software to use is Microsoft Security Essentials for most installations, and Avast! where you have the horsepower to run the extra features it has.
  • Questions
    • I asked you not to empty the bin because of specific infections that store important system data in temp folders. My saying to not empty the bin was a bit off for that reason. It was important however to not empty temp folders yet. I'm sorry for the confusion. Feel free to empty the bin!
    • I would remove rkill.exe. For some reason, I thought I read that OTL's removal process would remove rkill as well, but it does not. rkill is another one of those programs that's updated often enough that it's best to get a new one whenever its use is necessary.
    • Your thoughts on how to test/remove .swt are good. I would go ahead with your plan of moving/waiting and then removing it.
    • The "XP naming protocol" isn't XP's at all; it's from DOS, when filenames had 8 letters, a dot, and a file extension of a maximum of 3 letters, thus the 8.3 naming convention being called what it is. Your interface choice should have nothing to do with that. What is more likely is that you used an older piece of software at some point that doesn't properly deal with long filenames. Nothing to worry about. :)

Using Soluto might be reasonable here; just keep a close eye on its folder use so you don't have that bad nesting problem you did before.

Searchindexer can cause problems in laptops in my experience, because it never has real idle time to do its job like on a desktop that's on all or most of the time. Laptops are closed, hibernated/slept, or shut off much more often, so there isn't so much idle time. Your problem here can probably be alleviated by simply leaving it on. If you don't want or need the faster search capability of the start button box though, you could disable it and see how it goes.

Flash residue: You are correct, you can remove those extra flash files you located using PSI. In your particular case, you can remove the folder C:\Windows\System32\Macromed\Flash in its entirety. If there are no other folders in the Macromed folder, you can remove that too.

I have a Vista laptop as well, and it starts quite slow. Mostly that's because I have it turned off most of the time. When I leave it on, it's just as quick as I would expect it to be. I'm pretty sure that's what's biting you. Windows 7 seems to have less trouble with this, so you might ponder upgrading if it's feasible for you to do so.

I don't have any further instructions for you, but I'm available in case you have questions or trouble with anything, or just need clarifications. I'll let you decide when we're done. :)
  • 0

#30
Durre

Durre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
ISP Monitor

Removed using Programs and Features, thus far no indications of any trouble. I created a restore point just in case.


Keeping temporary files cleaned out

I cleaned out the Windows error logs as no errors have been given to me lately. Thank you for your advice on CCleaner and suggesting TFC by Oldtimer. As you might or might not suspect, my interest goes more to CCleaner than TFC, because of the extended functionality, which allows me to learn more about the matter. I've downloaded the progam to have a look at it. Apparently it also has a function to manage the startup program's list as well as browser plugins and an option to (securely) wipe your hard drive. Since as you said the progam hits slightly different areas than the built-in disk cleanup and since it can be used without supervision (of course you still need to know what you're doing), I think I might use this program. I'll leave the registry part as it is though, because of what you said and because I think it's best to have supervision for that. I went ahead and adjusted its configuration a little (e.g. took it out of boot). As it has a start-up managing functionality (much like msconfig actually), I was wondering if I could just use that and not download Soluto? That will give me one program less on my laptop and Soluto itself also takes up boot time and CPU.


Keep software up to date

I'd rather keep the Firefox browser as some online functionalities of my university are not supported by Chrome and to have a back-up browser (I'd rather not use IE). Apparently Mozilla Firefox wasn't out of date. How's that? Well, I opened the info box in PSI and noticed the rather uncommon path. Then I scrolled down in the scan results and noticed a second Mozilla firefox, which was up to date (because I had it updated manually to 11.0 using Help > About Firefox). The out of date firefox.exe was situated in Windows\ERDNT\cache. Some googling brought me to believe it's a residue from running Combofix and ERUNT is the actual registry backup program using the folder. Date of creation confirms my suspicions. I looked up some information about ERUNT and decided to download that small program as it seems a useful, harmless addition to Window's backup of the registry. I thought it might refresh the files in the "cache" folder by installing it. However it didn't, so I just went ahead, deleted the cache folder and made a backup of the registry. I've set the program to not automatically make backups. I'd rather use it sporadically e.g. when installing new programs. Right now PSI gives me a 100% up to date score.

As soon as I had downloaded PSI, I tweaked its settings (e.g. not in boot) so it's system load should be minimal. I've noticed it scans silently on a weekly basis (no options to change that), but I still made a Basic Windows Task to remind me to run a scan weekly. I think that should be sufficient to keep the majority of programs up to date (including the ones without automatic updates).


Defragmenting

Windows is set to remind me by a Basic Task. I was wondering if the 'Drive Wiper' tool from CCleaner could be a beneficial process for this?


How did I get infected ...?

Thank you for your recommendations. I plan to look into both anti-spyware programs a bit. As they have the same company name to it, I'm interested to see what's the difference. I'll consider installing either Avast or MSE once AVG's license ends. Since I have disabled Windows Defender, I can't use the built-in firewall unless I enable it again. But the reason I disabled it, was because it was giving more trouble than benefits to me back when I had McAfee. So I downloaded ZoneAlarm to replace the firewall. I haven't yet found the time to properly look into the MVPS Hosts file, but what I read reminded me a bit of Spybot's TeaTimer. What I remember is that it runs at start-up. That throws me off a bit, because itmeans I won't notice the process running. I'd like to have an eye and keep an eye on what is running, both at start-up as afterwards. On the other hand it seemed to have some nice features.


Questions

I emptied the bin, removed rKill and then placed .swt in the bin. It hasn't put itself back and I haven't noticed any trouble so far.


Other

I removed C:\Windows\System32\Macromed. Concerning SearchIndexer.exe: I instructed it to reconstuct the index from scratch (using default settings) the other evening. I left my laptop on over night and woke up when it was hitting about 52 300 indexed files. CPU usage was low. Then at a certain point it hit 52 759 files, CPU went up to +50% and it's stuck again. The boot time is okay. When I'll have removed the last unnecessary programs from startup, it should be mighty fine (for a Windows Vista laptop that is Posted Image)



So, as SearchIndexer.exe is the only problem left and as it is not malware related, this topic can be closed for me. I'll look into it at my own time and if I don't find a trustworthy solution, I might come back to some other section on this forum. If you would just be so kind to leave a last reply to some questions?


Therefore I'd like to thank you with whole of my heart for your continuous support and advice. You've changed my perception on same basic concepts and I'm glad the problems got solved. So for what it's worth, you've got my sincere gratefulness. It's amazing to me forums like this even exists and all efforts from your side are much appreciated.

Once more, thank you for your time and just ... thank YOU Posted Image
Hopefully I won't have to come back here, so the best of luck with any further cases and the best of luck in life!

Sincere greetings,

Durre

Edited by Durre, 18 March 2012 - 10:08 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP