Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/ATRAPS.Gen2 removal [Solved]


  • This topic is locked This topic is locked

#1
moriarty

moriarty

    Member

  • Member
  • PipPip
  • 35 posts
Hey there.

My Anti-Virus program Avira keeps detecting two viruses in my C:\\Windows\Installer folder. I can't seem to locate the files and Avira wont delete them somehow (Access denied)

I'm running 64-bit Windows 7

Things I've tried so far:

Turning off systemprotection --> Tried to run a full scan on safemode (Avira).
Unfortunately this didn't work.

Downloaded Malwarebytes and made a quick scan
It did detect and delete som registry files, but the two viruses Avira detects keeps popping up in Avira.

Malwarebytes doesn't detect any viruses after I've made the quickscan and reboot, but Avira still does and it's the same two viruses.

Main symptoms:
- The viruses edit my settings

I've attached an OTL report, an Avira report and a Malwarebyte report.
Attached File  OTL.Txt   145.57KB   106 downloads
Attached File  AVSCAN-20120606-144107-28109975.LOG   18.45KB   132 downloads
Attached File  mbam-log-2012-06-06 (14-19-38).txt   4.54KB   112 downloads

LOOK BELOW (I HAVE PASTED THEM INTO A POST)

In advance: Thank you very much for your time. All help is appreciated and I'll happily give a cup of coffee to the person that find time into their schedule to help me out. Viruses are a bit scary :-O

If I forgot anything in this post, please just say so and I'll try to update my thread within very short time.

Kind regards,
Mathias
Denmark

Edited by moriarty, 07 June 2012 - 02:20 AM.

  • 0

Advertisements


#2
moriarty

moriarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I saw another thread, so here is my OTL log and aswMBR log pasted in.
I did the same thing this guy was asked for: http://www.geekstogo...angen2-removal/

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-07 10:11:00
-----------------------------
10:11:00.238 OS Version: Windows x64 6.1.7601 Service Pack 1
10:11:00.238 Number of processors: 2 586 0x2502
10:11:00.238 ComputerName: PC-MATHIAS UserName: Mathias
10:11:04.084 Initialize success
10:11:23.018 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:11:23.018 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
10:11:23.048 Disk 0 MBR read successfully
10:11:23.048 Disk 0 MBR scan
10:11:23.048 Disk 0 Windows 7 default MBR code
10:11:23.078 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
10:11:23.098 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
10:11:23.108 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462502 MB offset 29566976
10:11:23.138 Disk 0 scanning C:\Windows\system32\drivers
10:11:31.708 Service scanning
10:11:58.017 Modules scanning
10:11:58.027 Disk 0 trace - called modules:
10:11:58.617 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
10:11:58.637 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a62060]
10:11:58.977 3 CLASSPNP.SYS[fffff88001d4943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006894050]
10:11:58.977 Scan finished successfully
10:13:38.082 Disk 0 MBR has been saved successfully to "C:\Users\Mathias\Desktop\MBR.dat"
10:13:38.082 The log file has been saved successfully to "C:\Users\Mathias\Desktop\aswMBR.txt"

OTL:

OTL logfile created on: 6/7/2012 10:21:26 AM - Run 2
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Mathias\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

5.87 Gb Total Physical Memory | 3.66 Gb Available Physical Memory | 62.36% Memory free
11.73 Gb Paging File | 9.17 Gb Available in Paging File | 78.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.66 Gb Total Space | 344.98 Gb Free Space | 76.38% Space Free | Partition Type: NTFS

Computer Name: PC-MATHIAS | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/07 10:10:58 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Mathias\Desktop\aswMBR.exe
PRC - [2012/06/06 15:17:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
PRC - [2012/06/05 16:58:42 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/05/24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/11 21:29:55 | 006,380,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/04/23 14:07:52 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/01 16:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/04 00:15:42 | 001,480,032 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2010/04/09 18:49:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/04/08 06:18:40 | 000,908,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/04/08 06:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/04/08 06:18:40 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/03/18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010/03/09 01:56:08 | 000,258,560 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2009/05/20 17:59:44 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2009/05/20 17:59:34 | 000,057,672 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/04 14:02:48 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c58ed24f4ccd3b501875276dd33a38b3\IAStorUtil.ni.dll
MOD - [2012/06/04 14:02:48 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9683045ca0d578eccdd0e857596aa002\IAStorCommon.ni.dll
MOD - [2012/05/10 15:32:53 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/10 15:32:35 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/10 14:51:32 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll
MOD - [2012/05/10 14:51:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 14:51:21 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/10 14:51:09 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012/05/10 14:50:52 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/10 14:50:43 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/10 14:50:39 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012/05/10 14:50:25 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 14:50:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 14:50:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 14:50:12 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 14:50:05 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/30 13:32:30 | 007,158,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.51.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
MOD - [2010/12/30 13:32:30 | 000,444,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.51.0__bebb3c8816410241\AlienwareAlienFXTools.dll
MOD - [2010/12/30 13:32:30 | 000,073,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.49.0__bebb3c8816410241\AlienLabsTools.dll
MOD - [2010/12/30 13:32:30 | 000,031,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.49.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
MOD - [2010/12/30 13:32:30 | 000,024,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.51.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
MOD - [2010/12/30 13:32:29 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
MOD - [2010/12/30 13:32:29 | 000,035,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
MOD - [2010/12/30 13:32:29 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
MOD - [2010/12/30 13:32:29 | 000,027,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
MOD - [2010/12/30 13:32:29 | 000,024,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.51.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
MOD - [2010/12/30 13:32:29 | 000,019,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.51.0__bebb3c8816410241\AlienFX.Communication.Core.dll
MOD - [2010/12/30 13:32:29 | 000,014,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.51.0__bebb3c8816410241\AlienFX.Communication.dll
MOD - [2010/11/13 04:03:52 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/07/03 01:10:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_da_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/05/04 00:15:46 | 000,038,136 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2010/05/04 00:15:34 | 000,046,328 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2010/04/09 18:49:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2010/03/09 02:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/05/20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/09/17 12:33:26 | 000,430,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV:64bit: - [2010/03/17 19:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/22 10:17:44 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV:64bit: - [2009/07/14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV - [2012/06/05 16:58:43 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/13 14:33:18 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/14 17:10:29 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010/10/30 18:07:24 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/08 06:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/07/14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/03/30 04:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/07/12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/19 10:56:42 | 000,245,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/21 11:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/12/10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/22 18:10:56 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/04/22 18:10:40 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/04/22 18:10:32 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/03/30 04:53:56 | 000,311,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0103.sys -- (RsFx0103)
DRV:64bit: - [2000/01/01 02:00:00 | 001,108,000 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...34z175f4692c581
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...34z175f4692c581
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...34z175f4692c581
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...34z175f4692c581
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...34z175f4692c581
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...PW_daDK403DK403
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mathias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/20 23:21:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/28 11:08:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/06 19:18:48 | 000,000,000 | ---D | M]

[2010/11/01 16:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions
[2012/06/05 13:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\aes4uofn.default\extensions
[2012/06/05 13:56:09 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\aes4uofn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/03/21 08:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/20 23:21:32 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/05/31 17:47:16 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AES4UOFN.DEFAULT\EXTENSIONS\[email protected]
[2012/05/13 14:33:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/11 16:49:06 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml
[2012/04/11 16:49:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/11 16:49:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml

O1 HOSTS File: ([2011/01/27 15:00:57 | 000,001,211 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001..\Run: [DriverScanner] C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001..\Run: [Facebook Update] C:\Users\Mathias\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001..\Run: [Spotify] "C:\Users\Mathias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W45AU5O8\Spotify Installer.exe" /uri spotify:autostart File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..Trusted Domains: danskebank.dk ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.dans...B/e-Safekey.cab (e-Safekey)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{607EA30D-07AD-4503-9480-31099B7E3EB6}: DhcpNameServer = 194.239.134.83 193.162.153.164
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBED4A35-6E24-42C8-A044-DCA2CFF7401C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{43c22cee-e5cc-11df-9c41-88ae1d0a9f8e}\Shell - "" = AutoRun
O33 - MountPoints2\{43c22cee-e5cc-11df-9c41-88ae1d0a9f8e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/07 10:10:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Mathias\Desktop\aswMBR.exe
[2012/06/07 09:58:04 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{ADE7F102-B858-483B-8340-8A2BB0251D79}
[2012/06/07 09:57:54 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{F106D34E-4230-4026-968B-2FD02F137F3C}
[2012/06/06 19:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/06/06 19:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/06/06 19:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/06/06 19:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/06/06 19:15:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/06 19:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/06/06 15:17:52 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
[2012/06/06 14:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/06/06 14:21:31 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Uniblue
[2012/06/06 14:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2012/06/06 14:21:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2012/06/06 14:19:02 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes
[2012/06/06 14:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/06 14:18:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/06 14:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/06 14:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/06 14:12:26 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{94DEFB5E-14AA-4B69-8A94-D6F6E5B893DC}
[2012/06/06 14:12:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{9AEA0439-0638-4B2B-A353-F817070DA04B}
[2012/06/06 08:59:34 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{4969F2F8-DAAA-4AF1-925F-2071092C7690}
[2012/06/05 14:01:11 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Avira
[2012/06/05 14:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/05 13:59:52 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/06/05 13:59:52 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/06/05 13:59:52 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/06/05 13:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/06/05 13:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/06/05 13:17:18 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/05 11:40:33 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{A42F39DD-130B-4A1C-972F-E01D63B30167}
[2012/06/05 11:40:21 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{27B1BFF1-75DA-4D83-9C34-1A804361FBEE}
[2012/06/04 14:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2012/06/04 12:35:44 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{CCC58789-89B2-43CD-ABAE-9213E84C19A6}
[2012/06/04 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{E99129F8-1D59-47F3-97C3-346FBB30BCA6}
[2012/06/03 13:18:51 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{B37BFE40-323E-44E0-B7CD-289B040D309A}
[2012/06/03 13:18:39 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{723D6BEF-258B-4034-AAC1-12667636ED78}
[2012/06/03 00:00:59 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{AED37CD5-E7EE-44F6-BCC1-D4A9A5985AE2}
[2012/06/02 12:00:37 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{1D0654CA-1128-4A71-A286-5F33469A0664}
[2012/06/01 18:12:54 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{91B64611-C182-4B67-8873-DA5A44D1062B}
[2012/06/01 18:12:43 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{B285DC31-38AD-4593-ADA2-8E3D34E4C483}
[2012/05/31 10:31:37 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{B4D08A30-4DD1-47B9-821F-C4FB44B25210}
[2012/05/31 10:31:27 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{802CFFCE-7BA4-4AC1-A3FE-B70E408D7534}
[2012/05/30 23:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F1D000CCEA3006471E7B4EB2367
[2012/05/30 22:31:03 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{E35BAEC2-4BFD-47EB-B6B8-F9139167E7D1}
[2012/05/30 22:30:53 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{4177D3F4-60D0-4E23-BEE7-1262380B5CCB}
[2012/05/30 18:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLabs FreeWare 5.0
[2012/05/30 18:04:56 | 000,000,000 | ---D | C] -- C:\ACDFREE5
[2012/05/30 10:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/30 10:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/30 10:30:08 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{E92A34B4-6A3D-4798-AE01-8066E8520DE9}
[2012/05/30 10:29:25 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{52CBB93E-86A6-4156-BB78-9CBF3B934710}
[2012/05/29 20:45:59 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{678AE3BB-663C-464B-B07D-2F1E9D69177F}
[2012/05/29 20:45:49 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{A076C0DA-A9CC-4609-9B9A-6426A852EA39}
[2012/05/29 08:45:23 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{0B38F6CA-8611-42F2-88EE-C3AFC88F1642}
[2012/05/29 08:45:12 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{16BBB355-4BF4-4FE2-B25B-F2F251137C66}
[2012/05/28 11:09:53 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{61A593AD-0F9F-46DD-96D3-8932AF7B0610}
[2012/05/28 11:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/28 11:07:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/05/27 23:09:21 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{6E337E71-5DA5-4331-86A4-BFE2EDC2D31F}
[2012/05/27 23:09:05 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{E299A250-A035-4A04-BCB3-7CA7E2CD6AF0}
[2012/05/27 09:26:56 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{40786F87-BD2F-4B85-B47C-34087955D8B3}
[2012/05/26 10:57:08 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{9746574B-0FF7-4DC6-86C7-DAC978EC85C1}
[2012/05/26 10:56:57 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{B9D9811C-CFAD-476C-A639-829200D37A6A}
[2012/05/25 14:24:32 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{732D23BC-A525-4898-87D7-606EA131BF55}
[2012/05/25 14:24:21 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{76A7143F-5B66-43BA-A859-F0780613AF93}
[2012/05/24 14:24:31 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{1B5BC53B-255E-4B07-8E6D-5DAC9B2B7282}
[2012/05/24 14:24:15 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{113D24E4-4750-489E-B9A0-2A1956CE6E9D}
[2012/05/23 14:04:33 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{580C5051-7BF1-4C18-9487-C1CCE80D6A14}
[2012/05/23 14:04:15 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{59121983-C609-449B-AB24-AB8BE3D1FBD1}
[2012/05/22 15:45:09 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{8E144E08-52A2-4BDF-BEF0-987AC1C383DC}
[2012/05/22 15:44:57 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{16BFF7E4-59AD-416E-BBEA-A244D84FFB1C}
[2012/05/21 15:27:45 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{7696B009-E763-4C8B-8E72-678C6702E5DC}
[2012/05/21 15:27:26 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{9EE64722-B9CA-48FF-9831-CA6432D4876A}
[2012/05/20 18:36:02 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{D42ECE92-940F-4157-BEF4-D0CEEB555169}
[2012/05/20 18:35:43 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{FC60597A-AA84-4DEB-BD79-21E206FCA5E8}
[2012/05/19 23:47:06 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{65044252-C771-4856-B3D9-31E7B259A2A5}
[2012/05/19 23:46:56 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{2953E000-0EAA-48D5-94FA-27045155CED1}
[2012/05/19 11:46:19 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{4E003B44-1C4D-4124-9A7B-FAD7427C928D}
[2012/05/19 11:45:33 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{7D2BF197-67CD-4356-B443-2B2B2C76E947}
[2012/05/19 02:20:12 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\NVIDIA
[2012/05/18 12:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2012/05/18 12:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/05/18 12:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/05/18 12:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2012/05/18 10:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/05/18 10:45:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/05/18 10:45:00 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/05/18 10:44:59 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/05/18 10:44:59 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/05/18 10:44:58 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012/05/18 10:44:58 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012/05/18 10:44:55 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012/05/18 10:44:54 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012/05/18 10:44:54 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012/05/18 10:44:54 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012/05/18 10:44:49 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/05/18 10:44:49 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/05/18 10:44:48 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/05/18 10:44:48 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/05/18 10:44:47 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/05/18 10:44:47 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/05/18 10:44:45 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012/05/18 10:44:45 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012/05/18 10:44:45 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012/05/18 10:44:45 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012/05/18 10:44:44 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012/05/18 10:44:43 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012/05/18 10:44:43 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012/05/18 10:44:42 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/05/18 10:44:42 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012/05/18 10:44:42 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012/05/18 10:44:41 | 000,603,472 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012/05/18 10:44:30 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/05/18 10:44:30 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012/05/18 10:44:29 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012/05/18 10:44:29 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012/05/18 10:44:29 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012/05/18 10:44:29 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012/05/18 10:44:28 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012/05/18 10:44:28 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012/05/18 10:44:28 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012/05/18 10:44:28 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012/05/18 10:44:28 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012/05/18 10:44:28 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012/05/18 10:44:27 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012/05/18 10:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2012/05/18 10:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2012/05/18 10:31:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012/05/18 10:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
[2012/05/18 10:17:04 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{C4D02409-6C22-49CD-95A4-A0C41DB6C797}
[2012/05/18 10:16:47 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{636E63C3-C054-4AF7-AF86-3A591465880A}
[2012/05/17 22:06:18 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{BC426893-861F-429E-AEA4-10E7A30D6344}
[2012/05/17 22:06:08 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{61A48F0F-4820-4184-8748-255487ADD67F}
[2012/05/17 20:22:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\SlimWare Utilities Inc
[2012/05/17 20:15:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/05/17 10:05:40 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{B031B7DF-46DB-4391-A323-1A6CAB3A7FB1}
[2012/05/17 10:05:29 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{97F30DA2-DA3F-404C-BC24-4069362622AC}
[2012/05/16 14:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/05/16 14:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/05/16 14:17:01 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/05/16 14:17:01 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/05/16 14:15:13 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/05/16 14:10:00 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{D9BFDCB3-B300-4E69-8F75-A82FC1A12660}
[2012/05/16 14:09:41 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{789E1343-CA8A-4C18-8DD4-A1ADCB8F3EA2}
[2012/05/16 07:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/16 07:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012/05/15 19:56:37 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{622655B9-B587-4653-937B-A6EDFA80B66A}
[2012/05/15 07:31:39 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{5AC1ABC7-ED73-4EDD-9E25-FD2ED1AB1721}
[2012/05/15 07:31:29 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{90C50C63-11DE-4BCE-81F9-1BA9C970D2F0}
[2012/05/14 07:44:11 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{0F22E6BD-30A7-4286-9F80-BA418A987CA4}
[2012/05/13 16:44:23 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{032FA830-D049-4E62-86CC-22970F1EDBFE}
[2012/05/13 16:44:13 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{FA9057F9-BA8F-4B92-81C8-DAD48A98E5D0}
[2012/05/13 14:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/13 14:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/12 09:35:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{022C3E45-8C85-4FBE-8AA1-CB58B46681E0}
[2012/05/12 09:35:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{9B1D37A2-5CC2-4FB5-B37B-AD93A79CA223}
[2012/05/11 16:23:14 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{55AEC0F5-6F2E-4C79-A6CA-7740C2B8EFDF}
[2012/05/11 16:23:03 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{750FB590-94B7-40AE-92B6-A0C2C1024E78}
[2012/05/10 14:45:24 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{6369E327-B4F7-4FEE-94EF-76370FF8F38A}
[2012/05/10 14:45:07 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{F548830D-3ACD-42D6-8FEE-1F219345F74C}
[2012/05/09 14:49:21 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{28F00A28-631F-487D-82E9-D13EC5537783}
[2012/05/09 14:49:06 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{EA7C251C-FE63-4C98-A1D8-480FC564C537}
[2012/05/08 15:25:43 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{759E0AC6-F40A-4082-9793-EBFE1D1E792D}
[2012/05/08 15:25:32 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{29481FD5-4932-4988-8246-2A47DEFF0809}
[2 C:\Users\Mathias\Documents\*.tmp files -> C:\Users\Mathias\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/07 10:13:38 | 000,000,512 | ---- | M] () -- C:\Users\Mathias\Desktop\MBR.dat
[2012/06/07 10:10:58 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Mathias\Desktop\aswMBR.exe
[2012/06/07 10:03:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/07 10:03:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/07 09:57:42 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/07 09:55:32 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/07 09:55:27 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/06/07 09:55:27 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2012/06/07 09:55:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/07 09:55:08 | 428,904,447 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/06 22:50:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/06 22:28:42 | 000,001,264 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/06/06 20:04:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1709520675-535397089-2455195078-1001UA.job
[2012/06/06 19:31:07 | 005,013,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/06 18:32:09 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1709520675-535397089-2455195078-1001Core.job
[2012/06/06 15:17:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
[2012/06/06 14:21:27 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2012/06/06 14:18:56 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/05 14:11:02 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/05 14:10:38 | 000,718,498 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/05 14:10:38 | 000,573,600 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2012/06/05 14:10:38 | 000,146,520 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/05 14:10:38 | 000,122,920 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2012/06/05 14:00:01 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/06/04 14:04:19 | 001,566,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/03 00:28:31 | 000,001,723 | ---- | M] () -- C:\Windows\wininit.ini
[2012/06/03 00:28:31 | 000,001,065 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/03 00:28:25 | 000,001,037 | ---- | M] () -- C:\Users\Mathias\Desktop\Dropbox.lnk
[2012/05/30 23:00:54 | 000,000,584 | ---- | M] () -- C:\Users\Mathias\Documents\grstyles.stl
[2012/05/30 19:27:01 | 000,000,327 | ---- | M] () -- C:\Users\Mathias\Documents\UserStl.sk
[2012/05/30 18:07:35 | 000,000,003 | ---- | M] () -- C:\Users\Mathias\Documents\UserLab.sk
[2012/05/30 18:07:28 | 000,000,003 | ---- | M] () -- C:\Users\Mathias\Documents\LastLab.sk
[2012/05/30 18:07:18 | 000,000,123 | ---- | M] () -- C:\Users\Mathias\Documents\BasicLab.sk
[2012/05/30 18:05:08 | 000,002,065 | ---- | M] () -- C:\Users\Mathias\Documents\template.cfg
[2012/05/30 10:31:18 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/16 07:57:11 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2 C:\Users\Mathias\Documents\*.tmp files -> C:\Users\Mathias\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/07 10:13:38 | 000,000,512 | ---- | C] () -- C:\Users\Mathias\Desktop\MBR.dat
[2012/06/06 19:59:44 | 000,001,264 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/06/06 14:21:33 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job
[2012/06/06 14:21:27 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2012/06/06 14:18:56 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/05 14:08:39 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/06/05 14:00:01 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/05/30 19:27:01 | 000,000,584 | ---- | C] () -- C:\Users\Mathias\Documents\grstyles.stl
[2012/05/30 18:07:18 | 000,000,123 | ---- | C] () -- C:\Users\Mathias\Documents\BasicLab.sk
[2012/05/30 18:07:18 | 000,000,003 | ---- | C] () -- C:\Users\Mathias\Documents\UserLab.sk
[2012/05/30 18:07:18 | 000,000,003 | ---- | C] () -- C:\Users\Mathias\Documents\LastLab.sk
[2012/05/30 18:05:12 | 000,000,327 | ---- | C] () -- C:\Users\Mathias\Documents\UserStl.sk
[2012/05/30 18:05:08 | 000,002,065 | ---- | C] () -- C:\Users\Mathias\Documents\template.cfg
[2012/05/18 12:27:17 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/05/18 10:31:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/05/17 20:22:20 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/05/16 14:17:01 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/04/08 19:43:46 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/03/05 19:44:31 | 000,004,608 | ---- | C] () -- C:\Users\Mathias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/15 16:50:53 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2011/09/12 18:54:46 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/09/11 16:57:57 | 000,001,456 | ---- | C] () -- C:\Users\Mathias\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/05/30 14:22:53 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/12/14 17:11:22 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010/12/14 12:01:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/01 16:45:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/31 15:36:58 | 001,586,622 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/31 15:30:27 | 000,001,723 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/30 22:08:42 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/07/03 00:57:44 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/07/03 00:57:44 | 000,054,520 | ---- | C] () -- C:\Windows\AutosetFrequency.exe
[2010/07/03 00:57:44 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010/07/03 00:57:44 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini

========== LOP Check ==========

[2012/06/07 10:21:22 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\BitTorrent
[2011/01/09 18:38:42 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/03 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/14 22:04:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\com.guppyworks.TrafficTestAIR-Class.F1F6615D691280F0EDF23ED8129A4EBEED86EA96.1
[2012/06/07 09:56:22 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Dropbox
[2012/06/04 19:21:43 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\FileZilla
[2011/12/04 21:56:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Maple
[2011/07/05 19:28:14 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Mumble
[2012/05/04 15:47:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\No Company Name
[2011/09/11 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Notepad++
[2011/02/13 13:44:15 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Packard Bell
[2011/05/19 12:28:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\SNS
[2012/05/27 09:31:40 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Spotify
[2011/09/11 18:09:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/03/04 20:19:28 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\TS3Client
[2012/06/06 14:21:31 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Uniblue
[2010/12/04 15:44:44 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Windows Live Writer
[2011/12/28 02:11:19 | 000,000,000 | -HSD | M] -- C:\Users\Mathias\AppData\Roaming\wyUpdate AU
[2012/06/07 09:55:27 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job
[2012/06/06 18:32:09 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1709520675-535397089-2455195078-1001Core.job
[2012/06/06 20:04:01 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1709520675-535397089-2455195078-1001UA.job
[2012/02/19 12:02:05 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/07 09:55:27 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011-02-26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/02/04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/02/04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010-11-20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{607EA30D-07AD-4503-9480-31099B7E3EB6}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{DBED4A35-6E24-42C8-A044-DCA2CFF7401C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 04 01 01 01 00 01 06 01 07 01 05 01 03 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012-05-13 14:33:16 | 000,868,208 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012-05-13 14:33:16 | 000,868,208 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012-05-13 14:33:16 | 000,868,208 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012-05-13 14:33:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012-05-13 14:33:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012-05-13 14:33:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011-05-10 20:43:14 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011-05-10 20:43:14 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011-05-10 20:43:14 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011-05-10 20:43:14 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011-05-10 20:43:14 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012-05-13 14:33:16 | 000,868,208 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012-05-13 14:33:16 | 000,868,208 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012-05-13 14:33:16 | 000,868,208 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012-05-13 14:33:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012-05-13 14:33:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012-05-13 14:33:18 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011-05-10 20:43:14 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011-05-10 20:43:14 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011-05-10 20:43:14 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011-05-10 20:43:14 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011-05-10 20:43:14 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
P† computeren: PC-MATHIAS
Diskenhed Bogs. Navn Fs Type Str. Status Oplysn.
--------- ---- ---------- ----- ---------- ------- --------- --------
Diskenhed 0 D DVD-ROM 0 B Intet med
Diskenhed 1 SYSTEM RESE NTFS Partition 100 MB I orden System
Diskenhed 2 C Packard Bel NTFS Partition 451 GB I orden Boot
Diskenhed 3 PQSERVICE NTFS Partition 14 GB I orden Skjult

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\System32\config\systemprofile\Andre computere] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Oversigt] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programmer] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\windows\System32\config\systemprofile\Documents\Billeder] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\System32\config\systemprofile\Documents\Musik] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\windows\System32\config\systemprofile\Documents\Videoer] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\System32\config\systemprofile\Dokumenter] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\System32\config\systemprofile\Lokale indstillinger] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\Menuen Start] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\System32\config\systemprofile\Printere] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\System32\config\systemprofile\Skabeloner] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\windows\SysWOW64\config\systemprofile\Andre computere] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Oversigt] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programmer] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\SysWOW64\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\Billeder] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\Musik] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\Videoer] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\SysWOW64\config\systemprofile\Dokumenter] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\SysWOW64\config\systemprofile\Lokale indstillinger] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\SysWOW64\config\systemprofile\Menuen Start] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\SysWOW64\config\systemprofile\Printere] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\SysWOW64\config\systemprofile\Skabeloner] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >

Extras

I can't find this file on my PC

Edited by moriarty, 07 June 2012 - 02:46 AM.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there could you download the latest version of OTL please as it has been updated for this variant . Delete the current copy from the desktop



Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#4
moriarty

moriarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hey and thanks a lot for helping me.

I did your instruction, but the Extras.txt still doesn't show:

OTL.txt

OTL logfile created on: 6/9/2012 11:13:54 AM - Run 4
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Mathias\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

5.87 Gb Total Physical Memory | 3.85 Gb Available Physical Memory | 65.69% Memory free
11.73 Gb Paging File | 9.51 Gb Available in Paging File | 81.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.66 Gb Total Space | 342.95 Gb Free Space | 75.93% Space Free | Partition Type: NTFS

Computer Name: PC-MATHIAS | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/09 11:13:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
PRC - [2012/06/05 16:58:42 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/05/24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/11 21:29:55 | 006,380,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/01 16:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/16 18:00:28 | 000,315,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/05/04 00:15:42 | 001,480,032 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2010/04/09 18:49:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/04/08 06:18:40 | 000,908,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/04/08 06:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/04/08 06:18:40 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/03/18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010/03/09 01:56:08 | 000,258,560 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2009/05/20 17:59:44 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2009/05/20 17:59:34 | 000,057,672 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/04 14:02:48 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c58ed24f4ccd3b501875276dd33a38b3\IAStorUtil.ni.dll
MOD - [2012/06/04 14:02:48 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9683045ca0d578eccdd0e857596aa002\IAStorCommon.ni.dll
MOD - [2012/05/10 15:32:53 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/10 15:32:35 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/10 14:51:32 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll
MOD - [2012/05/10 14:51:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 14:51:21 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/10 14:51:09 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012/05/10 14:50:52 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/10 14:50:43 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/10 14:50:39 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012/05/10 14:50:25 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 14:50:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 14:50:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 14:50:12 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 14:50:05 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/30 13:32:30 | 007,158,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.51.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
MOD - [2010/12/30 13:32:30 | 000,444,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.51.0__bebb3c8816410241\AlienwareAlienFXTools.dll
MOD - [2010/12/30 13:32:30 | 000,073,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.49.0__bebb3c8816410241\AlienLabsTools.dll
MOD - [2010/12/30 13:32:30 | 000,031,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.49.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
MOD - [2010/12/30 13:32:30 | 000,024,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.51.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
MOD - [2010/12/30 13:32:29 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
MOD - [2010/12/30 13:32:29 | 000,035,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
MOD - [2010/12/30 13:32:29 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
MOD - [2010/12/30 13:32:29 | 000,027,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
MOD - [2010/12/30 13:32:29 | 000,024,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.51.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
MOD - [2010/12/30 13:32:29 | 000,019,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.51.0__bebb3c8816410241\AlienFX.Communication.Core.dll
MOD - [2010/12/30 13:32:29 | 000,014,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.51.0__bebb3c8816410241\AlienFX.Communication.dll
MOD - [2010/11/13 04:03:52 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/07/03 01:10:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_da_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/05/04 00:15:46 | 000,038,136 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2010/05/04 00:15:34 | 000,046,328 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2010/04/09 18:49:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2010/03/09 02:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/05/20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/17 19:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/06/05 16:58:43 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/13 14:33:18 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/14 17:10:29 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010/10/30 18:07:24 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/08 06:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/19 10:56:42 | 000,245,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/21 11:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/12/10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/22 18:10:56 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/04/22 18:10:40 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/04/22 18:10:32 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2000/01/01 02:00:00 | 001,108,000 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...34z175f4692c581
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...34z175f4692c581
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...34z175f4692c581
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...34z175f4692c581
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...34z175f4692c581
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...PW_daDK403DK403
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mathias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/20 23:21:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/28 11:08:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/06 19:18:48 | 000,000,000 | ---D | M]

[2010/11/01 16:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions
[2012/06/05 13:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\aes4uofn.default\extensions
[2012/06/05 13:56:09 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\aes4uofn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/03/21 08:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/20 23:21:32 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/05/31 17:47:16 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AES4UOFN.DEFAULT\EXTENSIONS\[email protected]
[2012/05/13 14:33:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/11 16:49:06 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml
[2012/04/11 16:49:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/11 16:49:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml

O1 HOSTS File: ([2011/01/27 15:00:57 | 000,001,211 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001..\Run: [Facebook Update] C:\Users\Mathias\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001..\Run: [Spotify] "C:\Users\Mathias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W45AU5O8\Spotify Installer.exe" /uri spotify:autostart File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..Trusted Domains: danskebank.dk ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.dans...B/e-Safekey.cab (e-Safekey)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{607EA30D-07AD-4503-9480-31099B7E3EB6}: DhcpNameServer = 194.239.134.83 193.162.153.164
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBED4A35-6E24-42C8-A044-DCA2CFF7401C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{43c22cee-e5cc-11df-9c41-88ae1d0a9f8e}\Shell - "" = AutoRun
O33 - MountPoints2\{43c22cee-e5cc-11df-9c41-88ae1d0a9f8e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/09 11:13:30 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
[2012/06/09 10:56:03 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{A0F5907A-D71B-40C1-A8E8-C4979F6EEED1}
[2012/06/09 10:55:50 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{1BC3FDBB-C62F-48C8-B512-028819F4A17E}
[2012/06/08 13:45:00 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{5E31CC7F-A888-4D67-90A4-0BBA48688282}
[2012/06/08 13:44:46 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{8F2ED75A-240D-4A1E-8585-F5188D321EA0}
[2012/06/07 10:10:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Mathias\Desktop\aswMBR.exe
[2012/06/07 09:58:04 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{ADE7F102-B858-483B-8340-8A2BB0251D79}
[2012/06/07 09:57:54 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{F106D34E-4230-4026-968B-2FD02F137F3C}
[2012/06/06 19:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/06/06 19:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/06/06 19:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/06/06 19:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/06/06 19:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/06/06 14:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/06/06 14:19:02 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes
[2012/06/06 14:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/06 14:18:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/06 14:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/06 14:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/06 14:12:26 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{94DEFB5E-14AA-4B69-8A94-D6F6E5B893DC}
[2012/06/06 14:12:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{9AEA0439-0638-4B2B-A353-F817070DA04B}
[2012/06/06 08:59:34 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{4969F2F8-DAAA-4AF1-925F-2071092C7690}
[2012/06/05 14:01:11 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Avira
[2012/06/05 14:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/05 13:59:52 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/06/05 13:59:52 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/06/05 13:59:52 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/06/05 13:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/06/05 13:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/06/05 13:17:18 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/05 11:40:33 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{A42F39DD-130B-4A1C-972F-E01D63B30167}
[2012/06/05 11:40:21 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{27B1BFF1-75DA-4D83-9C34-1A804361FBEE}
[2012/06/04 14:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2012/06/04 12:35:44 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{CCC58789-89B2-43CD-ABAE-9213E84C19A6}
[2012/06/04 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{E99129F8-1D59-47F3-97C3-346FBB30BCA6}
[2012/06/03 13:18:51 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{B37BFE40-323E-44E0-B7CD-289B040D309A}
[2012/06/03 13:18:39 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{723D6BEF-258B-4034-AAC1-12667636ED78}
[2012/06/03 00:00:59 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{AED37CD5-E7EE-44F6-BCC1-D4A9A5985AE2}
[2012/06/02 12:00:37 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{1D0654CA-1128-4A71-A286-5F33469A0664}
[2012/06/01 18:12:54 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{91B64611-C182-4B67-8873-DA5A44D1062B}
[2012/06/01 18:12:43 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{B285DC31-38AD-4593-ADA2-8E3D34E4C483}
[2012/05/31 10:31:37 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{B4D08A30-4DD1-47B9-821F-C4FB44B25210}
[2012/05/31 10:31:27 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{802CFFCE-7BA4-4AC1-A3FE-B70E408D7534}
[2012/05/30 23:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F1D000CCEA3006471E7B4EB2367
[2012/05/30 22:31:03 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{E35BAEC2-4BFD-47EB-B6B8-F9139167E7D1}
[2012/05/30 22:30:53 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{4177D3F4-60D0-4E23-BEE7-1262380B5CCB}
[2012/05/30 18:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLabs FreeWare 5.0
[2012/05/30 18:04:56 | 000,000,000 | ---D | C] -- C:\ACDFREE5
[2012/05/30 10:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/30 10:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/30 10:30:08 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{E92A34B4-6A3D-4798-AE01-8066E8520DE9}
[2012/05/30 10:29:25 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{52CBB93E-86A6-4156-BB78-9CBF3B934710}
[2012/05/29 20:45:59 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{678AE3BB-663C-464B-B07D-2F1E9D69177F}
[2012/05/29 20:45:49 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{A076C0DA-A9CC-4609-9B9A-6426A852EA39}
[2012/05/29 08:45:23 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{0B38F6CA-8611-42F2-88EE-C3AFC88F1642}
[2012/05/29 08:45:12 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{16BBB355-4BF4-4FE2-B25B-F2F251137C66}
[2012/05/28 11:09:53 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{61A593AD-0F9F-46DD-96D3-8932AF7B0610}
[2012/05/28 11:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/28 11:07:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/05/27 23:09:21 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{6E337E71-5DA5-4331-86A4-BFE2EDC2D31F}
[2012/05/27 23:09:05 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{E299A250-A035-4A04-BCB3-7CA7E2CD6AF0}
[2012/05/27 09:26:56 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{40786F87-BD2F-4B85-B47C-34087955D8B3}
[2012/05/26 10:57:08 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{9746574B-0FF7-4DC6-86C7-DAC978EC85C1}
[2012/05/26 10:56:57 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{B9D9811C-CFAD-476C-A639-829200D37A6A}
[2012/05/25 14:24:32 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{732D23BC-A525-4898-87D7-606EA131BF55}
[2012/05/25 14:24:21 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{76A7143F-5B66-43BA-A859-F0780613AF93}
[2012/05/24 14:24:31 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{1B5BC53B-255E-4B07-8E6D-5DAC9B2B7282}
[2012/05/24 14:24:15 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{113D24E4-4750-489E-B9A0-2A1956CE6E9D}
[2012/05/23 14:04:33 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{580C5051-7BF1-4C18-9487-C1CCE80D6A14}
[2012/05/23 14:04:15 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{59121983-C609-449B-AB24-AB8BE3D1FBD1}
[2012/05/22 15:45:09 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{8E144E08-52A2-4BDF-BEF0-987AC1C383DC}
[2012/05/22 15:44:57 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{16BFF7E4-59AD-416E-BBEA-A244D84FFB1C}
[2012/05/21 15:27:45 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{7696B009-E763-4C8B-8E72-678C6702E5DC}
[2012/05/21 15:27:26 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{9EE64722-B9CA-48FF-9831-CA6432D4876A}
[2012/05/20 18:36:02 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{D42ECE92-940F-4157-BEF4-D0CEEB555169}
[2012/05/20 18:35:43 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{FC60597A-AA84-4DEB-BD79-21E206FCA5E8}
[2012/05/19 23:47:06 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{65044252-C771-4856-B3D9-31E7B259A2A5}
[2012/05/19 23:46:56 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{2953E000-0EAA-48D5-94FA-27045155CED1}
[2012/05/19 11:46:19 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{4E003B44-1C4D-4124-9A7B-FAD7427C928D}
[2012/05/19 11:45:33 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{7D2BF197-67CD-4356-B443-2B2B2C76E947}
[2012/05/19 02:20:12 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\NVIDIA
[2012/05/18 12:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2012/05/18 12:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/05/18 12:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/05/18 12:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2012/05/18 10:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/05/18 10:45:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/05/18 10:45:00 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/05/18 10:44:59 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/05/18 10:44:59 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/05/18 10:44:58 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012/05/18 10:44:58 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012/05/18 10:44:55 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012/05/18 10:44:54 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012/05/18 10:44:54 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012/05/18 10:44:54 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012/05/18 10:44:49 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/05/18 10:44:49 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/05/18 10:44:48 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/05/18 10:44:48 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/05/18 10:44:47 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/05/18 10:44:47 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/05/18 10:44:45 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012/05/18 10:44:45 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012/05/18 10:44:45 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012/05/18 10:44:45 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012/05/18 10:44:44 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012/05/18 10:44:43 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012/05/18 10:44:43 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012/05/18 10:44:42 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/05/18 10:44:42 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012/05/18 10:44:42 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012/05/18 10:44:41 | 000,603,472 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012/05/18 10:44:30 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/05/18 10:44:30 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012/05/18 10:44:29 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012/05/18 10:44:29 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012/05/18 10:44:29 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012/05/18 10:44:29 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012/05/18 10:44:28 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012/05/18 10:44:28 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012/05/18 10:44:28 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012/05/18 10:44:28 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012/05/18 10:44:28 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012/05/18 10:44:28 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012/05/18 10:44:27 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012/05/18 10:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2012/05/18 10:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2012/05/18 10:31:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012/05/18 10:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
[2012/05/18 10:17:04 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{C4D02409-6C22-49CD-95A4-A0C41DB6C797}
[2012/05/18 10:16:47 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{636E63C3-C054-4AF7-AF86-3A591465880A}
[2012/05/17 22:06:18 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{BC426893-861F-429E-AEA4-10E7A30D6344}
[2012/05/17 22:06:08 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{61A48F0F-4820-4184-8748-255487ADD67F}
[2012/05/17 20:22:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\SlimWare Utilities Inc
[2012/05/17 20:15:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/05/17 10:05:40 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{B031B7DF-46DB-4391-A323-1A6CAB3A7FB1}
[2012/05/17 10:05:29 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{97F30DA2-DA3F-404C-BC24-4069362622AC}
[2012/05/16 14:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/05/16 14:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/05/16 14:17:01 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/05/16 14:17:01 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/05/16 14:15:13 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/05/16 14:10:00 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{D9BFDCB3-B300-4E69-8F75-A82FC1A12660}
[2012/05/16 14:09:41 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{789E1343-CA8A-4C18-8DD4-A1ADCB8F3EA2}
[2012/05/16 07:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/16 07:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012/05/15 19:56:37 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{622655B9-B587-4653-937B-A6EDFA80B66A}
[2012/05/15 07:31:39 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{5AC1ABC7-ED73-4EDD-9E25-FD2ED1AB1721}
[2012/05/15 07:31:29 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{90C50C63-11DE-4BCE-81F9-1BA9C970D2F0}
[2012/05/14 07:44:11 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{0F22E6BD-30A7-4286-9F80-BA418A987CA4}
[2012/05/13 16:44:23 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{032FA830-D049-4E62-86CC-22970F1EDBFE}
[2012/05/13 16:44:13 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{FA9057F9-BA8F-4B92-81C8-DAD48A98E5D0}
[2012/05/13 14:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/13 14:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/12 09:35:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{022C3E45-8C85-4FBE-8AA1-CB58B46681E0}
[2012/05/12 09:35:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{9B1D37A2-5CC2-4FB5-B37B-AD93A79CA223}
[2012/05/11 16:23:14 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{55AEC0F5-6F2E-4C79-A6CA-7740C2B8EFDF}
[2012/05/11 16:23:03 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{750FB590-94B7-40AE-92B6-A0C2C1024E78}
[2012/05/10 14:45:24 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{6369E327-B4F7-4FEE-94EF-76370FF8F38A}
[2012/05/10 14:45:07 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{F548830D-3ACD-42D6-8FEE-1F219345F74C}
[2 C:\Users\Mathias\Documents\*.tmp files -> C:\Users\Mathias\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/09 11:13:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
[2012/06/09 11:04:04 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1709520675-535397089-2455195078-1001UA.job
[2012/06/09 11:01:28 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 11:01:28 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 10:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/09 10:54:08 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/09 10:54:05 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/06/09 10:53:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/09 10:52:56 | 428,904,447 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/08 23:50:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/08 17:04:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1709520675-535397089-2455195078-1001Core.job
[2012/06/08 16:27:18 | 000,000,234 | ---- | M] () -- C:\Users\Mathias\Desktop\Google Calendar.url
[2012/06/08 15:08:42 | 000,001,264 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/06/07 10:10:58 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Mathias\Desktop\aswMBR.exe
[2012/06/06 19:31:07 | 005,013,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/06 14:18:56 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/05 14:11:02 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/05 14:10:38 | 000,718,498 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/05 14:10:38 | 000,573,600 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2012/06/05 14:10:38 | 000,146,520 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/05 14:10:38 | 000,122,920 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2012/06/05 14:00:01 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/06/04 14:04:19 | 001,566,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/03 00:28:31 | 000,001,723 | ---- | M] () -- C:\Windows\wininit.ini
[2012/06/03 00:28:31 | 000,001,065 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/03 00:28:25 | 000,001,037 | ---- | M] () -- C:\Users\Mathias\Desktop\Dropbox.lnk
[2012/05/30 23:00:54 | 000,000,584 | ---- | M] () -- C:\Users\Mathias\Documents\grstyles.stl
[2012/05/30 19:27:01 | 000,000,327 | ---- | M] () -- C:\Users\Mathias\Documents\UserStl.sk
[2012/05/30 18:07:35 | 000,000,003 | ---- | M] () -- C:\Users\Mathias\Documents\UserLab.sk
[2012/05/30 18:07:28 | 000,000,003 | ---- | M] () -- C:\Users\Mathias\Documents\LastLab.sk
[2012/05/30 18:07:18 | 000,000,123 | ---- | M] () -- C:\Users\Mathias\Documents\BasicLab.sk
[2012/05/30 18:05:08 | 000,002,065 | ---- | M] () -- C:\Users\Mathias\Documents\template.cfg
[2012/05/30 10:31:18 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/16 07:57:11 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2 C:\Users\Mathias\Documents\*.tmp files -> C:\Users\Mathias\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/08 13:43:17 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{237f4d47-54a7-a343-2afd-b1c745049339}\U\00000001.@
[2012/06/06 19:59:44 | 000,001,264 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/06/06 19:25:15 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{237f4d47-54a7-a343-2afd-b1c745049339}\U\800000cb.@
[2012/06/06 19:25:14 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{237f4d47-54a7-a343-2afd-b1c745049339}\U\80000000.@
[2012/06/06 14:18:56 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/05 14:08:39 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/06/05 14:00:01 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/05/30 19:27:01 | 000,000,584 | ---- | C] () -- C:\Users\Mathias\Documents\grstyles.stl
[2012/05/30 18:07:18 | 000,000,123 | ---- | C] () -- C:\Users\Mathias\Documents\BasicLab.sk
[2012/05/30 18:07:18 | 000,000,003 | ---- | C] () -- C:\Users\Mathias\Documents\UserLab.sk
[2012/05/30 18:07:18 | 000,000,003 | ---- | C] () -- C:\Users\Mathias\Documents\LastLab.sk
[2012/05/30 18:05:12 | 000,000,327 | ---- | C] () -- C:\Users\Mathias\Documents\UserStl.sk
[2012/05/30 18:05:08 | 000,002,065 | ---- | C] () -- C:\Users\Mathias\Documents\template.cfg
[2012/05/18 12:27:17 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/05/18 10:31:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/05/17 20:22:20 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/05/16 14:17:01 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/04/08 19:43:46 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/03/05 19:44:31 | 000,004,608 | ---- | C] () -- C:\Users\Mathias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/11 14:34:47 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{237f4d47-54a7-a343-2afd-b1c745049339}\@
[2012/01/11 14:34:47 | 000,002,048 | -HS- | C] () -- C:\Users\Mathias\AppData\Local\{237f4d47-54a7-a343-2afd-b1c745049339}\@
[2011/09/15 16:50:53 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2011/09/12 18:54:46 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/09/11 16:57:57 | 000,001,456 | ---- | C] () -- C:\Users\Mathias\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/05/30 14:22:53 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/12/14 17:11:22 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010/12/14 12:01:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/01 16:45:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/31 15:36:58 | 001,586,622 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/31 15:30:27 | 000,001,723 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/30 22:08:42 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/07/03 00:57:44 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/07/03 00:57:44 | 000,054,520 | ---- | C] () -- C:\Windows\AutosetFrequency.exe
[2010/07/03 00:57:44 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010/07/03 00:57:44 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini

========== LOP Check ==========

[2012/06/09 11:14:45 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\BitTorrent
[2011/01/09 18:38:42 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/03 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/14 22:04:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\com.guppyworks.TrafficTestAIR-Class.F1F6615D691280F0EDF23ED8129A4EBEED86EA96.1
[2012/06/09 10:54:59 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Dropbox
[2012/06/04 19:21:43 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\FileZilla
[2011/12/04 21:56:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Maple
[2011/07/05 19:28:14 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Mumble
[2012/05/04 15:47:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\No Company Name
[2011/09/11 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Notepad++
[2011/02/13 13:44:15 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Packard Bell
[2011/05/19 12:28:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\SNS
[2012/05/27 09:31:40 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Spotify
[2011/09/11 18:09:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/03/04 20:19:28 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\TS3Client
[2010/12/04 15:44:44 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Windows Live Writer
[2011/12/28 02:11:19 | 000,000,000 | -HSD | M] -- C:\Users\Mathias\AppData\Roaming\wyUpdate AU
[2012/06/08 17:04:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1709520675-535397089-2455195078-1001Core.job
[2012/06/09 11:04:04 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1709520675-535397089-2455195078-1001UA.job
[2012/02/19 12:02:05 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/09 10:54:05 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/02/04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >


Extras.txt

I can't find it. Tried a search for it, but it didn't find and it is not located at my desktop either. I think I may have deleted it in the previous scans I'd ran. Any way I can get it back?

I have donated a cup of coffee or tea.

Thank you.
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Coffee I feel :) Thank you for the donation ... Ok lets kill the blighter now. After this the alerts should cease, please let me know
I do not need the extras at this stage

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012/06/08 13:43:17 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{237f4d47-54a7-a343-2afd-b1c745049339}\U\00000001.@
    [2012/06/06 19:25:15 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{237f4d47-54a7-a343-2afd-b1c745049339}\U\800000cb.@
    [2012/06/06 19:25:14 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{237f4d47-54a7-a343-2afd-b1c745049339}\U\80000000.@
    [2012/01/11 14:34:47 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{237f4d47-54a7-a343-2afd-b1c745049339}\@
    [2012/01/11 14:34:47 | 000,002,048 | -HS- | C] () -- C:\Users\Mathias\AppData\Local\{237f4d47-54a7-a343-2afd-b1c745049339}\@

    :Files
    ipconfig /flushdns /c
    C:\Windows\Installer\{237f4d47-54a7-a343-2afd-b1c745049339}
    C:\Users\Mathias\AppData\Local\{237f4d47-54a7-a343-2afd-b1c745049339}

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Update Malwarebytes and run a quick scan, posting the resultant log
  • 0

#6
moriarty

moriarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Alright. I think I did it right:

First the OTL fix:

OTL report:


Files\Folders moved on Reboot...
C:\Windows\Installer\{237f4d47-54a7-a343-2afd-b1c745049339}\U folder moved successfully.
C:\Windows\Installer\{237f4d47-54a7-a343-2afd-b1c745049339} folder moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Then the OTL scan:

OTL log:

OTL logfile created on: 6/9/2012 1:20:50 PM - Run 5
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Mathias\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

5.87 Gb Total Physical Memory | 4.17 Gb Available Physical Memory | 71.04% Memory free
11.73 Gb Paging File | 9.73 Gb Available in Paging File | 82.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.66 Gb Total Space | 342.54 Gb Free Space | 75.84% Space Free | Partition Type: NTFS

Computer Name: PC-MATHIAS | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/09 11:13:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
PRC - [2012/06/05 16:58:42 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/05/24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/11 21:29:55 | 006,380,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/01 16:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/05/04 00:15:42 | 001,480,032 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2010/04/09 18:49:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/04/08 06:18:40 | 000,908,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/04/08 06:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/04/08 06:18:40 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/03/18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010/03/09 01:56:08 | 000,258,560 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2009/05/20 17:59:44 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2009/05/20 17:59:34 | 000,057,672 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/04 14:02:48 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c58ed24f4ccd3b501875276dd33a38b3\IAStorUtil.ni.dll
MOD - [2012/06/04 14:02:48 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9683045ca0d578eccdd0e857596aa002\IAStorCommon.ni.dll
MOD - [2012/05/10 15:32:53 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/10 15:32:35 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/10 14:51:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 14:51:21 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/10 14:51:09 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll
MOD - [2012/05/10 14:50:52 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/10 14:50:43 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/10 14:50:39 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll
MOD - [2012/05/10 14:50:25 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 14:50:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 14:50:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 14:50:12 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 14:50:05 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/30 13:32:30 | 007,158,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.51.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
MOD - [2010/12/30 13:32:30 | 000,444,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.51.0__bebb3c8816410241\AlienwareAlienFXTools.dll
MOD - [2010/12/30 13:32:30 | 000,073,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienLabsTools\1.0.49.0__bebb3c8816410241\AlienLabsTools.dll
MOD - [2010/12/30 13:32:30 | 000,031,568 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.49.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
MOD - [2010/12/30 13:32:30 | 000,024,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.51.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
MOD - [2010/12/30 13:32:29 | 000,036,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
MOD - [2010/12/30 13:32:29 | 000,035,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
MOD - [2010/12/30 13:32:29 | 000,027,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
MOD - [2010/12/30 13:32:29 | 000,027,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.51.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
MOD - [2010/12/30 13:32:29 | 000,024,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.51.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
MOD - [2010/12/30 13:32:29 | 000,019,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.51.0__bebb3c8816410241\AlienFX.Communication.Core.dll
MOD - [2010/12/30 13:32:29 | 000,014,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AlienFX.Communication\1.0.51.0__bebb3c8816410241\AlienFX.Communication.dll
MOD - [2010/11/13 04:03:52 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_da_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/05/04 00:15:46 | 000,038,136 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2010/05/04 00:15:34 | 000,046,328 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2010/04/09 18:49:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2010/03/09 02:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/05/20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/17 19:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/06/05 16:58:43 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/13 14:33:18 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/01 16:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/14 17:10:29 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010/10/30 18:07:24 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/08 06:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/01 16:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/19 10:56:42 | 000,245,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/21 11:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/12/10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/22 18:10:56 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/04/22 18:10:40 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/04/22 18:10:32 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2000/01/01 02:00:00 | 001,108,000 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...34z175f4692c581
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...34z175f4692c581
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...34z175f4692c581
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.pack...34z175f4692c581
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.pack...34z175f4692c581
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...PW_daDK403DK403
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mathias\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/20 23:21:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/28 11:08:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/06 19:18:48 | 000,000,000 | ---D | M]

[2010/11/01 16:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions
[2012/06/05 13:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\aes4uofn.default\extensions
[2012/06/05 13:56:09 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\aes4uofn.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/03/21 08:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/20 23:21:32 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/05/31 17:47:16 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AES4UOFN.DEFAULT\EXTENSIONS\[email protected]
[2012/05/13 14:33:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/11 16:49:06 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-co-uk.xml
[2012/04/11 16:49:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/11 16:49:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-da.xml

O1 HOSTS File: ([2011/01/27 15:00:57 | 000,001,211 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001..\Run: [Facebook Update] C:\Users\Mathias\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001..\Run: [Spotify] "C:\Users\Mathias\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W45AU5O8\Spotify Installer.exe" /uri spotify:autostart File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mathias\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1709520675-535397089-2455195078-1001\..Trusted Domains: danskebank.dk ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.dans...B/e-Safekey.cab (e-Safekey)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{607EA30D-07AD-4503-9480-31099B7E3EB6}: DhcpNameServer = 194.239.134.83 193.162.153.164
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBED4A35-6E24-42C8-A044-DCA2CFF7401C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{43c22cee-e5cc-11df-9c41-88ae1d0a9f8e}\Shell - "" = AutoRun
O33 - MountPoints2\{43c22cee-e5cc-11df-9c41-88ae1d0a9f8e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/09 13:14:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/09 12:46:12 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Application Data
[2012/06/09 11:13:30 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
[2012/06/09 10:56:03 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{A0F5907A-D71B-40C1-A8E8-C4979F6EEED1}
[2012/06/09 10:55:50 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{1BC3FDBB-C62F-48C8-B512-028819F4A17E}
[2012/06/08 13:45:00 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{5E31CC7F-A888-4D67-90A4-0BBA48688282}
[2012/06/08 13:44:46 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{8F2ED75A-240D-4A1E-8585-F5188D321EA0}
[2012/06/07 10:10:52 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Mathias\Desktop\aswMBR.exe
[2012/06/07 09:58:04 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{ADE7F102-B858-483B-8340-8A2BB0251D79}
[2012/06/07 09:57:54 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{F106D34E-4230-4026-968B-2FD02F137F3C}
[2012/06/06 19:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/06/06 19:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/06/06 19:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/06/06 19:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/06/06 19:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/06/06 14:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/06/06 14:19:02 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes
[2012/06/06 14:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/06 14:18:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/06 14:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/06 14:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/06 14:12:26 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{94DEFB5E-14AA-4B69-8A94-D6F6E5B893DC}
[2012/06/06 14:12:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{9AEA0439-0638-4B2B-A353-F817070DA04B}
[2012/06/06 08:59:34 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{4969F2F8-DAAA-4AF1-925F-2071092C7690}
[2012/06/05 14:01:11 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Avira
[2012/06/05 14:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/06/05 13:59:52 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/06/05 13:59:52 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/06/05 13:59:52 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/06/05 13:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/06/05 13:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/06/05 13:17:18 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/05 11:40:33 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{A42F39DD-130B-4A1C-972F-E01D63B30167}
[2012/06/05 11:40:21 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{27B1BFF1-75DA-4D83-9C34-1A804361FBEE}
[2012/06/04 14:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2012/06/04 12:35:44 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{CCC58789-89B2-43CD-ABAE-9213E84C19A6}
[2012/06/04 12:35:27 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{E99129F8-1D59-47F3-97C3-346FBB30BCA6}
[2012/06/03 13:18:51 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{B37BFE40-323E-44E0-B7CD-289B040D309A}
[2012/06/03 13:18:39 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{723D6BEF-258B-4034-AAC1-12667636ED78}
[2012/06/03 00:00:59 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{AED37CD5-E7EE-44F6-BCC1-D4A9A5985AE2}
[2012/06/02 12:00:37 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{1D0654CA-1128-4A71-A286-5F33469A0664}
[2012/06/01 18:12:54 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{91B64611-C182-4B67-8873-DA5A44D1062B}
[2012/06/01 18:12:43 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{B285DC31-38AD-4593-ADA2-8E3D34E4C483}
[2012/05/31 10:31:37 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{B4D08A30-4DD1-47B9-821F-C4FB44B25210}
[2012/05/31 10:31:27 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{802CFFCE-7BA4-4AC1-A3FE-B70E408D7534}
[2012/05/30 23:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F1D000CCEA3006471E7B4EB2367
[2012/05/30 22:31:03 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{E35BAEC2-4BFD-47EB-B6B8-F9139167E7D1}
[2012/05/30 22:30:53 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{4177D3F4-60D0-4E23-BEE7-1262380B5CCB}
[2012/05/30 18:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACDLabs FreeWare 5.0
[2012/05/30 18:04:56 | 000,000,000 | ---D | C] -- C:\ACDFREE5
[2012/05/30 10:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/30 10:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/30 10:30:08 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{E92A34B4-6A3D-4798-AE01-8066E8520DE9}
[2012/05/30 10:29:25 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{52CBB93E-86A6-4156-BB78-9CBF3B934710}
[2012/05/29 20:45:59 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{678AE3BB-663C-464B-B07D-2F1E9D69177F}
[2012/05/29 20:45:49 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{A076C0DA-A9CC-4609-9B9A-6426A852EA39}
[2012/05/29 08:45:23 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{0B38F6CA-8611-42F2-88EE-C3AFC88F1642}
[2012/05/29 08:45:12 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{16BBB355-4BF4-4FE2-B25B-F2F251137C66}
[2012/05/28 11:09:53 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{61A593AD-0F9F-46DD-96D3-8932AF7B0610}
[2012/05/28 11:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/28 11:07:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/05/27 23:09:21 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{6E337E71-5DA5-4331-86A4-BFE2EDC2D31F}
[2012/05/27 23:09:05 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{E299A250-A035-4A04-BCB3-7CA7E2CD6AF0}
[2012/05/27 09:26:56 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{40786F87-BD2F-4B85-B47C-34087955D8B3}
[2012/05/26 10:57:08 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{9746574B-0FF7-4DC6-86C7-DAC978EC85C1}
[2012/05/26 10:56:57 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{B9D9811C-CFAD-476C-A639-829200D37A6A}
[2012/05/25 14:24:32 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{732D23BC-A525-4898-87D7-606EA131BF55}
[2012/05/25 14:24:21 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{76A7143F-5B66-43BA-A859-F0780613AF93}
[2012/05/24 14:24:31 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{1B5BC53B-255E-4B07-8E6D-5DAC9B2B7282}
[2012/05/24 14:24:15 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{113D24E4-4750-489E-B9A0-2A1956CE6E9D}
[2012/05/23 14:04:33 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{580C5051-7BF1-4C18-9487-C1CCE80D6A14}
[2012/05/23 14:04:15 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{59121983-C609-449B-AB24-AB8BE3D1FBD1}
[2012/05/22 15:45:09 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{8E144E08-52A2-4BDF-BEF0-987AC1C383DC}
[2012/05/22 15:44:57 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{16BFF7E4-59AD-416E-BBEA-A244D84FFB1C}
[2012/05/21 15:27:45 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{7696B009-E763-4C8B-8E72-678C6702E5DC}
[2012/05/21 15:27:26 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{9EE64722-B9CA-48FF-9831-CA6432D4876A}
[2012/05/20 18:36:02 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{D42ECE92-940F-4157-BEF4-D0CEEB555169}
[2012/05/20 18:35:43 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{FC60597A-AA84-4DEB-BD79-21E206FCA5E8}
[2012/05/19 23:47:06 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{65044252-C771-4856-B3D9-31E7B259A2A5}
[2012/05/19 23:46:56 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{2953E000-0EAA-48D5-94FA-27045155CED1}
[2012/05/19 11:46:19 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{4E003B44-1C4D-4124-9A7B-FAD7427C928D}
[2012/05/19 11:45:33 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{7D2BF197-67CD-4356-B443-2B2B2C76E947}
[2012/05/19 02:20:12 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\NVIDIA
[2012/05/18 12:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2012/05/18 12:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/05/18 12:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012/05/18 12:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2012/05/18 10:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/05/18 10:45:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/05/18 10:45:00 | 002,604,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/05/18 10:44:59 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/05/18 10:44:59 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/05/18 10:44:58 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012/05/18 10:44:58 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012/05/18 10:44:55 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012/05/18 10:44:54 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012/05/18 10:44:54 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012/05/18 10:44:54 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012/05/18 10:44:49 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/05/18 10:44:49 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/05/18 10:44:48 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/05/18 10:44:48 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/05/18 10:44:47 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/05/18 10:44:47 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/05/18 10:44:45 | 003,308,376 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012/05/18 10:44:45 | 000,426,328 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012/05/18 10:44:45 | 000,136,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012/05/18 10:44:45 | 000,074,072 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012/05/18 10:44:44 | 000,118,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012/05/18 10:44:43 | 003,768,152 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012/05/18 10:44:43 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012/05/18 10:44:42 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/05/18 10:44:42 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012/05/18 10:44:42 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012/05/18 10:44:41 | 000,603,472 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012/05/18 10:44:30 | 002,085,440 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/05/18 10:44:30 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012/05/18 10:44:29 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012/05/18 10:44:29 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012/05/18 10:44:29 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012/05/18 10:44:29 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012/05/18 10:44:28 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012/05/18 10:44:28 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012/05/18 10:44:28 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012/05/18 10:44:28 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012/05/18 10:44:28 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012/05/18 10:44:28 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012/05/18 10:44:27 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012/05/18 10:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2012/05/18 10:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2012/05/18 10:31:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012/05/18 10:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
[2012/05/18 10:17:04 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{C4D02409-6C22-49CD-95A4-A0C41DB6C797}
[2012/05/18 10:16:47 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{636E63C3-C054-4AF7-AF86-3A591465880A}
[2012/05/17 22:06:18 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{BC426893-861F-429E-AEA4-10E7A30D6344}
[2012/05/17 22:06:08 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{61A48F0F-4820-4184-8748-255487ADD67F}
[2012/05/17 20:22:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\SlimWare Utilities Inc
[2012/05/17 20:15:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/05/17 10:05:40 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{B031B7DF-46DB-4391-A323-1A6CAB3A7FB1}
[2012/05/17 10:05:29 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{97F30DA2-DA3F-404C-BC24-4069362622AC}
[2012/05/16 14:22:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/05/16 14:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/05/16 14:17:01 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/05/16 14:17:01 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/05/16 14:15:13 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/05/16 14:10:00 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{D9BFDCB3-B300-4E69-8F75-A82FC1A12660}
[2012/05/16 14:09:41 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{789E1343-CA8A-4C18-8DD4-A1ADCB8F3EA2}
[2012/05/16 07:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/16 07:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012/05/15 19:56:37 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{622655B9-B587-4653-937B-A6EDFA80B66A}
[2012/05/15 07:31:39 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{5AC1ABC7-ED73-4EDD-9E25-FD2ED1AB1721}
[2012/05/15 07:31:29 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{90C50C63-11DE-4BCE-81F9-1BA9C970D2F0}
[2012/05/14 07:44:11 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{0F22E6BD-30A7-4286-9F80-BA418A987CA4}
[2012/05/13 16:44:23 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{032FA830-D049-4E62-86CC-22970F1EDBFE}
[2012/05/13 16:44:13 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{FA9057F9-BA8F-4B92-81C8-DAD48A98E5D0}
[2012/05/13 14:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/13 14:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/12 09:35:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{022C3E45-8C85-4FBE-8AA1-CB58B46681E0}
[2012/05/12 09:35:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{9B1D37A2-5CC2-4FB5-B37B-AD93A79CA223}
[2012/05/11 16:23:14 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{55AEC0F5-6F2E-4C79-A6CA-7740C2B8EFDF}
[2012/05/11 16:23:03 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{750FB590-94B7-40AE-92B6-A0C2C1024E78}
[2012/05/10 14:45:24 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{6369E327-B4F7-4FEE-94EF-76370FF8F38A}
[2012/05/10 14:45:07 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\{F548830D-3ACD-42D6-8FEE-1F219345F74C}
[2 C:\Users\Mathias\Documents\*.tmp files -> C:\Users\Mathias\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/09 13:31:05 | 000,001,264 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/06/09 13:24:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 13:24:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 13:16:47 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/09 13:16:46 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/06/09 13:16:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/09 13:16:07 | 428,904,447 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/09 12:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/09 12:50:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/09 12:45:22 | 002,381,335 | ---- | M] () -- C:\Users\Mathias\Desktop\Noten over alle noter.mw
[2012/06/09 11:13:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
[2012/06/09 11:04:04 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1709520675-535397089-2455195078-1001UA.job
[2012/06/08 17:04:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1709520675-535397089-2455195078-1001Core.job
[2012/06/08 16:27:18 | 000,000,234 | ---- | M] () -- C:\Users\Mathias\Desktop\Google Calendar.url
[2012/06/07 10:10:58 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Mathias\Desktop\aswMBR.exe
[2012/06/06 19:31:07 | 005,013,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/06 14:18:56 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/05 14:11:02 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/05 14:10:38 | 000,718,498 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/05 14:10:38 | 000,573,600 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2012/06/05 14:10:38 | 000,146,520 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/05 14:10:38 | 000,122,920 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2012/06/05 14:00:01 | 000,002,038 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/06/04 14:04:19 | 001,566,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/03 00:28:31 | 000,001,723 | ---- | M] () -- C:\Windows\wininit.ini
[2012/06/03 00:28:31 | 000,001,065 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/03 00:28:25 | 000,001,037 | ---- | M] () -- C:\Users\Mathias\Desktop\Dropbox.lnk
[2012/05/30 23:00:54 | 000,000,584 | ---- | M] () -- C:\Users\Mathias\Documents\grstyles.stl
[2012/05/30 19:27:01 | 000,000,327 | ---- | M] () -- C:\Users\Mathias\Documents\UserStl.sk
[2012/05/30 18:07:35 | 000,000,003 | ---- | M] () -- C:\Users\Mathias\Documents\UserLab.sk
[2012/05/30 18:07:28 | 000,000,003 | ---- | M] () -- C:\Users\Mathias\Documents\LastLab.sk
[2012/05/30 18:07:18 | 000,000,123 | ---- | M] () -- C:\Users\Mathias\Documents\BasicLab.sk
[2012/05/30 18:05:08 | 000,002,065 | ---- | M] () -- C:\Users\Mathias\Documents\template.cfg
[2012/05/30 10:31:18 | 000,002,513 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/16 07:57:11 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2 C:\Users\Mathias\Documents\*.tmp files -> C:\Users\Mathias\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/09 12:45:21 | 002,381,335 | ---- | C] () -- C:\Users\Mathias\Desktop\Noten over alle noter.mw
[2012/06/06 19:59:44 | 000,001,264 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/06/06 14:18:56 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/05 14:08:39 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/06/05 14:00:01 | 000,002,038 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/05/30 19:27:01 | 000,000,584 | ---- | C] () -- C:\Users\Mathias\Documents\grstyles.stl
[2012/05/30 18:07:18 | 000,000,123 | ---- | C] () -- C:\Users\Mathias\Documents\BasicLab.sk
[2012/05/30 18:07:18 | 000,000,003 | ---- | C] () -- C:\Users\Mathias\Documents\UserLab.sk
[2012/05/30 18:07:18 | 000,000,003 | ---- | C] () -- C:\Users\Mathias\Documents\LastLab.sk
[2012/05/30 18:05:12 | 000,000,327 | ---- | C] () -- C:\Users\Mathias\Documents\UserStl.sk
[2012/05/30 18:05:08 | 000,002,065 | ---- | C] () -- C:\Users\Mathias\Documents\template.cfg
[2012/05/18 12:27:17 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/05/18 10:31:07 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/05/17 20:22:20 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/05/16 14:17:01 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/04/08 19:43:46 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/03/05 19:44:31 | 000,004,608 | ---- | C] () -- C:\Users\Mathias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/15 16:50:53 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2011/09/12 18:54:46 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/09/11 16:57:57 | 000,001,456 | ---- | C] () -- C:\Users\Mathias\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/05/30 14:22:53 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/12/14 17:11:22 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010/12/14 12:01:18 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/01 16:45:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/31 15:36:58 | 001,586,622 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/31 15:30:27 | 000,001,723 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/30 22:08:42 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/07/03 00:57:44 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/07/03 00:57:44 | 000,054,520 | ---- | C] () -- C:\Windows\AutosetFrequency.exe
[2010/07/03 00:57:44 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010/07/03 00:57:44 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini

========== LOP Check ==========

[2012/06/09 13:28:54 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\BitTorrent
[2011/01/09 18:38:42 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/03 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/14 22:04:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\com.guppyworks.TrafficTestAIR-Class.F1F6615D691280F0EDF23ED8129A4EBEED86EA96.1
[2012/06/09 13:31:46 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Dropbox
[2012/06/04 19:21:43 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\FileZilla
[2011/12/04 21:56:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Maple
[2011/07/05 19:28:14 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Mumble
[2012/05/04 15:47:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\No Company Name
[2011/09/11 21:07:42 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Notepad++
[2011/02/13 13:44:15 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Packard Bell
[2011/05/19 12:28:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\SNS
[2012/05/27 09:31:40 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Spotify
[2011/09/11 18:09:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/03/04 20:19:28 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\TS3Client
[2010/12/04 15:44:44 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Windows Live Writer
[2011/12/28 02:11:19 | 000,000,000 | -HSD | M] -- C:\Users\Mathias\AppData\Roaming\wyUpdate AU
[2012/06/08 17:04:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1709520675-535397089-2455195078-1001Core.job
[2012/06/09 11:04:04 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1709520675-535397089-2455195078-1001UA.job
[2012/02/19 12:02:05 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/06/09 13:16:46 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job

========== Purity Check ==========



< End of report >

At last updated Malwarebytes log:

mbam log:

Malwarebytes Anti-Malware (Prøveversion) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.09.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mathias :: PC-MATHIAS [administrator]

Beskyttelse: Slået fra

09-06-2012 13:35:12
mbam-log-2012-06-09 (13-35-12).txt

Skanningstype: Hurtig skanning
Skanningsmuligheder valgt: Hukommelse | Opstart | Registreringsdatabasen | Filsystem | Heuristics/Ekstra | Heuristics/Shuriken | PUP | PUM
Skanningsmuligheder som er deaktiverede: P2P
Objekter skannet: 216174
Tid gået: 4 minut(ter), 22 sekund(er)

Hukommelses Processorer Inficeret: 0
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret: 0
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret: 0
(Ingen skadelige objekter blev fundet)

Inficerede Mapper: 0
(Ingen skadelige objekter blev fundet)

Inficerede Filer: 0
(Ingen skadelige objekter blev fundet)

(færdig)
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK big question... How is the computer behaving now ?
  • 0

#8
moriarty

moriarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Oh! Aviras realtime protection doesn't detect the viruses anymore!

Yay! Am I done now, then?

Thank you.

Edit: Trying to run a full scan with Avira and reboot. The viruses used to change my desktop settings for instance. Will test to see if they still do.

Edited by moriarty, 09 June 2012 - 06:00 AM.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok I will wait for the completion of that before we proceed
  • 0

#10
moriarty

moriarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
It appears to be clean BUT it still changes my desktop settings every time I reboot.
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What happens to the desktop on reboot.. Does it go back to classic view or something ?
  • 0

#12
moriarty

moriarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
When I've organized my desktop. Placed icons different places on my desktop. It just resets the icons, so they just go back in left side.

I think it creates NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms in my C:\\Users\Mathias folder as well.

I'm not quiet sure, but one thing is certain. It resets my desktop:
http://i48.tinypic.com/5d1kpe.png

You see all the icons have been moved to the left.

Edited by moriarty, 09 June 2012 - 07:17 AM.

  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is a windows thing - I will just flash up my XP and give you details on how to set it properly

Also the regtrans is legit

Back in a bit
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok here you go

Right click on the desktop and select Arrange Icons by
Remove the ticks from
Auto Arrange
Align to Grid



Set the icons where you want them
Reboot

Are they OK now ?
  • 0

#15
moriarty

moriarty

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
It is unticked, but Windows seems to reset the icons on each reboot eventhough it's unticked.

And I'm sure it came after the viruses. Do you think they've changed another setting that does the same?

The viruses seems to be gone now though

Thank you!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP