Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Optimizer Pro help needed [Solved]


  • This topic is locked This topic is locked

#1
Dr Heisenberg

Dr Heisenberg

    New Member

  • Member
  • Pip
  • 6 posts
My pc recently got infected by the Optimizer Pro virus. I think it got sneaked in with a torrent i used. It presented itself as a fake anti virus program. My pc got noticeably slower and i got constantly redirected when using both firefox or chrome. A lot of different and conflicting things are being said about this virus so i tried a lot of different stuff. I scanned with MBAM but with no success, i also used Hijackthis to delete some of the malicious files. the list of these files i found on the internet. Listed below:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ${URL_STARTPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.4\youtubedownloaderToolbarIE.dll
R3 - URLSearchHook: (no name) - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - (no file)
R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.4\youtubedownloaderToolbarIE.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\4Media Video Toolbar\tbcore3.dll
O3 - Toolbar: 4Media Video Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\4Media Video Toolbar\tbcore3.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.4\youtubedownloaderToolbarIE.dll
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe

I did not manage to find all of these files so it could be that i missed a few. After this my pc got a little bit faser but is still not back up to its original state. I also still get redirected when i'm browsing the internet.

I hope you can help! thx
  • 0

Advertisements


#2
Dr Heisenberg

Dr Heisenberg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL log:

OTL logfile created on: 11-May-12 3:41:31 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Administrator\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Verenigde Staten | Language: ENU | Date Format: dd-MMM-yy

3.97 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 60.57% Memory free
7.93 Gb Paging File | 5.51 Gb Available in Paging File | 69.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 2.93 Gb Free Space | 1.97% Space Free | Partition Type: NTFS
Drive D: | 134.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: TUINSLANG | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-05-11 15:19:12 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2012-05-03 17:42:06 | 000,932,528 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012-05-02 23:49:16 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-04-28 04:07:02 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012-04-23 14:17:18 | 002,670,520 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012-04-23 14:17:18 | 001,118,648 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012-04-23 13:11:58 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012-04-13 14:28:36 | 000,575,416 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012-01-24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011-10-12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011-08-02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2009-08-17 18:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009-08-13 01:06:14 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009-07-24 19:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009-07-16 19:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009-06-19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009-06-19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009-06-16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009-05-19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009-04-20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008-12-23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008-08-14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008-08-14 05:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012-05-06 21:31:09 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012-05-03 17:42:06 | 000,932,528 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012-05-02 23:49:16 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-04-28 04:07:01 | 000,444,400 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012-04-28 04:06:59 | 003,915,248 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012-04-28 04:05:34 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012-04-28 04:05:33 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012-04-28 04:05:32 | 001,747,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2011-06-24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-06-24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009-08-13 01:06:14 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009-07-24 19:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010-09-22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009-09-15 22:21:58 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-02 03:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012-05-06 21:31:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-05-02 23:49:16 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-04-23 14:17:18 | 001,118,648 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012-04-23 13:11:58 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012-04-13 14:28:36 | 000,575,416 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011-10-12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011-08-02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011-07-02 13:22:44 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV:64bit: - [2012-04-23 14:18:02 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012-04-23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012-04-13 14:28:56 | 000,085,192 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012-02-28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2011-10-13 13:05:50 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011-10-07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011-09-13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011-08-08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011-07-11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011-07-11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011-07-11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011-07-11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011-05-10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-03-02 17:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-09-23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010-05-28 13:04:52 | 000,017,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010-03-15 09:45:28 | 000,145,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2010-03-10 09:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009-12-21 19:58:56 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009-12-20 18:41:12 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009-10-05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009-08-12 07:45:29 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009-07-20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-09 05:11:41 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009-07-01 06:46:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009-07-01 06:46:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009-07-01 06:46:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009-06-10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-06-05 12:15:55 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009-06-04 12:54:35 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-05-13 03:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009-04-27 10:25:57 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009-04-07 09:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008-05-24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008-03-13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007-07-24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2011-06-02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000625d3861112
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.babylo...babsrc=HP_Prot"
FF - prefs.js..keyword.URL: "http://search.babylo...625d3861112&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://www.ubvu.vu.nl/ubvu.pac"
FF - prefs.js..network.proxy.type: 2


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012-02-01 09:15:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012-05-10 16:37:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-05-02 23:49:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-04-15 11:51:44 | 000,000,000 | ---D | M]

[2011-08-09 13:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012-05-10 15:21:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\lgp9iacv.default\extensions
[2012-05-07 10:49:47 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\lgp9iacv.default\extensions\[email protected]
[2012-05-02 23:49:50 | 000,000,000 | ---D | M] (Woordenboek Nederlands) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\lgp9iacv.default\extensions\[email protected]
[2012-05-02 23:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011-10-19 09:27:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-05-02 23:38:11 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LGP9IACV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012-05-10 15:21:48 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LGP9IACV.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012-05-02 23:49:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010-07-01 16:41:50 | 000,050,336 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npBFPlugin.dll
[2011-11-10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012-05-07 10:49:18 | 000,002,356 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012-05-02 23:49:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-05-02 23:49:14 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo...}&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: npruntime scriptable plugin for beanfun (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBFPlugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Angry Birds = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Portal = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebnpaodjnkokpiahkhcjdjehififhgo\3.5_0\
CHR - Extension: Nieuws = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhpjlnpndlmgfcdojdbhmkodnekebnib\42_0\
CHR - Extension: Monster Dash = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0\
CHR - Extension: Weerplaza = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djakjaebiehcbcjclfgifnhipfcobpaa\41_0\
CHR - Extension: Codecv = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dopbjbcnddeafehncniiodgcfjchbjob\1.0_0\
CHR - Extension: Pool = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\elpllolimgdplahhfppjkplanncepfnh\1.0_0\
CHR - Extension: AdBlock = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.15_0\
CHR - Extension: Het RGB Spel = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnieofmjopiiifehpejcgcpailcndege\1.2.2.1_0\
CHR - Extension: Aperture Science Network Interface (Blue) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddpjgadbhnefiopiagpjbocgbhbjngc\1_0\
CHR - Extension: AVG Safe Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Zombie Pandemic = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkicdgidnfmdfnhhllffoplpaldkljl\1_0\
CHR - Extension: Appie = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pidjpfnhaidmahnblgikaaadclebmoio\1.1_0\

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Codecv Class) - {30B1AFA5-0242-443A-90F2-5AAFA5B0C6C2} - C:\ProgramData\Codecv\bhoclass.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files (x86)\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [pdfSaver3] File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files (x86)\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.35.25 212.54.40.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24033667-75B0-442E-BD13-E8BC8EDD9A80}: DhcpNameServer = 212.54.35.25 212.54.40.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CB20EBE-A572-49E7-B933-65FFEE04BD75}: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{748C0CB8-C0DD-4302-8BB1-B99223A7B46B}: DhcpNameServer = 212.54.35.25 212.54.40.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C61810E8-D987-4DAF-A9EB-70987305ECF6}: DhcpNameServer = 192.168.2.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-05-11 07:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012-05-11 07:00:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012-05-11 03:07:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-05-10 17:49:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012-05-10 17:49:09 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012-05-10 17:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012-05-10 16:37:15 | 000,085,192 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012-05-10 16:37:13 | 002,271,160 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012-05-10 16:37:13 | 000,149,432 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012-05-10 16:37:12 | 001,681,336 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012-05-10 16:35:50 | 000,341,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012-05-10 16:35:50 | 000,145,432 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012-05-10 16:35:43 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012-05-10 16:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012-05-10 16:35:37 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012-05-10 16:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012-05-10 16:34:23 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012-05-10 16:34:23 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012-05-10 16:34:19 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012-05-10 16:34:15 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012-05-10 16:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012-05-10 16:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012-05-10 16:33:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TestApp
[2012-05-10 15:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catan - Het kaartspel
[2012-05-10 15:44:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Catan - Het kaartspel
[2012-05-10 11:50:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catan GmbH
[2012-05-10 11:50:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\COW
[2012-05-10 11:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Catan GmbH
[2012-05-10 11:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012-05-10 11:13:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012-05-07 10:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012-05-07 10:49:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Babylon
[2012-05-07 10:49:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Babylon
[2012-05-07 10:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012-05-07 10:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
[2012-05-07 10:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv
[2012-05-07 10:48:55 | 000,000,000 | ---D | C] -- C:\codec-info
[2012-05-07 10:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012-05-02 23:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012-05-02 23:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012-04-27 02:48:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\DUWO
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-05-11 15:31:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-05-11 15:20:32 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-05-11 09:21:46 | 097,737,204 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012-05-11 07:00:11 | 000,001,266 | ---- | M] () -- C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
[2012-05-11 06:43:09 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-05-11 06:43:09 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-05-11 06:36:44 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-05-11 06:35:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-05-11 06:35:01 | 3193,884,672 | -HS- | M] () -- C:\hiberfil.sys
[2012-05-11 02:17:57 | 002,129,671 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012-05-10 20:40:22 | 001,663,904 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-05-10 20:40:22 | 000,743,554 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012-05-10 20:40:22 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-05-10 20:40:22 | 000,152,638 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012-05-10 20:40:22 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-05-10 20:34:38 | 000,001,523 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012-05-10 20:30:27 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-05-10 17:49:11 | 000,002,272 | ---- | M] () -- C:\Users\Administrator\Desktop\SpyHunter.lnk
[2012-05-10 16:35:43 | 000,002,243 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
[2012-05-10 11:50:58 | 000,001,239 | ---- | M] () -- C:\Users\Administrator\Desktop\Catan Online World.lnk
[2012-05-08 19:09:43 | 000,461,958 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012-05-07 10:49:30 | 000,000,254 | ---- | M] () -- C:\user.js
[2012-04-23 14:18:26 | 000,092,896 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012-04-23 14:18:02 | 000,251,528 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012-04-23 14:17:02 | 000,014,776 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012-04-23 14:12:56 | 000,145,432 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012-04-23 14:12:50 | 000,341,168 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012-04-23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012-04-15 11:51:44 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012-04-13 14:28:56 | 000,085,192 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012-04-13 14:28:50 | 000,149,432 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012-04-13 14:28:48 | 002,271,160 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012-04-13 14:28:48 | 001,681,336 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012-04-13 14:28:30 | 000,767,928 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2012-04-13 13:55:04 | 000,003,488 | ---- | M] () -- C:\Windows\UDB.zip
[2012-04-13 13:55:04 | 000,000,882 | ---- | M] () -- C:\Windows\RegSDImport.xml
[2012-04-13 13:55:04 | 000,000,879 | ---- | M] () -- C:\Windows\RegISSImport.xml
[2012-04-13 13:55:04 | 000,000,131 | ---- | M] () -- C:\Windows\IDB.zip
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-05-11 07:00:11 | 000,001,266 | ---- | C] () -- C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
[2012-05-10 20:30:27 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-05-10 17:49:11 | 000,002,272 | ---- | C] () -- C:\Users\Administrator\Desktop\SpyHunter.lnk
[2012-05-10 16:37:14 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012-05-10 16:37:13 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012-05-10 16:37:13 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012-05-10 16:37:13 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012-05-10 16:37:13 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012-05-10 16:35:43 | 000,002,243 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
[2012-05-10 16:34:26 | 002,129,671 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012-05-10 11:50:58 | 000,001,239 | ---- | C] () -- C:\Users\Administrator\Desktop\Catan Online World.lnk
[2012-05-07 10:49:28 | 000,000,254 | ---- | C] () -- C:\user.js
[2012-04-15 11:51:44 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012-04-12 11:25:31 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-02-23 18:17:36 | 000,000,017 | ---- | C] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg
[2012-02-18 16:08:55 | 000,024,576 | ---- | C] () -- C:\Windows\UniFISH.exe
[2011-08-22 08:54:46 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\{52D9F23F-13F4-45D8-ADD6-9101DD17DF62}
[2011-08-09 13:41:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-05-02 12:14:15 | 000,000,096 | ---- | C] () -- C:\ProgramData\anwblog2008.cfg
[2011-02-27 01:04:48 | 001,642,064 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-08-25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010-08-25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010-08-25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== LOP Check ==========

[2012-02-23 11:11:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG
[2012-01-26 16:25:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG2012
[2012-05-07 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Babylon
[2012-01-27 14:18:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012-05-10 11:53:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\COW
[2011-09-15 10:40:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\cYo
[2011-12-30 15:24:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LightFish
[2011-11-06 18:28:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MoreTerra
[2012-05-10 20:11:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spotify
[2012-01-14 18:17:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2012-05-10 16:33:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TestApp
[2012-01-26 12:33:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2012-05-10 22:57:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2011-08-09 16:12:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\wargaming.net
[2011-12-19 14:48:03 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >
  • 0

#3
Dr Heisenberg

Dr Heisenberg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL also gave me and Extras.txt

OTL Extras logfile created on: 11-May-12 3:41:31 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Administrator\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Verenigde Staten | Language: ENU | Date Format: dd-MMM-yy

3.97 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 60.57% Memory free
7.93 Gb Paging File | 5.51 Gb Available in Paging File | 69.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 2.93 Gb Free Space | 1.97% Space Free | Partition Type: NTFS
Drive D: | 134.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: TUINSLANG | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0212E75F-247E-4837-9767-503850242DA2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{104AD2A2-D753-459F-8B2E-5A4A44DD9259}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1E72B2AB-7076-42B1-BC1E-8F22A6972325}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{219D1902-9B2B-4938-9755-CBB23340369C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24B32E50-48D0-4847-B03D-514EE7275312}" = lport=6992 | protocol=17 | dir=in | name=league of legends launcher |
"{35333200-91D1-4568-82BF-BDC321508C83}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{396E5606-EB8B-44CB-9354-BA3D32272A30}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3B02F223-5C66-4695-AF60-BBFABFA705DA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{422F0684-644F-47EF-AA4B-1351DCD8B937}" = rport=30236 | protocol=17 | dir=out | name=30236 u-torrent opened |
"{47160E2F-467A-4307-95BD-740715188CA0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{482EABDD-0D5F-4446-9D17-742C264200E2}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A76B940-BF6D-499B-A4B7-4482D18D9C33}" = lport=2869 | protocol=6 | dir=in | app=system |
"{51241EDB-92BE-4077-8C4C-80175028547E}" = lport=139 | protocol=6 | dir=in | app=system |
"{523C43FF-EFC4-4610-8D72-29375E310F80}" = lport=6992 | protocol=6 | dir=in | name=league of legends launcher |
"{5701283A-E4C7-4FA9-BEBC-32C0418025C0}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{6B42AC77-0C04-4AB9-9E43-37DDDFE531C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D8C242D-EF1C-40E7-B53F-F8B661BB2B9E}" = lport=138 | protocol=17 | dir=in | app=system |
"{77A34999-994E-4D0D-9CCA-EB45A2F96D3A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AD21E02-B97B-430B-A834-FD36C62C13C6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7ADC7364-6D29-439F-87FC-9893519BB0B2}" = lport=30236 | protocol=6 | dir=in | name=30236 u-torrent opened |
"{7B04287A-3C35-43BB-8656-1F4011C9C877}" = rport=445 | protocol=6 | dir=out | app=system |
"{84A430A0-3595-4567-A70B-B59924493A38}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{8A3F1FD6-49ED-45E3-A68E-19B4F5B01B19}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{91445C60-C13F-4F86-996F-2F76CAC0F6CA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{973B5227-B630-4295-8D5A-B64E9264E05F}" = lport=137 | protocol=17 | dir=in | app=system |
"{98CDC237-92C0-45DE-B869-BB49E3EBE3DB}" = lport=445 | protocol=6 | dir=in | app=system |
"{C1EB1AE7-5D18-44ED-9D18-1FD26044D023}" = rport=138 | protocol=17 | dir=out | app=system |
"{C5885350-4ECD-4840-9ABE-24764AFAD62D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D73FCE35-288B-4FDE-BA42-DFC2FC1178CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{ED462C37-172E-42B2-B88B-2A0AA586AB7A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FDB5E924-C24E-4D02-8501-FBE757C379DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FEC7433D-83A2-4C8F-A39F-2D4E4405500D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02DE7283-A50F-4B1E-B89E-5AED4976A7DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{02FBF4B9-28AE-482A-9D6D-2F91915CFDAC}" = protocol=1 | dir=out | [email protected],-28544 |
"{03DF50A2-240E-4034-841F-9848EC370918}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0A817A0A-9413-4FE4-98F3-06291B31B2DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CE8A213-E1D2-4467-BA3D-AED0C8E0101D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{0D3103CC-32E4-4EC4-A1B7-6D7E0C03A117}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{16004A30-187D-4F85-B89D-3520AE664BF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1AA3ADB2-2DBC-4F72-A127-605C3457BAE4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1D7A9DAC-1ED8-46E3-AAF0-3A076265B721}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{215D73F5-2059-4E5D-AE22-63B093CF2093}" = protocol=58 | dir=out | [email protected],-28546 |
"{219AB673-A43F-49D5-951D-B5AEF271FE0F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{22ACF712-F368-4359-9B6A-126326344487}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{244932B9-E9E7-4043-9176-6B33B9FB9162}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{355FD84D-0FBD-4F4E-B7A4-10B78018DEE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{3C0F5839-166E-41B1-8C53-32C9DEE02543}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{3C62CC11-ACD3-4484-8FEF-C3B67A8C69E5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3C801AB6-24AA-413C-B8A9-1AE25CEB7F68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hacker evolution\hacker evolution mod editor.exe |
"{41724826-EAC3-4F71-9D83-D1823E726363}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{442B1B2F-0FA9-4F15-999D-C86E0B5488BA}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{45F1CA31-B594-4D5B-A8B8-DA8E786D138B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe |
"{50FB4BA4-AEBA-4FC0-BFCC-05452AB39177}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\spotify\spotify.exe |
"{51DC791A-6ED0-48F9-9F60-2A9E61A797CA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{599146D1-5C1D-4DCA-97BF-8E26FACBBB83}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5ADD1CEB-252A-473D-9EAA-0D969ED9C568}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{5AE59FDC-DE91-47BE-902A-1A8EBDB36321}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hacker evolution\hacker evolution.exe |
"{5B5C05FD-3483-46F1-9183-33DD215BF19D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{68EA6452-B0A1-491F-8BBF-D6601128CFA5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6B31CD7E-FF5E-44AC-AD77-5A73B207767E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{6CC0B72C-CDD8-4E91-8A29-6BA3B2AAA5AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{6F590C2C-5699-438A-A336-6BA5A04EB1B0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{71743190-AED7-4555-9EA1-29674C8B4FC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{76361959-459E-4615-91FF-BC47D4EF717D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{77239B33-C89E-4772-9D2A-0E637E07A878}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{776F19B6-E686-4EC0-9E32-5506FB453A89}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\roaming\spotify\spotify.exe |
"{7F734AC4-4794-4AF7-AC57-DF3B0347B569}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\spotify\spotify.exe |
"{87E98FA4-6713-4771-A407-63C8A2206295}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe |
"{8879181C-36DC-429D-9D13-059DC69EF916}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88C23FDF-F831-4123-A2EA-430DABEEA4A0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8974BAD0-585C-41EF-B6EA-1F896C11D59A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe |
"{A02FAD83-3506-45FA-A3B3-0B046961373F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A4D969D1-995C-446B-9592-078854E4AFB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{A56D4CBF-7A51-47F1-88CC-B7A738A9FF61}" = protocol=6 | dir=out | app=system |
"{A7E02CA2-16E9-41FE-8EC0-117360E9082C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A8A0A348-6E08-45EA-BC3B-60ABDADC8A0B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{ABC9F424-7861-4561-82E0-CDD9B2205ACB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{AC294509-6334-4B1B-BA05-0D8FC9D0B7CE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hacker evolution\hacker evolution mod editor.exe |
"{B070299B-8DC2-495F-9A22-A25B2B943302}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B3A8CEAD-1325-4E3E-A92C-9357A3435AA1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B560B52D-77BE-4952-BFA6-B14BB0D602B8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{B5E58013-A369-4906-9CC8-2ECCBE709739}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5EE5F77-7893-4437-BE98-1DE85B1A5787}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B83E6973-F8D0-4791-B31D-6FEE88B2FD1D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{BE8B7509-C8CE-428B-BDA2-F4626054B723}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hacker evolution\hacker evolution.exe |
"{BF77EC98-8CD6-4FB2-960F-514B1A138997}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{C00D4B58-DB30-4352-8D8F-9F5C3837C729}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{C391050D-847F-4433-9EC1-68D5847C8FDE}" = protocol=1 | dir=in | [email protected],-28543 |
"{C5523321-A5E2-4FF3-B3E0-1302FD17F9F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\solar 2\solar2.exe |
"{C91273C4-8853-4B76-8AF6-15B2B5E3C849}" = protocol=58 | dir=in | [email protected],-28545 |
"{CB14912A-C78F-470E-9332-86D53EC8C689}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CDB01B39-1D12-4A2E-A86E-1078681787F7}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{CDB36214-FFD9-401E-BE08-2F040ACDE7C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CFD1B128-5751-4846-8AC2-0404C35763C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D2B4792B-5AF4-47AE-97DE-7403BB29FD23}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D2E0E0BD-EBB2-4539-A302-F09A2B33FCC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB5A174A-C5DF-462B-9A0A-CAAAFD9701E5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E0CFB2A5-8AAB-4274-A067-C7D8B7035086}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E191872C-581D-4543-842E-C3311918F6A6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E57E2E78-23BC-46E0-8337-B9DDA4A8C6B8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{E6FA1A8B-42F5-496F-99FF-78BED5EB5EBB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EA21BCD4-85E3-4590-A296-98A9D71398FA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ECA84E15-2F09-4873-AF43-7173DEF77EB9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{EDBA7EE4-E001-4FF6-9123-BBB8FE3AE7B7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F040449A-F44F-4DE5-8757-CD25D226B812}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F56CCEE4-8505-42D2-BEA6-32286DEE91C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{F810B2EF-9A7D-4DD4-8957-2EBE8F187A2B}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\roaming\spotify\spotify.exe |
"{FFBB1548-4BC6-4D17-A2F1-816B8C440026}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{2B60E81E-DDFC-443E-8F7C-E2E754DB7A9C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{60DB3422-E874-4E36-AA90-BF09E661BE7C}C:\program files (x86)\steam\steamapps\infinitelaundry\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\infinitelaundry\team fortress 2\hl2.exe |
"TCP Query User{6F62DCA6-C6E1-4A8C-B2F9-BF44DD3BCB09}C:\program files (x86)\analogx\proxy\proxy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\analogx\proxy\proxy.exe |
"TCP Query User{76CF5D8E-7F26-4986-9BF3-9961DB42AC43}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{89A025EB-0A57-4F50-84AF-C27451C8450A}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{A0737809-7988-4141-A3C0-4B6AD0CD1E50}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{C4E41CEC-CBA7-4832-BDF5-1E919A0816D0}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{D17C0ED0-FA4F-4E2D-8E44-354D64F01F95}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{D5A7E943-354B-4B68-8519-0C41D546840E}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"TCP Query User{FE724B3D-E281-4EA3-BA8D-BE088130811B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{FF616E1B-7BE0-4A23-BA72-59E8445821D4}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"UDP Query User{1F41ED2F-D667-4796-8793-7304D9A03EBE}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{3F4178C4-375D-493E-8DF8-378661F4E28B}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{3F54564E-4F3F-45C6-B5AE-9E078BF9D075}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{4C0F0E94-FF51-4EB5-AF64-8A58AAD04C53}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{501EBCFE-B672-4F37-9F26-2900F50C8024}C:\program files (x86)\analogx\proxy\proxy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\analogx\proxy\proxy.exe |
"UDP Query User{6947BD6D-B2BE-491B-AFFF-A762D90993A2}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{6B6064E9-1B0C-4543-9FCD-73D531B2604D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{B518C349-83F7-474B-8668-37ABB07F86E1}C:\program files (x86)\steam\steamapps\infinitelaundry\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\infinitelaundry\team fortress 2\hl2.exe |
"UDP Query User{CA74728C-5772-403A-A4BD-9EB2AF9C95E5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{D41F315F-3CE1-42B5-B57A-3FC168A7DCE5}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"UDP Query User{F6CF35AD-8B30-4714-B9FA-699F9B361C40}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021B6358-4373-3FC0-A0B4-4709B7E0D3E5}" = Microsoft .NET Framework 4 Extended NLD Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{2CDD9D22-AD67-4588-93AD-147C979F6E7C}" = AVG 2012
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B210B8A-B66E-4702-B44D-0D6F388D29EB}" = SpyHunter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.0.2
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D42F84B6-3709-4A50-8502-6719D16AE6C8}" = SRS Premium Sound Control Panel
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"ComicRack" = ComicRack v0.9.143
"Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Extended - NLD
"USB 2.0 VGA UVC WebCam" = USB 2.0 VGA UVC WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{331C520E-D8C3-4AB9-ADF7-A666A3561922}" = Alcor Micro USB Card Reader
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{51DD0602-CD28-4AA9-84BB-B8F8FC2F4DA5}" = Mindjet MindManager Pro 6
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7C4E0BED-7965-4C38-B68E-D896E75A727A}" = Kabobo
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{8142D25E-028A-4563-86ED-5755783C8029}" = Messenger Companion
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{865CD808-6D31-4269-9D36-693CFE75D26A}" = Express Gate
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90510409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 [English]
"{91120413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Editie 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-007A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skypeô 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Asus_ULSeries_ScreenSaver" = Asus_ULSeries_ScreenSaver
"Browser Defender_is1" = Browser Guard 4.0
"Catan Online Welt" = Catan Online World
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Google Chrome" = Google Chrome
"InstallShield_{331C520E-D8C3-4AB9-ADF7-A666A3561922}" = Alcor Micro USB Card Reader
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.61.0.1400
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF-XChange 3_is1" = PDF-XChange 3.0
"Revo Uninstaller" = Revo Uninstaller 1.93
"SABnzbd" = SABnzbd (remove only)
"Secunia PSI" = Secunia PSI
"SecureW2" = SecureW2 VU-Wireless
"ShapeCollage" = Shape Collage
"Spotify" = Spotify
"Spyware Doctor" = PC Tools Spyware Doctor 9.0
"Steam App 200900" = Cave Story+
"Steam App 40800" = Super Meat Boy
"Steam App 48000" = LIMBO
"Steam App 70100" = Hacker Evolution
"Steam App 93200" = Revenge of the Titans
"Steam App 98200" = Frozen Synapse
"Steam App 98800" = Dungeons of Dredmor
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = ĶTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10-May-12 9:38:36 PM | Computer Name = tuinslang | Source = SideBySide | ID = 16842785
Description = Kan activeringscontext voor 'C:\Program Files\P4G\MFC80U.DLL' niet
maken. Kan afhankelijke assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Error - 10-May-12 9:38:36 PM | Computer Name = tuinslang | Source = SideBySide | ID = 16842785
Description = Kan activeringscontext voor 'C:\Program Files\P4G\MFC80U.DLL' niet
maken. Kan afhankelijke assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Error - 10-May-12 9:38:41 PM | Computer Name = tuinslang | Source = SideBySide | ID = 16842785
Description = Kan activeringscontext voor 'C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe'
niet maken. Kan afhankelijke assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Error - 10-May-12 9:38:51 PM | Computer Name = tuinslang | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: FBAgent.exe, versie: 1.0.3.0, tijdstempel:
0x4aaf2451 Naam van module met fout: FBAgent.exe, versie: 1.0.3.0, tijdstempel:
0x4aaf2451 Uitzonderingscode: 0xc0000005 Foutoffset: 0x000000000002c9a2 Id van proces
met fout: 0x5e0 Starttijd van toepassing met fout: 0x01cd2f16b0877466 Pad naar toepassing
met fout: C:\Windows\system32\FBAgent.exe Pad naar module met fout: C:\Windows\system32\FBAgent.exe
Rapport-id:
0f286223-9b0a-11e1-b6ca-90e6ba70498b

Error - 11-May-12 12:35:17 AM | Computer Name = tuinslang | Source = SideBySide | ID = 16842785
Description = Kan activeringscontext voor 'C:\Program Files\WIDCOMM\Bluetooth Software\BtRez.dll'
niet maken. Kan afhankelijke assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Error - 11-May-12 12:35:56 AM | Computer Name = tuinslang | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: FBAgent.exe, versie: 1.0.3.0, tijdstempel:
0x4aaf2451 Naam van module met fout: FBAgent.exe, versie: 1.0.3.0, tijdstempel:
0x4aaf2451 Uitzonderingscode: 0xc0000005 Foutoffset: 0x000000000002c9a2 Id van proces
met fout: 0x584 Starttijd van toepassing met fout: 0x01cd2f2f73f27e89 Pad naar toepassing
met fout: C:\Windows\system32\FBAgent.exe Pad naar module met fout: C:\Windows\system32\FBAgent.exe
Rapport-id:
cc002952-9b22-11e1-963b-90e6ba70498b

Error - 11-May-12 12:36:29 AM | Computer Name = tuinslang | Source = SideBySide | ID = 16842785
Description = Kan activeringscontext voor 'C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe'
niet maken. Kan afhankelijke assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Error - 11-May-12 12:37:42 AM | Computer Name = tuinslang | Source = SideBySide | ID = 16842785
Description = Kan activeringscontext voor 'C:\Program Files\P4G\MFC80U.DLL' niet
maken. Kan afhankelijke assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Error - 11-May-12 12:37:42 AM | Computer Name = tuinslang | Source = SideBySide | ID = 16842785
Description = Kan activeringscontext voor 'C:\Program Files\P4G\MFC80U.DLL' niet
maken. Kan afhankelijke assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Error - 11-May-12 9:01:01 AM | Computer Name = tuinslang | Source = Application Hang | ID = 1002
Description = Het programma RomeTW.exe, versie 1.0.0.0 reageert niet meer op Windows
en is afgesloten. Als u wilt zien of er meer informatie over het probleem beschikbaar
is, raadpleegt u de probleemgeschiedenis in het onderdeel Onderhoudscentrum in
het Configuratiescherm. Proces-id: 16c0 Starttijd: 01cd2f70c5345074 Eindtijd: 744 Toepassingspad:
C:\Program Files (x86)\The Creative Assembly\Rome - Total War\RomeTW.exe Rapport-id:


[ System Events ]
Error - 10-May-12 10:38:42 AM | Computer Name = tuinslang | Source = PCTCore | ID = 327960
Description =

Error - 10-May-12 10:38:43 AM | Computer Name = tuinslang | Source = PCTCore | ID = 327960
Description =

Error - 10-May-12 2:35:17 PM | Computer Name = tuinslang | Source = Service Control Manager | ID = 7034
Description = De AFBAgent-service is onverwacht beŽindigd. Dit is nu 1 keer gebeurd.

Error - 10-May-12 4:59:36 PM | Computer Name = tuinslang | Source = Service Control Manager | ID = 7034
Description = De AFBAgent-service is onverwacht beŽindigd. Dit is nu 1 keer gebeurd.

Error - 10-May-12 7:43:54 PM | Computer Name = tuinslang | Source = volsnap | ID = 393251
Description = Bij de schaduwkopieŽn van volume C: zijn afgebroken omdat de schaduwkopieopslag
niet kan worden uitgebreid.

Error - 10-May-12 9:38:53 PM | Computer Name = tuinslang | Source = Service Control Manager | ID = 7034
Description = De AFBAgent-service is onverwacht beŽindigd. Dit is nu 1 keer gebeurd.

Error - 11-May-12 12:20:50 AM | Computer Name = tuinslang | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 11-May-12 12:36:00 AM | Computer Name = tuinslang | Source = Service Control Manager | ID = 7034
Description = De AFBAgent-service is onverwacht beŽindigd. Dit is nu 1 keer gebeurd.

Error - 11-May-12 9:19:37 AM | Computer Name = tuinslang | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Windows Error Reporting Service.

Error - 11-May-12 9:42:31 AM | Computer Name = tuinslang | Source = Service Control Manager | ID = 7034
Description = De PC Tools Security Service-service is onverwacht beŽindigd. Dit
is nu 1 keer gebeurd.


< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there what are your current problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000625d3861112
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.startup.homepage: "http://search.babylo...babsrc=HP_Prot"
    FF - prefs.js..keyword.URL: "http://search.babylo...625d3861112&q="
    [2012-05-07 10:49:18 | 000,002,356 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012-05-07 10:49:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Babylon
    [2012-05-07 10:49:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Babylon
    [2012-05-07 10:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012-05-07 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Babylon

    :Files
    ipconfig /flushdns /c

    :Commands
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#5
Dr Heisenberg

Dr Heisenberg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
New OTL log:

OTL logfile created on: 12-May-12 8:56:24 AM - Run 2
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Administrator\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Verenigde Staten | Language: ENU | Date Format: dd-MMM-yy

3.97 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 63.78% Memory free
7.93 Gb Paging File | 6.39 Gb Available in Paging File | 80.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 2.92 Gb Free Space | 1.96% Space Free | Partition Type: NTFS
Drive D: | 134.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: TUINSLANG | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-05-11 15:19:12 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2012-05-03 17:42:06 | 000,932,528 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012-05-02 23:49:16 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-04-13 14:28:36 | 000,575,416 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012-01-24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011-10-12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011-08-02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2009-08-17 18:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009-08-13 01:06:14 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009-07-24 19:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009-07-16 19:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009-06-19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009-06-19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009-06-16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009-05-19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009-04-20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008-12-23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008-08-14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008-08-14 05:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008-07-19 04:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012-05-06 21:31:09 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012-05-03 17:42:06 | 000,932,528 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012-05-02 23:49:16 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011-06-24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-06-24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009-08-13 01:06:14 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009-07-24 19:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2008-08-28 01:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008-06-09 18:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007-11-30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010-09-22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009-09-15 22:21:58 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-02 03:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2007-08-08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012-05-06 21:31:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-05-02 23:49:16 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-04-23 14:17:18 | 001,118,648 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012-04-23 13:11:58 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012-04-13 14:28:36 | 000,575,416 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-10-12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011-08-02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011-07-02 13:22:44 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV:64bit: - [2012-04-23 14:18:02 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012-04-23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012-04-13 14:28:56 | 000,085,192 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012-04-04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012-02-28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2011-10-13 13:05:50 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011-10-07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011-09-13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011-08-08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011-07-11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011-07-11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011-07-11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011-07-11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011-05-10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-03-02 17:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-09-23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010-05-28 13:04:52 | 000,017,456 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010-03-15 09:45:28 | 000,145,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2010-03-10 09:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009-12-21 19:58:56 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009-12-20 18:41:12 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009-10-05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009-08-12 07:45:29 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009-07-20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-09 05:11:41 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009-07-01 06:46:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009-07-01 06:46:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009-07-01 06:46:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009-06-10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-06-05 12:15:55 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009-06-04 12:54:35 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-05-13 03:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009-04-27 10:25:57 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009-04-07 09:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008-05-24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008-03-13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007-07-24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2011-06-02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..network.proxy.autoconfig_url: "http://www.ubvu.vu.nl/ubvu.pac"
FF - prefs.js..network.proxy.type: 2


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012-02-01 09:15:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012-05-10 16:37:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-05-02 23:49:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-04-15 11:51:44 | 000,000,000 | ---D | M]

[2011-08-09 13:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012-05-10 15:21:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\lgp9iacv.default\extensions
[2012-05-07 10:49:47 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\lgp9iacv.default\extensions\[email protected]
[2012-05-02 23:49:50 | 000,000,000 | ---D | M] (Woordenboek Nederlands) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\lgp9iacv.default\extensions\[email protected]
[2012-05-02 23:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011-10-19 09:27:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-05-02 23:38:11 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LGP9IACV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012-05-10 15:21:48 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LGP9IACV.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012-05-02 23:49:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010-07-01 16:41:50 | 000,050,336 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npBFPlugin.dll
[2011-11-10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012-05-02 23:49:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012-05-02 23:49:14 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylo...}&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: npruntime scriptable plugin for beanfun (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBFPlugin.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Angry Birds = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Portal = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebnpaodjnkokpiahkhcjdjehififhgo\3.5_0\
CHR - Extension: Nieuws = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhpjlnpndlmgfcdojdbhmkodnekebnib\42_0\
CHR - Extension: Monster Dash = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0\
CHR - Extension: Weerplaza = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djakjaebiehcbcjclfgifnhipfcobpaa\41_0\
CHR - Extension: Codecv = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dopbjbcnddeafehncniiodgcfjchbjob\1.0_0\
CHR - Extension: Pool = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\elpllolimgdplahhfppjkplanncepfnh\1.0_0\
CHR - Extension: AdBlock = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.15_0\
CHR - Extension: Het RGB Spel = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnieofmjopiiifehpejcgcpailcndege\1.2.2.1_0\
CHR - Extension: Aperture Science Network Interface (Blue) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddpjgadbhnefiopiagpjbocgbhbjngc\1_0\
CHR - Extension: AVG Safe Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Zombie Pandemic = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkicdgidnfmdfnhhllffoplpaldkljl\1_0\
CHR - Extension: Appie = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pidjpfnhaidmahnblgikaaadclebmoio\1.1_0\

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Codecv Class) - {30B1AFA5-0242-443A-90F2-5AAFA5B0C6C2} - C:\ProgramData\Codecv\bhoclass.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files (x86)\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [pdfSaver3] File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Administrator\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files (x86)\Mindjet\MindManager 6\Mm6InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24033667-75B0-442E-BD13-E8BC8EDD9A80}: DhcpNameServer = 212.54.35.25 212.54.40.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CB20EBE-A572-49E7-B933-65FFEE04BD75}: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{748C0CB8-C0DD-4302-8BB1-B99223A7B46B}: DhcpNameServer = 212.54.40.25 212.54.35.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C61810E8-D987-4DAF-A9EB-70987305ECF6}: DhcpNameServer = 192.168.2.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-05-12 08:51:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-05-12 08:44:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012-05-11 07:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012-05-11 07:00:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012-05-11 03:07:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012-05-10 17:49:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012-05-10 17:49:09 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012-05-10 17:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012-05-10 16:37:15 | 000,085,192 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012-05-10 16:37:13 | 002,271,160 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012-05-10 16:37:13 | 000,149,432 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012-05-10 16:37:12 | 001,681,336 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012-05-10 16:35:50 | 000,341,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012-05-10 16:35:50 | 000,145,432 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012-05-10 16:35:43 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012-05-10 16:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012-05-10 16:35:37 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012-05-10 16:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012-05-10 16:34:23 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012-05-10 16:34:23 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012-05-10 16:34:19 | 000,426,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012-05-10 16:34:15 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012-05-10 16:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012-05-10 16:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012-05-10 16:33:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TestApp
[2012-05-10 15:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catan - Het kaartspel
[2012-05-10 15:44:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Catan - Het kaartspel
[2012-05-10 11:50:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catan GmbH
[2012-05-10 11:50:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\COW
[2012-05-10 11:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Catan GmbH
[2012-05-10 11:14:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012-05-10 11:13:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012-05-07 10:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012-05-07 10:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
[2012-05-07 10:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv
[2012-05-07 10:48:55 | 000,000,000 | ---D | C] -- C:\codec-info
[2012-05-07 10:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012-05-02 23:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012-05-02 23:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012-04-27 02:48:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\DUWO
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-05-12 09:01:46 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-05-12 09:01:46 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-05-12 09:00:16 | 097,897,706 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012-05-12 08:54:40 | 000,005,938 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012-05-12 08:54:13 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-05-12 08:53:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-05-12 08:53:54 | 3193,884,672 | -HS- | M] () -- C:\hiberfil.sys
[2012-05-12 08:48:21 | 000,001,545 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012-05-12 08:39:09 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-05-12 08:39:08 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-05-11 22:43:00 | 000,463,226 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012-05-11 07:00:11 | 000,001,266 | ---- | M] () -- C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
[2012-05-11 02:17:57 | 002,129,671 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012-05-10 20:40:22 | 001,663,904 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-05-10 20:40:22 | 000,743,554 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012-05-10 20:40:22 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-05-10 20:40:22 | 000,152,638 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012-05-10 20:40:22 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-05-10 20:30:27 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-05-10 17:49:11 | 000,002,272 | ---- | M] () -- C:\Users\Administrator\Desktop\SpyHunter.lnk
[2012-05-10 16:35:43 | 000,002,243 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
[2012-05-10 11:50:58 | 000,001,239 | ---- | M] () -- C:\Users\Administrator\Desktop\Catan Online World.lnk
[2012-05-07 10:49:30 | 000,000,254 | ---- | M] () -- C:\user.js
[2012-04-23 14:18:26 | 000,092,896 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012-04-23 14:18:02 | 000,251,528 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012-04-23 14:17:02 | 000,014,776 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012-04-23 14:12:56 | 000,145,432 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012-04-23 14:12:50 | 000,341,168 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012-04-23 12:36:50 | 000,426,616 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012-04-15 11:51:44 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012-04-13 14:28:56 | 000,085,192 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012-04-13 14:28:50 | 000,149,432 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012-04-13 14:28:48 | 002,271,160 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012-04-13 14:28:48 | 001,681,336 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012-04-13 14:28:30 | 000,767,928 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2012-04-13 13:55:04 | 000,003,488 | ---- | M] () -- C:\Windows\UDB.zip
[2012-04-13 13:55:04 | 000,000,882 | ---- | M] () -- C:\Windows\RegSDImport.xml
[2012-04-13 13:55:04 | 000,000,879 | ---- | M] () -- C:\Windows\RegISSImport.xml
[2012-04-13 13:55:04 | 000,000,131 | ---- | M] () -- C:\Windows\IDB.zip
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-05-11 07:00:11 | 000,001,266 | ---- | C] () -- C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
[2012-05-10 20:30:27 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-05-10 17:49:11 | 000,002,272 | ---- | C] () -- C:\Users\Administrator\Desktop\SpyHunter.lnk
[2012-05-10 16:37:14 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012-05-10 16:37:13 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012-05-10 16:37:13 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012-05-10 16:37:13 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012-05-10 16:37:13 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012-05-10 16:35:43 | 000,002,243 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
[2012-05-10 16:34:26 | 002,129,671 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012-05-10 11:50:58 | 000,001,239 | ---- | C] () -- C:\Users\Administrator\Desktop\Catan Online World.lnk
[2012-05-07 10:49:28 | 000,000,254 | ---- | C] () -- C:\user.js
[2012-04-15 11:51:44 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012-04-12 11:25:31 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-02-23 18:17:36 | 000,000,017 | ---- | C] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg
[2012-02-18 16:08:55 | 000,024,576 | ---- | C] () -- C:\Windows\UniFISH.exe
[2011-08-22 08:54:46 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Local\{52D9F23F-13F4-45D8-ADD6-9101DD17DF62}
[2011-08-09 13:41:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011-05-02 12:14:15 | 000,000,096 | ---- | C] () -- C:\ProgramData\anwblog2008.cfg
[2011-02-27 01:04:48 | 001,642,064 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010-08-25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010-08-25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010-08-25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== LOP Check ==========

[2012-02-23 11:11:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG
[2012-01-26 16:25:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG2012
[2012-01-27 14:18:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012-05-10 11:53:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\COW
[2011-09-15 10:40:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\cYo
[2011-12-30 15:24:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LightFish
[2011-11-06 18:28:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MoreTerra
[2012-05-10 20:11:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Spotify
[2012-01-14 18:17:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2012-05-10 16:33:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TestApp
[2012-01-26 12:33:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2012-05-10 22:57:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2011-08-09 16:12:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\wargaming.net
[2011-12-19 14:48:03 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >

--------------------------------------------------------------------------------

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-12 09:17:41
-----------------------------
09:17:41.689 OS Version: Windows x64 6.1.7601 Service Pack 1
09:17:41.689 Number of processors: 2 586 0x170A
09:17:41.692 ComputerName: TUINSLANG UserName:
09:17:43.117 Initialize success
09:18:16.889 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:18:16.892 Disk 0 Vendor: ST932032 0002 Size: 305245MB BusType: 3
09:18:16.915 Disk 0 MBR read successfully
09:18:16.918 Disk 0 MBR scan
09:18:16.921 Disk 0 Windows VISTA default MBR code
09:18:16.927 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 14997 MB offset 2048
09:18:16.943 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 30715904
09:18:16.948 Disk 0 Partition - 00 0F Extended LBA 137619 MB offset 343292985
09:18:16.973 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 137619 MB offset 343293048
09:18:17.030 Disk 0 scanning C:\Windows\system32\drivers
09:18:26.694 Service scanning
09:18:41.541 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
09:18:45.900 Modules scanning
09:18:45.917 Disk 0 trace - called modules:
09:18:46.028 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys iaStor.sys spsl.sys hal.dll
09:18:46.037 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cc6060]
09:18:46.045 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa8004cc58b0]
09:18:46.053 5 PCTCore64.sys[fffff88000c1b720] -> nt!IofCallDriver -> [0xfffffa8004b7a8c0]
09:18:46.060 7 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004b7b050]
09:18:46.069 Scan finished successfully
09:19:13.337 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
09:19:13.345 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still getting redirected ? If so is it in Chrome, IE or Firefox ?
  • 0

#7
Dr Heisenberg

Dr Heisenberg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I'm not getting redirected as much as a couple of days ago. But when i try to make a search in the url bar in both chrome and FF the browser uses a search engine called babylon. I never selected babylon to be my default search engine. thx for you quick and clear guidance btw!
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Darn I thought I had removed all of that ..

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    [2012-05-07 10:49:47 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\lgp9iacv.default\extensions\[email protected]
    O2 - BHO: (Codecv Class) - {30B1AFA5-0242-443A-90F2-5AAFA5B0C6C2} - C:\ProgramData\Codecv\bhoclass.dll ()
    [2012-05-07 10:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
    [2012-05-07 10:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv
    [2012-05-07 10:48:55 | 000,000,000 | ---D | C] -- C:\codec-info
    [2012-05-07 10:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

You will need to reset Chrome manually

There are details here on how to do that
  • 0

#9
Dr Heisenberg

Dr Heisenberg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
In not getting redirected anymore! thank you so much.

here is the latest OTL log:

All processes killed
========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\lgp9iacv.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\lgp9iacv.default\extensions\[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30B1AFA5-0242-443A-90F2-5AAFA5B0C6C2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30B1AFA5-0242-443A-90F2-5AAFA5B0C6C2}\ deleted successfully.
C:\ProgramData\Codecv\bhoclass.dll moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv folder moved successfully.
C:\ProgramData\Codecv folder moved successfully.
C:\codec-info folder moved successfully.
C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\BB3DA80EF703F4AF folder moved successfully.
C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632} folder moved successfully.
C:\ProgramData\InstallMate folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-configuratie
De DNS-omzettingscache is leeggemaakt.
C:\Users\Administrator\Downloads\cmd.bat deleted successfully.
C:\Users\Administrator\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 696286951 bytes
->Temporary Internet Files folder emptied: 723432 bytes
->Java cache emptied: 351042 bytes
->FireFox cache emptied: 403777283 bytes
->Google Chrome cache emptied: 214936013 bytes
->Flash cache emptied: 4112 bytes

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sebastiaan

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 889314 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105732567 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67753 bytes
RecycleBin emptied: 1064 bytes

Total Files Cleaned = 1,357.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.3 log created on 05122012_160146

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP