Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Spyware/virus changes eBay homepage and login page to take my informat

Started by proxii , Aug 29 2012 11:12 AM

  • Please log in to reply

#1
proxii
Posted 29 August 2012 - 11:12 AM

proxii

    New Member

  • Member
  • Pip
  • 4 posts
All right guys, I'm new here.
Numerous times in the past ~8 years I've used 'solved problems' here to overcome my own virus and malware problems, but this time, my magic isn't working any more.
First of all, thanks for your time and help, very appreciated. Secondly, I'd like to point out that English isn't my native language, I'm from the Netherlands.

Anyway, on to the problem.

Today I noticed that my eBay homepage looked slightly different. Perhaps an update I thought. The SSL protection thing was still active so I figured all was good. Well when I was at th login screen, I immediately noticed something was off. I opened up the same page on my laptop and all was just like normal again... So, my computer has a virus or spyware kind of thing.

I ran my virus scanner, (AVG Free) malwarebytes, hitmanpro and spybot but still no luck.

On to the guide, posted below is the OTL log:
Oh and one thing, this line is trusted: D:\Users\Joke en Jasper\AppData\Roaming\WebNoti\WebNoti.exe

----------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 29-8-2012 19:14:40 - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Joke en Jasper\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

31,98 Gb Total Physical Memory | 28,75 Gb Available Physical Memory | 89,92% Memory free
63,95 Gb Paging File | 60,60 Gb Available in Paging File | 94,76% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 3,25 Gb Free Space | 2,72% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 62,24 Gb Free Space | 3,34% Space Free | Partition Type: NTFS

Computer Name: DYNASTYEVOLVED | User Name: Joke en Jasper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-29 19:01:45 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Joke en Jasper\Desktop\OTL.exe
PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-04-05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011-09-20 12:53:25 | 001,406,080 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.07\AsusFanControlService.exe
PRC - [2011-09-08 22:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2011-09-08 22:22:04 | 001,496,192 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\AI Suite II\AI Suite II.exe
PRC - [2011-09-01 15:45:34 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\AI Suite II\EPU\EPUHelp.exe
PRC - [2011-08-19 11:57:38 | 001,118,848 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
PRC - [2011-08-09 04:56:04 | 000,947,328 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe
PRC - [2011-08-09 04:55:00 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe
PRC - [2011-02-22 22:52:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2010-11-26 22:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\AI Suite II\AsRoutineController.exe
PRC - [2010-10-21 11:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2008-07-11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011-09-21 19:10:54 | 000,881,664 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Sensor\Sensor.dll
MOD - [2011-09-20 19:11:28 | 000,985,600 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\BarGadget\BarGadget.dll
MOD - [2011-09-19 20:59:10 | 000,885,248 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\TabGadget\TabGadget.dll
MOD - [2011-09-12 20:11:08 | 001,617,408 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011-08-26 14:55:36 | 001,046,016 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Probe_II\ProbeII.dll
MOD - [2011-08-23 17:19:52 | 001,294,848 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\MyLogo\MyLogo.dll
MOD - [2011-08-22 11:36:08 | 001,074,688 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\ASUS Update\Update.dll
MOD - [2011-08-09 13:15:00 | 001,242,624 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Settings\Settings.dll
MOD - [2011-07-21 10:06:44 | 000,846,848 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Splitter\Splitter.dll
MOD - [2011-07-12 20:14:52 | 000,147,456 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\AssistFunc.dll
MOD - [2010-10-05 09:22:50 | 000,253,952 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\pngio.dll
MOD - [2010-10-05 09:22:50 | 000,208,896 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\ImageHelper.dll
MOD - [2010-08-23 04:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.15\aaHMLib.dll
MOD - [2009-08-12 21:15:52 | 000,253,952 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Sensor\AlertHelper\pngio.dll
MOD - [2008-07-11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012-02-12 17:41:55 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011-12-06 05:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011-04-15 14:13:23 | 000,111,104 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe -- (postgresql-x64-9.0)
SRV:64bit: - [2011-02-22 22:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-08-15 11:57:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-19 11:06:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011-09-20 12:53:25 | 001,406,080 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.07\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2011-08-09 04:56:04 | 000,947,328 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe -- (asHmComSvc)
SRV - [2011-08-09 04:55:00 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe -- (asComSvc)
SRV - [2010-10-21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-08-29 18:44:35 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012-07-03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-04-19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012-04-01 19:16:43 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-03-19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012-02-24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012-02-22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012-02-16 12:02:00 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012-01-31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011-12-23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011-12-06 05:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-12-06 04:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011-10-30 21:23:08 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-10-30 21:23:08 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-10-17 19:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-09-14 18:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011-09-14 18:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011-08-18 14:45:42 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2011-08-15 11:30:04 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011-07-20 03:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011-07-04 15:00:50 | 002,726,400 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2010-11-21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010-11-21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010-11-21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-08-17 19:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012-05-09 13:22:09 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C7 42 00 FA D1 85 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.60
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.2.44079
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.12
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-07-09 16:07:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-07-09 16:07:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: D:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012-07-03 10:10:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012-07-19 11:06:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2012-04-19 08:41:50 | 000,000,000 | ---D | M]

[2012-02-11 21:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Extensions
[2012-08-29 12:35:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions
[2012-07-02 11:29:56 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] ("Adblock") -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2012-08-29 12:35:03 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-02-22 11:07:37 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\[email protected]
[2012-02-22 11:07:37 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\[email protected]
[2012-03-20 20:43:15 | 000,000,000 | ---D | M] (Woordenboek Nederlands) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\[email protected]
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\[email protected]
[2012-08-28 22:57:33 | 000,005,397 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\2torrents.xml
[2012-07-16 16:48:27 | 000,000,838 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\alltorrent.xml
[2009-11-06 13:06:12 | 000,002,171 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\bing.xml
[2008-05-31 22:56:38 | 000,001,751 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\bittorrent-monster.xml
[2012-08-28 22:57:33 | 000,001,412 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\bittorrent.xml
[2012-08-28 22:57:33 | 000,004,690 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\flextorrent.xml
[2012-07-16 16:48:27 | 000,000,812 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\fulltorrent.xml
[2012-08-28 22:57:34 | 000,002,109 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\funkytorrentscom.xml
[2008-06-21 16:54:06 | 000,000,908 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\imdb.xml
[2012-08-28 22:57:34 | 000,001,846 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\isohunt---bittorrent.xml
[2012-07-16 16:48:27 | 000,000,826 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\mininova.xml
[2012-07-16 16:48:27 | 000,000,858 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\newtorrentsinfo.xml
[2008-05-31 22:56:36 | 000,001,110 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\the-pirate-bay.xml
[2008-05-31 22:56:40 | 000,001,138 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\torrent-finder.xml
[2012-08-28 22:57:34 | 000,002,143 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\torrentbox.xml
[2012-08-28 22:57:34 | 000,002,169 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\torrentportal.xml
[2012-07-16 16:48:27 | 000,000,853 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\torrentreactornet.xml
[2012-07-16 16:48:27 | 000,000,795 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\torrentspy.xml
[2008-06-22 18:38:52 | 000,001,108 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\wikipedia-en.xml
[2012-08-17 09:29:21 | 001,136,465 | ---- | M] () (No name found) -- C:\USERS\JOKE EN JASPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YB29ZKOC.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012-08-28 22:55:32 | 000,230,013 | ---- | M] () (No name found) -- C:\USERS\JOKE EN JASPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YB29ZKOC.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012-08-29 18:28:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4 - HKLM..\Run: [AVG_TRAY] D:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [WebNoti] D:\Users\Joke en Jasper\AppData\Roaming\WebNoti\WebNoti.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Joke en Jasper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Joke en Jasper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41D861AA-F82F-4918-8556-2D1EBE420AA0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O29:64bit: - HKLM SecurityProviders - (EtdevnOmhenc.dll) - File not found
O29 - HKLM SecurityProviders - (EtdevnOmhenc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (D:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-08-29 19:01:45 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Joke en Jasper\Desktop\OTL.exe
[2012-08-29 18:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012-08-29 18:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012-08-29 18:47:07 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Joke en Jasper\Desktop\spybotsd162.exe
[2012-08-29 18:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012-08-29 18:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012-08-29 18:33:19 | 008,864,168 | ---- | C] (SurfRight B.V.) -- C:\Users\Joke en Jasper\Desktop\HitmanPro36_x64.exe
[2012-08-29 18:31:32 | 019,463,128 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Joke en Jasper\Desktop\SUPERAntiSpyware.exe
[2012-08-29 18:29:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-08-29 18:28:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012-08-29 17:39:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-08-29 17:39:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-08-29 17:39:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-08-29 17:39:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-08-29 17:39:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-08-29 17:38:48 | 004,739,810 | R--- | C] (Swearware) -- C:\Users\Joke en Jasper\Desktop\ComboFix.exe
[2012-08-29 16:35:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-08-29 16:05:45 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Desktop\David_Guetta_feat._Sia-She_Wolf_(Falling_To_Pieces)-PROMO-CDR-FLAC-2012-WRE
[2012-08-29 12:34:07 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\DVDVideoSoft
[2012-08-29 09:53:47 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Documents\Untitled
[2012-08-29 09:40:39 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2012-08-29 09:32:19 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{D1A6348E-DB84-4247-880F-102387B499BB}
[2012-08-28 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Documents\OFX Presets
[2012-08-28 10:46:34 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{26F59685-944C-4620-8204-A9091119C38A}
[2012-08-27 21:55:21 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{DC5FD364-DC51-4AF3-AB72-FE10CD79BB55}
[2012-08-27 10:54:15 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\Xilisoft
[2012-08-27 10:54:14 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\Xilisoft
[2012-08-27 05:07:59 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{CF354A09-85ED-4F57-8C4C-3220BF42522C}
[2012-08-26 12:50:01 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Desktop\FarFromIt_Sample
[2012-08-26 10:43:00 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{5323E27C-C8C3-40FB-A85D-530CE4E4FA4E}
[2012-08-25 22:42:37 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{B051394C-4683-4EBA-9B23-9C4791AC5C5C}
[2012-08-25 10:27:36 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{579D78DF-30E5-4787-B05D-0202029B30F3}
[2012-08-24 22:27:13 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{747FDAF6-D78C-4218-A72F-883A443425AF}
[2012-08-24 10:13:31 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{F16F2F22-CF82-4E66-A4B6-017E790F62C7}
[2012-08-23 20:13:31 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{0781EA7F-A735-4B3E-AF9C-E5071B0C58CA}
[2012-08-23 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
[2012-08-23 11:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Blackmagic Design
[2012-08-23 11:18:50 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\postgresql
[2012-08-23 11:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Blackmagic Design
[2012-08-23 11:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.0
[2012-08-23 11:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\PostgreSQL
[2012-08-23 08:13:04 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{A18F5D48-54D6-416E-BDCC-3F1869515F55}
[2012-08-22 20:12:41 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{D3D579B6-4822-4961-9F72-809D6604B0A3}
[2012-08-22 08:12:31 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{C7910886-D4E1-457B-9C2A-7BFDFBA5E83B}
[2012-08-20 22:20:59 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{F08324F5-28A3-4EB8-910C-D9CA76F877BF}
[2012-08-18 15:49:08 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{22BFC448-BE34-494E-BA03-02D60C84D962}
[2012-08-18 15:48:58 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{12576399-997C-4739-8178-608F3157B35B}
[2012-08-17 22:34:51 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{635E1179-643A-4902-9CD2-2D43E32B74AB}
[2012-08-17 22:34:40 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{C68102E1-4E1D-4B31-890C-869962823CFB}
[2012-08-17 09:19:04 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{FE6AC035-9D6C-4F89-8C4E-8727FA2F391D}
[2012-08-17 09:18:54 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{E8E41CB6-3416-4FE1-889F-FE4AD1768E0B}
[2012-08-16 08:26:59 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{3B73AA08-BCE3-41CC-A69C-114493CEAA71}
[2012-08-16 08:26:50 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{713CE5C1-AFA9-4E8C-B46A-522C9B6B9E73}
[2012-08-14 22:18:05 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{CEAB15C9-8CBD-4495-98EA-00093426DFD5}
[2012-08-14 22:17:55 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{9BC3E3DD-E936-4B88-B3F9-510EC68EEF11}
[2012-08-14 07:53:21 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{16EDED64-86C5-42E4-9D7C-E37058A1C4D8}
[2012-08-14 07:53:06 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{6AAA750F-5E5C-4C2E-9112-1A6C5699CD50}
[2012-08-13 19:40:26 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\TechSmith
[2012-08-13 19:40:23 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Documents\Camtasia Studio
[2012-08-13 19:40:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2012-08-13 19:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7
[2012-08-13 19:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2012-08-13 19:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2012-08-08 22:27:04 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{E366130A-4D15-4256-B3F9-71AD3A628489}
[2012-08-08 22:26:54 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{E6D6A4B5-3B85-474A-9FB1-30E8926AD140}
[2012-08-08 08:15:17 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\dvdcss
[2012-08-08 08:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2012-08-08 08:14:56 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\Digiarty
[2012-08-08 08:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2012-08-08 08:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2012-08-08 08:07:43 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{B781BECF-7D90-4A78-989E-46116F015F51}
[2012-08-08 08:07:33 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{9B96D4E4-EC38-4180-BC71-6DBBAD1BD090}
[2012-08-07 19:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\VideoCopilot
[2012-08-07 19:16:30 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Documents\VideoCopilot
[2012-08-07 09:31:30 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{39CF1DB4-8A13-40B9-A5DA-9848A4744A01}
[2012-08-07 09:31:21 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{7C3392E1-97B0-4B5F-8084-D2372860D46B}
[2012-08-06 19:21:25 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\Skype
[2012-08-06 19:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012-08-06 19:21:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012-08-06 19:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012-08-06 10:31:10 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{23E3891C-370B-401F-9FB3-B1B64CF37F01}
[2012-08-06 10:30:59 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{BC3C1767-42C6-46A2-8A41-9226984E0A18}
[2012-08-05 22:30:36 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{1F284A45-D683-43BB-B2BB-DE506E811A36}
[2012-08-05 22:30:26 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{FC402D5C-AFA6-4852-925C-D2B09F4944E3}
[2012-08-05 07:33:53 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{3D6A203A-00D8-4BE8-9932-1E3608D7F561}
[2012-08-05 07:33:44 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{C617BE1E-0237-4595-B90D-E18E450A6A6F}
[2012-08-04 10:46:38 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{030EC7CD-0DAB-4B94-A10B-2506964A07E2}
[2012-08-04 10:46:27 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{B91D6804-00C9-4ACB-8A16-7317F1692DBC}
[2012-08-03 22:44:29 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{5B0F4A53-9E07-47AB-81E6-99F113701E16}
[2012-08-03 22:44:18 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{11894768-A19F-49F3-99E5-079871EA2D4E}
[2012-08-03 10:43:55 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{CFF3FBB8-890E-4556-A183-3E76D7932F55}
[2012-08-03 10:43:45 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{6EA79893-BB6F-4246-9073-F2C9F8F6A5AD}
[2012-08-02 22:34:43 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{0082204A-7166-4312-A91B-60DBE098B98F}
[2012-08-02 22:34:33 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{C938D50E-10CD-4782-B49E-3E2E2346BE14}
[2012-08-01 10:58:55 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plus500
[2012-08-01 10:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plus500
[2012-08-01 10:58:52 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\Plus500
[2012-08-01 10:58:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plus500
[2012-08-01 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{3CC1439D-C691-463E-ABF2-F80A1760F8FD}
[2012-08-01 09:13:45 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{ADE2E7A8-B441-401C-98D8-CAB858A7524A}
[2012-07-31 21:51:05 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Desktop\Gramatik_digitalfreedom
[2012-07-30 23:18:05 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{5F1C6B62-E325-46CE-91F2-4F8BF148B700}
[2012-07-30 23:17:54 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{FC227F0C-6E2F-482E-BF76-9B1536030DA7}

========== Files - Modified Within 30 Days ==========

[2012-08-29 19:01:45 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Joke en Jasper\Desktop\OTL.exe
[2012-08-29 18:57:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-08-29 18:48:47 | 001,671,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-08-29 18:48:47 | 000,746,034 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012-08-29 18:48:47 | 000,654,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-08-29 18:48:47 | 000,153,090 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012-08-29 18:48:47 | 000,121,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-08-29 18:48:11 | 000,000,948 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\Spybot - Search & Destroy.lnk
[2012-08-29 18:47:21 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Joke en Jasper\Desktop\spybotsd162.exe
[2012-08-29 18:44:35 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012-08-29 18:44:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-08-29 18:43:27 | 000,001,498 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012-08-29 18:34:54 | 000,302,592 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\lcwxjm46.exe
[2012-08-29 18:33:25 | 008,864,168 | ---- | M] (SurfRight B.V.) -- C:\Users\Joke en Jasper\Desktop\HitmanPro36_x64.exe
[2012-08-29 18:31:42 | 019,463,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Joke en Jasper\Desktop\SUPERAntiSpyware.exe
[2012-08-29 18:28:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-08-29 17:47:11 | 105,217,374 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012-08-29 17:38:54 | 004,739,810 | R--- | M] (Swearware) -- C:\Users\Joke en Jasper\Desktop\ComboFix.exe
[2012-08-29 13:07:07 | 014,003,541 | ---- | M] () -- C:\Users\Joke en Jasper\Documents\Untitled.ncor
[2012-08-29 11:51:37 | 000,000,132 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012-08-29 11:42:26 | 000,412,746 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\dvd.jpg
[2012-08-29 10:52:57 | 002,159,820 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\20120829_103635.jpg
[2012-08-29 09:23:45 | 000,002,072 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.imi
[2012-08-29 09:19:21 | 000,675,480 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\5.veg
[2012-08-28 22:35:18 | 000,675,480 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\5.veg.bak
[2012-08-28 21:01:27 | 000,633,680 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\4.veg
[2012-08-28 20:59:08 | 000,633,680 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\4.veg.bak
[2012-08-28 20:01:45 | 000,153,500 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\3.jpg
[2012-08-28 20:01:37 | 000,347,084 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\2.jpg
[2012-08-28 20:01:32 | 000,188,065 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\1.jpg
[2012-08-27 11:06:24 | 004,214,624 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\cover.jpg
[2012-08-27 10:53:36 | 000,615,112 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\3.veg
[2012-08-27 05:09:17 | 000,615,112 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\3.veg.bak
[2012-08-25 16:32:08 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-08-25 16:32:08 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-08-24 22:26:53 | 011,853,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-08-18 09:10:33 | 000,245,736 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\scomber_-_Southern_Comfort.mp3.sfk
[2012-08-17 19:15:01 | 000,001,456 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012-08-16 18:15:27 | 000,052,920 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\Nutricia_Los.jpg
[2012-08-07 18:26:48 | 000,277,538 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012-08-04 13:47:04 | 000,399,705 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\7537358822_7631dbcf85_b.jpg
[2012-07-31 15:22:12 | 007,134,608 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\scomber_-_Southern_Comfort.mp3

========== Files Created - No Company Name ==========

[2012-08-29 18:48:11 | 000,000,948 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\Spybot - Search & Destroy.lnk
[2012-08-29 18:44:35 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012-08-29 18:43:27 | 000,001,498 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012-08-29 18:34:54 | 000,302,592 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\lcwxjm46.exe
[2012-08-29 17:39:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-08-29 17:39:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-08-29 17:39:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-08-29 17:39:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-08-29 17:39:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-08-29 11:42:25 | 000,412,746 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\dvd.jpg
[2012-08-29 10:52:56 | 002,159,820 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\20120829_103635.jpg
[2012-08-29 09:40:56 | 014,003,541 | ---- | C] () -- C:\Users\Joke en Jasper\Documents\Untitled.ncor
[2012-08-28 21:06:35 | 000,675,480 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\5.veg.bak
[2012-08-28 21:06:35 | 000,675,480 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\5.veg
[2012-08-28 20:57:22 | 000,633,680 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\4.veg.bak
[2012-08-28 20:57:22 | 000,633,680 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\4.veg
[2012-08-28 20:01:42 | 000,153,500 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\3.jpg
[2012-08-28 20:01:36 | 000,347,084 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\2.jpg
[2012-08-28 20:01:27 | 000,188,065 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\1.jpg
[2012-08-27 11:06:20 | 004,214,624 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\cover.jpg
[2012-08-27 05:08:14 | 000,615,112 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\3.veg.bak
[2012-08-27 05:08:14 | 000,615,112 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\3.veg
[2012-08-21 21:27:08 | 000,001,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
[2012-08-21 21:26:53 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012-08-21 21:26:47 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012-08-21 21:26:46 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
[2012-08-21 21:26:26 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012-08-18 09:10:01 | 000,245,736 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\scomber_-_Southern_Comfort.mp3.sfk
[2012-08-16 18:15:27 | 000,052,920 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\Nutricia_Los.jpg
[2012-08-04 13:40:43 | 000,399,705 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\7537358822_7631dbcf85_b.jpg
[2012-07-31 15:22:07 | 007,134,608 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\scomber_-_Southern_Comfort.mp3
[2012-05-28 12:00:59 | 000,001,456 | ---- | C] () -- C:\Users\Joke en Jasper\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012-03-28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012-03-28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012-03-28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012-03-28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012-03-28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012-03-03 16:25:40 | 000,000,132 | ---- | C] () -- C:\Users\Joke en Jasper\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012-02-12 22:27:32 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012-02-12 17:40:22 | 001,648,260 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-02-12 15:48:25 | 000,000,132 | ---- | C] () -- C:\Users\Joke en Jasper\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012-02-12 15:45:44 | 005,503,632 | ---- | C] () -- C:\Windows\PE_File.dll
[2012-02-12 15:37:32 | 005,441,440 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012-02-11 21:21:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-02-11 21:19:20 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012-02-11 21:19:20 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2012-02-11 21:19:20 | 000,039,983 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012-02-11 21:19:20 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2012-02-11 21:19:12 | 000,002,072 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2012-02-11 21:19:10 | 000,005,327 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2012-02-11 21:19:10 | 000,004,844 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2012-02-11 21:03:39 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012-02-11 21:03:36 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012-02-11 20:55:56 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012-02-11 20:55:52 | 000,035,420 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011-12-06 04:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011-12-06 04:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011-12-05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011-12-05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011-09-13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012-02-16 11:03:18 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Anthropics
[2012-02-11 21:19:27 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\ASUS
[2012-02-12 17:48:12 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Autodesk
[2012-02-11 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\AVG2012
[2012-07-18 10:54:53 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Belastingdienst
[2012-04-27 12:57:00 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Bitcoin
[2012-07-16 16:56:13 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Blue Cat Audio
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Canneverbe Limited
[2012-02-12 11:30:42 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012-04-03 20:41:27 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\com.prezi.PreziDesktop
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\DAEMON Tools Lite
[2012-08-08 08:15:01 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Digiarty
[2012-07-09 15:12:02 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Dropbox
[2012-08-29 12:35:23 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\DVDVideoSoft
[2012-07-25 14:10:35 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Eyeblaster
[2012-07-03 11:48:13 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\FileZilla
[2012-08-29 19:14:28 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\foobar2000
[2012-05-29 14:45:05 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\FreeFLVConverter
[2012-07-02 22:31:20 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\GameHouse
[2012-07-11 23:06:57 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\GAMEON
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Garmin
[2012-04-16 11:54:08 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\HDRsoft
[2012-07-02 22:33:20 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\iWin
[2012-04-24 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\NeatVideo SV 64
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Notepad++
[2012-02-12 22:27:32 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\PACE Anti-Piracy
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Pegasys Inc
[2012-04-27 09:55:21 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\poclbm
[2012-08-23 11:24:46 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\postgresql
[2012-03-01 12:08:57 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Publish Providers
[2012-08-29 09:40:39 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2012-04-12 17:37:11 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Samsung
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Sony
[2012-06-14 19:50:56 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Sony Creative Software Inc
[2012-07-27 14:01:33 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Tyre
[2012-08-27 17:11:56 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\uTorrent
[2012-07-16 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Voxengo
[2012-08-27 10:54:14 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Xilisoft
[2012-08-29 13:12:46 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012-08-21 21:36:34 | 000,000,000 | ---D | M](C:\Users\Joke en Jasper\AppData\Roaming\?Adobe) -- C:\Users\Joke en Jasper\AppData\Roaming\̞Adobe
[2012-08-21 21:36:34 | 000,000,000 | ---D | M](C:\Users\Joke en Jasper\AppData\Roaming\?Adobe) -- C:\Users\Joke en Jasper\AppData\Roaming\̞Adobe
[2012-08-21 21:36:34 | 000,000,000 | ---D | C](C:\Users\Joke en Jasper\AppData\Roaming\?Adobe) -- C:\Users\Joke en Jasper\AppData\Roaming\̞Adobe

========== Alternate Data Streams ==========

@Alternate Data Stream - 1130 bytes -> C:\Users\Joke en Jasper\AppData\Local\97lBcKiMImGsd:9YgA7EthUu8LdedRp8W
@Alternate Data Stream - 1072 bytes -> C:\ProgramData\Microsoft:fSecUQAJ6SMlD3nK
@Alternate Data Stream - 1020 bytes -> C:\ProgramData\Microsoft:0VRA70mfIINlH3XJhKhI8T

< End of report >

Edited by proxii, 30 August 2012 - 03:02 AM.

  • 0

Advertisements

#2
RKinner
Posted 30 August 2012 - 11:50 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.


Ron
  • 0

#3
proxii
Posted 03 September 2012 - 09:29 AM

proxii

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Ron,

Thanks for helping me! Sorry for the late reply, I was away all weekend.
I've followed your steps, they are posted below.
No results so far though....

#1 aswMBR
Scan completed, fix button not present, log saved

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-03 16:30:49
-----------------------------
16:30:49.067 OS Version: Windows x64 6.1.7601 Service Pack 1
16:30:49.067 Number of processors: 12 586 0x2D07
16:30:49.068 ComputerName: DYNASTYEVOLVED UserName: Joke en Jasper
16:30:49.319 Initialize success
16:31:34.879 AVAST engine defs: 12090300
16:31:49.697 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP10T0L0-a
16:31:49.700 Disk 0 Vendor: M4-CT128M4SSD2 000F Size: 122104MB BusType: 11
16:31:49.704 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP11T0L0-b
16:31:49.707 Disk 1 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907729MB BusType: 11
16:31:49.712 Disk 0 MBR read successfully
16:31:49.716 Disk 0 MBR scan
16:31:49.721 Disk 0 Windows 7 default MBR code
16:31:49.724 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 122002 MB offset 206848
16:31:49.732 Disk 0 scanning C:\Windows\system32\drivers
16:31:51.900 Service scanning
16:31:57.929 Modules scanning
16:31:58.168 AVAST engine scan C:\Windows
16:31:59.134 AVAST engine scan C:\Windows\system32
16:32:54.570 AVAST engine scan C:\Windows\system32\drivers
16:32:56.852 AVAST engine scan C:\Users\Joke en Jasper
16:34:11.097 AVAST engine scan C:\ProgramData
16:34:29.886 Scan finished successfully
16:38:24.630 Disk 0 MBR has been saved successfully to "C:\Users\Joke en Jasper\Desktop\virus fix\MBR.dat"
16:38:24.634 The log file has been saved successfully to "C:\Users\Joke en Jasper\Desktop\virus fix\aswMBR_1.txt"


#2 ComboFix
every program closed, virusscan and mbam realtime closed/disabled, log saved

ComboFix 12-09-03.06 - Joke en Jasper 03-09-2012 16:43:22.3.12 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.32745.29035 [GMT 2:00]
Gestart vanuit: C:\Users\Joke en Jasper\Desktop\virus fix\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt


(((((((((((((((((((( Bestanden Gemaakt van 2012-08-03 to 2012-09-03 ))))))))))))))))))))))))))))))


2012-09-03 14:46:02 . 2012-09-03 14:46:02 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-08-30 21:00:58 . 2012-08-30 21:00:58 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-08-30 21:00:56 . 2012-08-30 21:00:56 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-08-29 16:48:08 . 2012-08-29 17:01:32 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-29 16:44:35 . 2012-08-29 16:44:35 30496 ----a-w- C:\Windows\system32\drivers\hitmanpro36.sys
2012-08-29 16:36:23 . 2012-08-29 16:36:23 -------- d-----w- C:\Program Files\HitmanPro
2012-08-29 16:33:32 . 2012-08-29 16:43:28 -------- d-----w- C:\ProgramData\HitmanPro
2012-08-29 14:35:05 . 2012-07-03 11:46:44 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-08-29 10:34:07 . 2012-08-29 10:35:23 -------- d-----w- C:\Users\Joke en Jasper\AppData\Roaming\DVDVideoSoft
2012-08-29 07:40:39 . 2012-08-29 07:40:39 -------- d-----w- C:\Users\Joke en Jasper\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
2012-08-27 08:54:15 . 2012-08-27 08:54:15 -------- d-----w- C:\Users\Joke en Jasper\AppData\Local\Xilisoft
2012-08-27 08:54:14 . 2012-08-27 08:54:14 -------- d-----w- C:\Users\Joke en Jasper\AppData\Roaming\Xilisoft
2012-08-23 09:24:37 . 2012-08-23 09:24:37 -------- d-----w- C:\Program Files\Blackmagic Design
2012-08-23 09:18:50 . 2012-08-23 09:24:46 -------- d-----w- C:\Users\Joke en Jasper\AppData\Roaming\postgresql
2012-08-23 09:18:21 . 2012-08-23 09:18:21 -------- d-----w- C:\ProgramData\Blackmagic Design
2012-08-23 09:17:35 . 2012-08-23 09:17:35 -------- d-----w- C:\Users\postgres
2012-08-23 09:17:10 . 2012-08-23 09:17:10 -------- d-----w- C:\Program Files\PostgreSQL
2012-08-15 08:56:47 . 2012-05-05 08:36:55 503808 ----a-w- C:\Windows\system32\srcore.dll
2012-08-15 08:56:47 . 2012-05-05 07:46:52 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 08:56:35 . 2012-02-11 06:43:47 751104 ----a-w- C:\Windows\system32\win32spl.dll
2012-08-15 08:56:35 . 2012-02-11 06:36:02 559104 ----a-w- C:\Windows\system32\spoolsv.exe
2012-08-15 08:56:35 . 2012-02-11 06:36:01 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 08:56:35 . 2012-02-11 05:43:49 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 08:56:13 . 2012-07-04 22:16:43 73216 ----a-w- C:\Windows\system32\netapi32.dll
2012-08-15 08:56:13 . 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\system32\browcli.dll
2012-08-15 08:56:13 . 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\system32\browser.dll
2012-08-15 08:56:13 . 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 08:56:01 . 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\system32\win32k.sys
2012-08-15 08:55:49 . 2012-05-14 05:26:34 956928 ----a-w- C:\Windows\system32\localspl.dll
2012-08-13 17:40:26 . 2012-08-13 17:40:26 -------- d-----w- C:\Users\Joke en Jasper\AppData\Local\TechSmith
2012-08-13 17:40:02 . 2012-08-13 17:40:02 -------- d-----w- C:\Windows\SysWow64\QuickTime
2012-08-13 17:39:58 . 2012-08-13 17:40:00 -------- d-----w- C:\ProgramData\TechSmith
2012-08-13 17:39:58 . 2012-08-13 17:39:58 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
2012-08-08 06:15:17 . 2012-08-08 06:46:09 -------- d-----w- C:\Users\Joke en Jasper\AppData\Roaming\dvdcss
2012-08-08 06:14:56 . 2012-08-08 06:15:01 -------- d-----w- C:\Users\Joke en Jasper\AppData\Roaming\Digiarty
2012-08-08 06:12:37 . 2012-08-08 06:13:01 -------- d-----w- C:\ProgramData\DVD Shrink
2012-08-07 17:18:16 . 2012-08-07 17:19:18 -------- d-----w- C:\ProgramData\VideoCopilot
2012-08-06 17:21:25 . 2012-08-06 17:46:23 -------- d-----w- C:\Users\Joke en Jasper\AppData\Roaming\Skype
2012-08-06 17:21:23 . 2012-08-06 17:21:23 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
2012-08-06 17:21:20 . 2012-08-06 17:21:24 -------- d-----w- C:\ProgramData\Skype
.


((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-08-15 21:29:09 . 2012-02-11 19:58:19 62134624 ----a-w- C:\Windows\system32\MRT.exe
2012-08-15 09:57:06 . 2012-04-02 08:06:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-15 09:57:06 . 2012-02-11 19:18:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 20:06:30 . 2012-07-25 11:53:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06:20 . 2012-02-23 12:53:45 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-09 05:43:10 . 2012-07-11 23:17:17 14172672 ----a-w- C:\Windows\system32\shell32.dll
2012-06-06 06:49:52 . 2012-06-06 06:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 . 2012-07-11 23:17:19 2004480 ----a-w- C:\Windows\system32\msxml6.dll
2012-06-06 06:06:16 . 2012-07-11 23:17:19 1881600 ----a-w- C:\Windows\system32\msxml3.dll
2012-06-06 06:02:54 . 2012-07-11 23:17:13 1133568 ----a-w- C:\Windows\system32\cdosys.dll
2012-06-06 05:05:52 . 2012-07-11 23:17:19 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 . 2012-07-11 23:17:19 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 . 2012-07-11 23:17:13 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[7] 2010-11-21 03:24:09 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-04-20 08:16:15 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\user32.dll

[-] 2012-04-20 08:16:15 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\SysWOW64\user32.dll
[7] 2010-11-21 03:24:20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

((((((((((((((((((((((((((((( SnapShot@2012-08-29_16.23.13 )))))))))))))))))))))))))))))))))))))))))

+ 2007-08-21 18:46:34 . 2007-08-21 18:46:34 59160 C:\Windows\SysWOW64\zlib.dll
+ 1999-04-06 07:55:30 . 1999-04-06 07:55:30 15872 C:\Windows\SysWOW64\SCP32.DLL
+ 2008-09-30 14:41:26 . 2008-09-30 14:41:26 91656 C:\Windows\SysWOW64\msxml4r.dll
+ 2002-01-05 01:38:38 . 2002-01-05 01:38:38 54784 C:\Windows\SysWOW64\msvci70.dll
+ 2005-09-23 05:57:04 . 2005-09-23 05:57:04 94208 C:\Windows\SysWOW64\msstkprp.dll
+ 2010-11-21 03:09:11 . 2012-09-03 07:30:54 55846 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10:35 . 2012-09-03 07:30:54 40906 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-08-29 18:07:30 . 2010-10-04 23:52:36 96768 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\SwHelpViewer\SwHelpViewer.exe
+ 2012-08-29 18:07:30 . 2010-10-05 01:25:16 35840 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\SwHelpViewer\lang\turkish\swHelpViewerResu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:25:06 36864 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\SwHelpViewer\lang\spanish\swHelpViewerResu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:25:04 36864 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\SwHelpViewer\lang\Russian\swHelpViewerResu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:25:14 36864 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\SwHelpViewer\lang\portuguese-brazilian\swHelpViewerResu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:25:02 36864 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\SwHelpViewer\lang\polish\swHelpViewerResu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:25:08 33280 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\SwHelpViewer\lang\korean\swHelpViewerResu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:24:58 33280 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\SwHelpViewer\lang\japanese\swHelpViewerResu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:24:56 36864 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\SwHelpViewer\lang\italian\swHelpViewerResu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:24:52 37888 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\SwHelpViewer\lang\german\swHelpViewerResu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:24:50 37376 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\SwHelpViewer\lang\french\swHelpViewerResu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:25:20 35840 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\SwHelpViewer\lang\english\swHelpViewerResu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:25:12 36352 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\SwHelpViewer\lang\czech\swHelpViewerResu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:24:44 31744 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\SwHelpViewer\lang\chinese\swHelpViewerResu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:24:46 31744 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\SwHelpViewer\lang\chinese-simplified\swHelpViewerResu.dll
+ 2012-08-29 18:07:29 . 2010-10-07 11:41:18 83752 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\regval.exe
- 2009-07-14 04:46:26 . 2012-08-25 08:04:07 99064 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46:26 . 2012-09-01 09:43:59 99064 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-08-31 14:22:36 . 2012-08-31 14:22:36 32768 C:\Windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2012-08-29 18:09:23 . 2012-08-29 18:09:23 65536 C:\Windows\Installer\{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}\NewShortcut6_6FB4326107844327A65BF2376469A0AE.exe
+ 2012-08-30 21:00:59 . 2012-08-30 21:00:59 32768 C:\Windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2012-08-29 18:10:13 . 2012-08-29 18:10:13 61440 C:\Windows\Installer\{5F590D74-AA75-410F-A778-3CDFCE12DCD4}\NewShortcut2.exe
+ 2012-08-29 18:10:07 . 2012-08-29 18:10:07 16896 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA8ED.tmp\AnnotationOperation.dll
+ 2012-08-29 18:11:02 . 2012-08-29 18:11:02 27136 C:\Windows\assembly\NativeImages_v2.0.50727_32\SldServiceClients\d67808f71b145b2caeb9c0517d781217\SldServiceClients.ni.dll
+ 2012-08-29 18:11:02 . 2012-08-29 18:11:02 25088 C:\Windows\assembly\NativeImages_v2.0.50727_32\SldService\ec104cb53cef138bd63bb28c0e873c1c\SldService.ni.dll
+ 2012-08-29 18:11:01 . 2012-08-29 18:11:01 40960 C:\Windows\assembly\NativeImages_v2.0.50727_32\SldJobs\72a290db435d85e155e30fb611ed61a4\SldJobs.ni.dll
+ 2012-08-29 18:10:21 . 2012-08-29 18:10:21 76288 C:\Windows\assembly\NativeImages_v2.0.50727_32\SketchWPF\92c4bce21a17bba40bde319c160d3668\SketchWPF.ni.dll
+ 2012-08-29 18:10:22 . 2012-08-29 18:10:22 45568 C:\Windows\assembly\NativeImages_v2.0.50727_32\SketchUI\57b0b13bac24738b168c804a6331b83f\SketchUI.ni.dll
+ 2012-08-29 18:10:20 . 2012-08-29 18:10:20 22528 C:\Windows\assembly\NativeImages_v2.0.50727_32\SketchOperation\456efc6da96acb08d9de80aea823e02a\SketchOperation.ni.dll
+ 2012-08-29 18:10:40 . 2012-08-29 18:10:40 88576 C:\Windows\assembly\NativeImages_v2.0.50727_32\SheetMetalWPF\3b48fc5649fb887c3245615784f9eb32\SheetMetalWPF.ni.dll
+ 2012-08-29 18:10:23 . 2012-08-29 18:10:23 18432 C:\Windows\assembly\NativeImages_v2.0.50727_32\SheetMetalOperation\91435403144bf7734bbd86a6fe95c845\SheetMetalOperation.ni.dll
+ 2012-08-29 18:10:38 . 2012-08-29 18:10:38 68608 C:\Windows\assembly\NativeImages_v2.0.50727_32\RefPlaneWPF\deef4115a4ecbf3f4147e3e5dbc93d49\RefPlaneWPF.ni.dll
+ 2012-08-29 18:10:38 . 2012-08-29 18:10:38 74752 C:\Windows\assembly\NativeImages_v2.0.50727_32\RefGeomUI\5c3383f8ce8bbba39f288f6963ef74e3\RefGeomUI.ni.dll
+ 2012-08-29 18:10:23 . 2012-08-29 18:10:23 17920 C:\Windows\assembly\NativeImages_v2.0.50727_32\RefGeomOperation\12305dcb9e146c35a85068cb13384b1d\RefGeomOperation.ni.dll
+ 2012-08-29 18:10:05 . 2012-08-29 18:10:05 40448 C:\Windows\assembly\NativeImages_v2.0.50727_32\OperationBase\5e680dc67d60a9b6950ec76453f99078\OperationBase.ni.dll
+ 2012-08-29 18:10:06 . 2012-08-29 18:10:06 21504 C:\Windows\assembly\NativeImages_v2.0.50727_32\Manipulator\35671c3a35ff06d550b4b1ae267ed8fb\Manipulator.ni.dll
+ 2012-08-29 18:10:29 . 2012-08-29 18:10:29 91648 C:\Windows\assembly\NativeImages_v2.0.50727_32\FeatureWPF\49a6e9e6c4e78871437e06a7a489c4e4\FeatureWPF.ni.dll
+ 2012-08-29 18:10:28 . 2012-08-29 18:10:28 56320 C:\Windows\assembly\NativeImages_v2.0.50727_32\FeatureUI\31f39879ff9a368aea7fbf21b1b0db9d\FeatureUI.ni.dll
+ 2012-08-29 18:10:20 . 2012-08-29 18:10:20 22016 C:\Windows\assembly\NativeImages_v2.0.50727_32\FeatureOperation\1039b8ddd1796014bf5b52b73912f0ec\FeatureOperation.ni.dll
+ 2012-08-29 18:10:35 . 2012-08-29 18:10:35 31744 C:\Windows\assembly\NativeImages_v2.0.50727_32\EnvironmentWPF\17a3942f5999a5ec8c3bb505b30f1fcf\EnvironmentWPF.ni.dll
+ 2012-08-29 18:10:36 . 2012-08-29 18:10:36 23040 C:\Windows\assembly\NativeImages_v2.0.50727_32\EnvironmentUI\d1317d10225a0b0d45732adba937eaf5\EnvironmentUI.ni.dll
+ 2012-08-29 18:10:36 . 2012-08-29 18:10:36 15872 C:\Windows\assembly\NativeImages_v2.0.50727_32\EnvironmentOperation\c1b657c9001cc3ea97b0ff48b663f70a\EnvironmentOperation.ni.dll
+ 2012-08-29 18:10:35 . 2012-08-29 18:10:35 64512 C:\Windows\assembly\NativeImages_v2.0.50727_32\environmentcplu\ab68b5f2191aeedcf765943f7acf09de\environmentcplu.ni.dll
+ 2012-08-29 18:10:05 . 2012-08-29 18:10:05 29696 C:\Windows\assembly\NativeImages_v2.0.50727_32\EnvironmentCore\896e00aac73472bacb947d3386ec253f\EnvironmentCore.ni.dll
+ 2012-08-29 18:10:02 . 2012-08-29 18:10:02 61952 C:\Windows\assembly\NativeImages_v2.0.50727_32\DveSupport\a721c06c83432f4e4cdc4924cd753c85\DveSupport.ni.dll
+ 2012-08-29 18:10:06 . 2012-08-29 18:10:06 36352 C:\Windows\assembly\NativeImages_v2.0.50727_32\DebugControls\ff5df515f2a45182c445035d9503b8c3\DebugControls.ni.dll
+ 2012-08-29 18:10:01 . 2012-08-29 18:10:01 46080 C:\Windows\assembly\NativeImages_v2.0.50727_32\CoreInterface\3871d8b0fc3676dd26b1d8331404e2a4\CoreInterface.ni.dll
+ 2012-08-29 18:10:24 . 2012-08-29 18:10:24 24064 C:\Windows\assembly\NativeImages_v2.0.50727_32\ContentUI\cf014a59c7f2824b496118ecae88d0b5\ContentUI.ni.dll
+ 2012-08-29 18:10:24 . 2012-08-29 18:10:24 24064 C:\Windows\assembly\NativeImages_v2.0.50727_32\ContentOperation\9e7ab22ab75a41e0550af21d89966b10\ContentOperation.ni.dll
+ 2012-08-29 18:10:34 . 2012-08-29 18:10:34 72704 C:\Windows\assembly\NativeImages_v2.0.50727_32\clrloadu\08336a0c4af1accb1cbbaff37252400e\clrloadu.ni.dll
+ 2012-08-29 18:10:30 . 2012-08-29 18:10:30 40448 C:\Windows\assembly\NativeImages_v2.0.50727_32\asmfeaturewpf\58d2e4699439ae0160bf1de3950e3423\asmfeaturewpf.ni.dll
+ 2012-08-29 18:10:30 . 2012-08-29 18:10:30 28672 C:\Windows\assembly\NativeImages_v2.0.50727_32\asmfeatureui\634f3502b47dec951d9126d0a990bcec\asmfeatureui.ni.dll
+ 2012-08-29 18:10:22 . 2012-08-29 18:10:22 19456 C:\Windows\assembly\NativeImages_v2.0.50727_32\AsmFeatureOperation\279e72a1d570e358091ad9502bf7c82e\AsmFeatureOperation.ni.dll
+ 2012-08-29 18:10:15 . 2012-08-29 18:10:15 20992 C:\Windows\assembly\NativeImages_v2.0.50727_32\AnnotationUI\02304b98eb6af0710a896038ace24807\AnnotationUI.ni.dll
+ 2012-08-29 18:10:14 . 2012-08-29 18:10:14 16896 C:\Windows\assembly\NativeImages_v2.0.50727_32\AnnotationOperation\8d8b64bf6664337ef7e156c176fed7db\AnnotationOperation.ni.dll
+ 2012-08-29 18:07:55 . 2012-08-29 18:07:55 49152 C:\Windows\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop.dll
+ 2012-08-29 18:07:46 . 2012-08-29 18:07:46 12080 C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2012-08-29 18:07:46 . 2012-08-29 18:07:46 64288 C:\Windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-02-11 18:54:48 . 2012-09-03 07:30:54 9264 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3646392386-748874636-2614076268-1000_UserData.bin
+ 2012-09-03 14:47:01 . 2012-09-03 14:47:01 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-29 15:43:46 . 2012-08-29 15:43:46 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2001-10-29 07:44:36 . 2001-10-29 07:44:36 397856 C:\Windows\SysWOW64\XceedZip.dll
+ 2002-01-05 01:40:20 . 2002-01-05 01:40:20 487424 C:\Windows\SysWOW64\msvcp70.dll
+ 2000-04-03 18:05:58 . 2000-04-03 18:05:58 118784 C:\Windows\SysWOW64\msstdfmt.dll
+ 2002-01-05 02:36:38 . 2002-01-05 02:36:38 964608 C:\Windows\SysWOW64\mfc70u.dll
+ 2002-01-05 02:48:16 . 2002-01-05 02:48:16 974848 C:\Windows\SysWOW64\mfc70.dll
+ 2012-02-12 22:08:01 . 2012-09-03 11:40:40 510608 C:\Windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-11-21 16:48:25 . 2012-09-03 07:33:21 746034 C:\Windows\system32\perfh013.dat
- 2010-11-21 16:48:25 . 2012-08-29 15:47:55 746034 C:\Windows\system32\perfh013.dat
+ 2009-07-14 02:36:59 . 2012-09-03 07:33:21 654880 C:\Windows\system32\perfh009.dat
- 2009-07-14 02:36:59 . 2012-08-29 15:47:55 654880 C:\Windows\system32\perfh009.dat
- 2010-11-21 16:48:25 . 2012-08-29 15:47:55 153090 C:\Windows\system32\perfc013.dat
+ 2010-11-21 16:48:25 . 2012-09-03 07:33:21 153090 C:\Windows\system32\perfc013.dat
- 2009-07-14 02:36:59 . 2012-08-29 15:47:55 121752 C:\Windows\system32\perfc009.dat
+ 2009-07-14 02:36:59 . 2012-09-03 07:33:21 121752 C:\Windows\system32\perfc009.dat
+ 2012-08-29 18:07:30 . 2010-10-05 01:18:48 448512 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\turkish\sldBgDwldresu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:19:42 458752 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\turkish\sldadminoptioneditorresu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:18:44 454144 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\spanish\sldBgDwldresu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:19:38 460800 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\spanish\sldadminoptioneditorresu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:18:44 451584 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\russian\sldBgDwldresu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:19:38 459776 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\russian\sldadminoptioneditorresu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:18:48 452608 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\portuguese-brazilian\sldBgDwldresu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:19:42 460800 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\portuguese-brazilian\sldadminoptioneditorresu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:18:42 450048 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\polish\sldBgDwldresu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:19:38 459264 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\polish\sldadminoptioneditorresu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:18:24 931328 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\korean\sldIMresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:46 436224 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\korean\sldBgDwldresu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:19:40 454144 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\korean\sldadminoptioneditorresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:18 960512 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\japanese\sldIMresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:42 438784 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\japanese\sldBgDwldresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:19:36 454656 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\japanese\sldadminoptioneditorresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:40 452096 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\italian\sldBgDwldresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:19:36 459264 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\italian\sldadminoptioneditorresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:40 455680 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\german\sldBgDwldresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:19:34 461312 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\german\sldadminoptioneditorresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:38 454656 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\french\sldBgDwldresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:19:34 461312 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\french\sldadminoptioneditorresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:48 448512 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\english\sldBgDwldresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:19:42 457728 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\english\sldadminoptioneditorresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:46 449024 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\czech\sldBgDwldresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:19:40 459776 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\czech\sldadminoptioneditorresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:08 897024 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\chinese\sldIMresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:36 431104 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\chinese\sldBgDwldresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:19:32 451584 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\chinese\sldadminoptioneditorresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:10 893440 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\chinese-simplified\sldIMresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:38 430080 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\chinese-simplified\sldBgDwldresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:19:34 451072 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\chinese-simplified\sldadminoptioneditorresu.dll
+ 2012-08-29 18:07:29 . 2010-10-07 11:41:24 361256 C:\Windows\SolidWorks\IM_20110-40000-1100-200\setup.exe
- 2009-07-14 05:01:48 . 2012-08-29 15:43:08 856012 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01:48 . 2012-09-03 14:46:21 856012 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2007-03-15 14:45:06 . 2007-03-15 14:45:06 698880 C:\Windows\Installer\30486b4.msi
+ 2012-08-29 18:09:23 . 2012-08-29 18:09:23 335872 C:\Windows\Installer\{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}\swScheduler.exe
+ 2012-08-29 18:09:23 . 2012-08-29 18:09:23 335872 C:\Windows\Installer\{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}\swlmwizard.exe
+ 2012-08-29 18:09:23 . 2012-08-29 18:09:23 335872 C:\Windows\Installer\{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}\SldToolboxConfigur_D0220928AF1811D3AEA400C04F79FCDD.exe
+ 2012-08-29 18:09:23 . 2012-08-29 18:09:23 335872 C:\Windows\Installer\{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}\NewShortcut9_E25347DDCACC4EF68B761E0A823DCC8F.exe
+ 2012-08-29 18:09:23 . 2012-08-29 18:09:23 335872 C:\Windows\Installer\{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}\NewShortcut7_C914E53252F44C209102E82A5FCE34D6.exe
+ 2012-08-29 18:09:23 . 2012-08-29 18:09:23 335872 C:\Windows\Installer\{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}\NewShortcut3_D0220928AF1811D3AEA400C04F79FCDD_1.exe
+ 2012-08-29 18:09:23 . 2012-08-29 18:09:23 335872 C:\Windows\Installer\{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}\i386_SldWorks.exe
+ 2012-08-29 18:09:23 . 2012-08-29 18:09:23 335872 C:\Windows\Installer\{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}\i386_SldRxexeSE_D0220928AF1811D3AEA400C04F79FCDD.exe
+ 2012-08-29 18:09:23 . 2012-08-29 18:09:23 335872 C:\Windows\Installer\{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}\i386_SldRxexeSDK_D0220928AF1811D3AEA400C04F79FCDD.exe
+ 2012-08-29 18:09:23 . 2012-08-29 18:09:23 335872 C:\Windows\Installer\{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}\i386_SldRx.exe
+ 2012-08-29 18:09:23 . 2012-08-29 18:09:23 335872 C:\Windows\Installer\{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}\CopyOptWiz.exe
+ 2012-08-31 14:22:39 . 2012-08-31 14:22:39 217864 C:\Windows\Installer\{90120000-00A4-0409-0000-0000000FF1CE}\misc.exe
+ 2012-08-29 18:10:13 . 2012-08-29 18:10:13 335872 C:\Windows\Installer\{5F590D74-AA75-410F-A778-3CDFCE12DCD4}\NewShortcut6.11CCDA48_0F59_4209_ACA1_FCDB865558EA.exe
+ 2012-08-29 18:10:13 . 2012-08-29 18:10:13 335872 C:\Windows\Installer\{5F590D74-AA75-410F-A778-3CDFCE12DCD4}\NewShortcut5.11CCDA48_0F59_4209_ACA1_FCDB865558EA.exe
+ 2012-08-29 18:10:13 . 2012-08-29 18:10:13 335872 C:\Windows\Installer\{5F590D74-AA75-410F-A778-3CDFCE12DCD4}\NewShortcut4.11CCDA48_0F59_4209_ACA1_FCDB865558EA.exe
+ 2012-08-29 18:10:13 . 2012-08-29 18:10:13 335872 C:\Windows\Installer\{5F590D74-AA75-410F-A778-3CDFCE12DCD4}\NewShortcut3_2723AB6ADE8640EEAA77EC7E47C4DF34.exe
+ 2012-08-29 18:10:13 . 2012-08-29 18:10:13 335872 C:\Windows\Installer\{5F590D74-AA75-410F-A778-3CDFCE12DCD4}\NewShortcut1.exe
+ 2012-08-29 18:10:13 . 2012-08-29 18:10:13 335872 C:\Windows\Installer\{5F590D74-AA75-410F-A778-3CDFCE12DCD4}\ARPPRODUCTICON.exe
+ 2012-08-29 18:10:04 . 2012-08-29 18:10:04 335872 C:\Windows\Installer\{52A73A2E-2478-45E5-A390-8C0A6F525678}\NewShortcut3_274DA99946544DBA81CDC7C6DFF86FE9.exe
+ 2012-08-29 18:10:04 . 2012-08-29 18:10:04 335872 C:\Windows\Installer\{52A73A2E-2478-45E5-A390-8C0A6F525678}\NewShortcut2_D8540FC24EAA475A8D6CEA1C18D864CD.exe
+ 2012-08-29 18:10:04 . 2012-08-29 18:10:04 335872 C:\Windows\Installer\{52A73A2E-2478-45E5-A390-8C0A6F525678}\NewShortcut1_47900BEFC3444186A576305230D6DDD6.exe
+ 2012-08-29 18:10:04 . 2012-08-29 18:10:04 335872 C:\Windows\Installer\{52A73A2E-2478-45E5-A390-8C0A6F525678}\eModelViewer1.exe
+ 2012-08-29 18:07:46 . 2012-08-29 18:07:46 461616 C:\Windows\Installer\$PatchCache$\Managed\000021094A0090400000000000F01FEC\12.0.4518\OWC11PIA.DLL
+ 2006-10-26 11:58:42 . 2006-10-26 11:58:42 290576 C:\Windows\Installer\$PatchCache$\Managed\000021094A0090400000000000F01FEC\12.0.4518\MSCDM.DLL
+ 2012-08-29 20:03:17 . 2012-08-29 20:03:17 303104 C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\5662833bb4f3d0ab4bb32a351297e928\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-08-29 18:10:02 . 2012-08-29 18:10:02 226304 C:\Windows\assembly\NativeImages_v2.0.50727_32\wpfsupport\688d930b17f51979807b9f0f46c8a3ce\wpfsupport.ni.dll
+ 2012-08-29 18:10:05 . 2012-08-29 18:10:05 470016 C:\Windows\assembly\NativeImages_v2.0.50727_32\WPFRes\ac35878191d7dfd33b9c394bbd7556b4\WPFRes.ni.dll
+ 2012-08-29 18:10:03 . 2012-08-29 18:10:03 119296 C:\Windows\assembly\NativeImages_v2.0.50727_32\UiBase\66ca54b28eab90828fdc8d16dab88b26\UiBase.ni.dll
+ 2012-08-29 18:10:21 . 2012-08-29 18:10:21 674304 C:\Windows\assembly\NativeImages_v2.0.50727_32\Sketchcplu\6f346bb65a2b52a1468b6edb01f51e32\Sketchcplu.ni.dll
+ 2012-08-29 18:10:39 . 2012-08-29 18:10:39 142848 C:\Windows\assembly\NativeImages_v2.0.50727_32\SheetMetalUi\717d453192d5575390c74891d03b2fde\SheetMetalUi.ni.dll
+ 2012-08-29 18:10:39 . 2012-08-29 18:10:39 361472 C:\Windows\assembly\NativeImages_v2.0.50727_32\sheetmetalcplu\14587f1bb17b57bd85a4aadd2567543f\sheetmetalcplu.ni.dll
+ 2012-08-29 18:10:37 . 2012-08-29 18:10:37 167936 C:\Windows\assembly\NativeImages_v2.0.50727_32\refgeomcplu\a9be89585ea9d1608744ae2ac63ada99\refgeomcplu.ni.dll
+ 2012-08-29 18:10:31 . 2012-08-29 18:10:31 227328 C:\Windows\assembly\NativeImages_v2.0.50727_32\featurecplu\f51c9cc533b9c337a5f4fae52678d014\featurecplu.ni.dll
+ 2012-08-29 18:10:14 . 2012-08-29 18:10:14 105984 C:\Windows\assembly\NativeImages_v2.0.50727_32\eDrawingsGraphicsCa#\9bb1812277fb9584389286a89d4f5369\eDrawingsGraphicsCardClient.ni.dll
+ 2012-08-29 18:10:04 . 2012-08-29 18:10:04 450048 C:\Windows\assembly\NativeImages_v2.0.50727_32\Controls\270369607601d06877e9e695eab5f227\Controls.ni.dll
+ 2012-08-29 18:10:26 . 2012-08-29 18:10:26 495104 C:\Windows\assembly\NativeImages_v2.0.50727_32\contentcplu\a06f3119fc01bb214c7707d3845f0f91\contentcplu.ni.dll
+ 2012-08-29 18:10:03 . 2012-08-29 18:10:03 163840 C:\Windows\assembly\NativeImages_v2.0.50727_32\CmdInterface\a4dadac35f7a186bc799501aad4e18e6\CmdInterface.ni.dll
+ 2012-08-29 18:10:28 . 2012-08-29 18:10:28 337920 C:\Windows\assembly\NativeImages_v2.0.50727_32\asmfeaturecplu\2d2c2f20266cef1747fb75d12c2c42b6\asmfeaturecplu.ni.dll
+ 2012-08-29 18:10:15 . 2012-08-29 18:10:15 184320 C:\Windows\assembly\NativeImages_v2.0.50727_32\AnnotationWPF\b39a578cf3bb31757d027fa9a46ab65d\AnnotationWPF.ni.dll
+ 2012-08-29 18:09:58 . 2012-08-29 18:09:58 223232 C:\Windows\assembly\NativeImages_v2.0.50727_32\annotationcplu\0c2011556cd3579a7ff968455f1cf084\annotationcplu.ni.dll
+ 2012-08-31 14:22:34 . 2012-08-31 14:22:34 477032 C:\Windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll
- 2012-02-16 10:08:17 . 2012-02-16 10:08:17 110592 C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2012-08-29 18:07:55 . 2012-08-29 18:07:55 110592 C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2009-07-20 22:05:40 . 2009-07-20 22:05:40 1348432 C:\Windows\SysWOW64\msxml4.dll
+ 2012-08-29 18:07:29 . 2010-10-04 23:56:36 4454400 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\sldps_libfnp.dll
+ 2012-08-29 18:07:29 . 2010-10-04 23:56:36 2226176 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\sldps.dll
+ 2012-08-29 18:07:29 . 2010-10-07 11:41:22 9570088 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\sldIM.exe
+ 2012-08-29 18:07:29 . 2010-10-07 11:41:20 5108520 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\sldadminoptioneditor.exe
+ 2012-08-29 18:07:30 . 2010-10-05 01:18:30 1035264 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\turkish\sldIMresu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:18:22 1076224 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\spanish\sldIMresu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:18:20 1062400 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\russian\sldIMresu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:18:28 1074688 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\portuguese-brazilian\sldIMresu.dll
+ 2012-08-29 18:07:30 . 2010-10-05 01:18:18 1061376 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\polish\sldIMresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:16 1072640 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\italian\sldIMresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:14 1094656 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\german\sldIMresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:12 1088512 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\french\sldIMresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:30 1042944 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\english\sldIMresu.dll
+ 2012-08-29 18:07:29 . 2010-10-05 01:18:26 1045504 C:\Windows\SolidWorks\IM_20110-40000-1100-200\sldim\lang\czech\sldIMresu.dll
+ 2009-07-14 04:45:55 . 2012-09-01 09:13:29 7087352 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45:55 . 2012-08-25 07:33:38 7087352 C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-02-12 14:05:30 . 2012-08-29 21:07:23 8988328 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-10-07 11:15:30 . 2010-10-07 11:15:30 6012416 C:\Windows\Installer\4c73cc.msi
+ 2006-12-02 05:09:06 . 2006-12-02 05:09:06 2818048 C:\Windows\Installer\4c7361.msi
+ 2011-04-29 10:28:40 . 2011-04-29 10:28:40 1995264 C:\Windows\Installer\34bf4c.msp
+ 2009-07-20 22:29:14 . 2009-07-20 22:29:14 6057984 C:\Windows\Installer\34bf44.msi
+ 2009-07-02 14:22:06 . 2009-07-02 14:22:06 4854272 C:\Windows\Installer\34bf3c.msp
+ 2012-04-04 20:38:16 . 2012-04-04 20:38:16 3620864 C:\Windows\Installer\34bf21.msp
+ 2008-09-30 19:07:10 . 2008-09-30 19:07:10 6042112 C:\Windows\Installer\30486bc.msi
+ 2009-02-25 17:08:18 . 2009-02-25 17:08:18 8311808 C:\Windows\Installer\30486ad.msp
+ 2007-10-12 18:07:50 . 2007-10-12 18:07:50 5791744 C:\Windows\Installer\30486a5.msp
+ 2007-08-24 02:32:24 . 2007-08-24 02:32:24 7049616 C:\Windows\Installer\$PatchCache$\Managed\000021094A0090400000000000F01FEC\12.0.6213\OWC11.DLL
+ 2007-08-28 22:19:26 . 2007-08-28 22:19:26 1654648 C:\Windows\Installer\$PatchCache$\Managed\000021094A0090400000000000F01FEC\12.0.6213\OGL.DLL
+ 2006-10-26 18:30:12 . 2006-10-26 18:30:12 7042880 C:\Windows\Installer\$PatchCache$\Managed\000021094A0090400000000000F01FEC\12.0.4518\OWC11.DLL
+ 2006-10-26 12:03:38 . 2006-10-26 12:03:38 1573672 C:\Windows\Installer\$PatchCache$\Managed\000021094A0090400000000000F01FEC\12.0.4518\OGL.DLL
+ 2012-08-29 18:10:01 . 2012-08-29 18:10:01 4595200 C:\Windows\assembly\NativeImages_v2.0.50727_32\sldcoreu\0d45fc61c1534e26b1505cbb0e656d32\sldcoreu.ni.dll
+ 2012-08-29 18:10:25 . 2012-08-29 18:10:25 1802752 C:\Windows\assembly\NativeImages_v2.0.50727_32\propertiesManagerWPF\ae7d7953c7922beb8d83e63fc9bf261c\propertiesManagerWPF.ni.dll
+ 2012-08-29 18:09:59 . 2012-08-29 18:09:59 1015808 C:\Windows\assembly\NativeImages_v2.0.50727_32\couplingBase\065c09f8176c438fe0c6bf1386f9305d\couplingBase.ni.dll
+ 2012-08-29 18:10:19 . 2012-08-29 18:10:19 1118720 C:\Windows\assembly\NativeImages_v2.0.50727_32\apicoupleru\552a55d84c6a23bfd6fbe2304f08e474\apicoupleru.ni.dll
+ 2012-08-29 18:07:55 . 2012-08-29 18:07:55 1662976 C:\Windows\assembly\GAC_32\mscorcfg\2.0.0.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2009-07-14 04:45:34 . 2012-08-30 06:57:26 11853368 C:\Windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45:34 . 2012-08-24 20:26:53 11853368 C:\Windows\system32\FNTCACHE.DAT
+ 2012-02-11 19:21:15 . 2012-09-03 14:46:21 36861820 C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3646392386-748874636-2614076268-1000-12288.dat
+ 2010-10-07 11:15:06 . 2010-10-07 11:15:06 12329984 C:\Windows\Installer\4c73d8.msi
+ 2010-10-07 10:53:42 . 2010-10-07 10:53:42 24372736 C:\Windows\Installer\4c73c3.msi
+ 2006-03-06 21:05:36 . 2006-03-06 21:05:36 54856704 C:\Windows\Installer\4c73bc.msi
+ 2006-10-27 14:57:42 . 2006-10-27 14:57:42 18874368 C:\Windows\Installer\4c736d.msi
+ 2012-07-25 14:59:06 . 2012-07-25 14:59:06 11032064 C:\Windows\Installer\34bf29.msp
+ 2008-08-11 09:51:14 . 2008-08-11 09:51:14 15916544 C:\Windows\Installer\30486c4.msp
+ 2012-08-29 18:08:21 . 2012-08-29 18:08:21 16693032 C:\Windows\assembly\GAC_32\DwgDocumentMgrNET\19.0.0.5019__46ba2cd761183c97\DwgDocumentMgrNET.dll

-- Snapshot teruggezet naar huidige datum --

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49:28 94208 ----a-w- C:\Users\Joke en Jasper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49:28 94208 ----a-w- C:\Users\Joke en Jasper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49:28 94208 ----a-w- C:\Users\Joke en Jasper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49:28 94208 ----a-w- C:\Users\Joke en Jasper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebNoti"="D:\Users\Joke en Jasper\AppData\Roaming\WebNoti\WebNoti.exe" [2011-09-27 13:58:04 961536]
"AdobeBridge"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="D:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 03:12:34 2587008]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 09:07:54 252296]
"Malwarebytes' Anti-Malware"="D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 11:46:44 462920]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Background Downloader.lnk - C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2012-8-29 1826600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0D:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders credssp.dll, EtdevnOmhenc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]
R2 MBAMService;MBAMService;D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 11:46:44 655944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 09:57:07 250056]
R3 ALSysIO;ALSysIO;C:\Users\JOKEEN~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 06:07:08 87336]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys [2012-02-24 09:14:42 99384]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 03:23:48 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-12 15:41:55 1431888]
R3 hitmanpro36;HitmanPro 3.6 Support Driver;C:\Windows\system32\drivers\hitmanpro36.sys [2012-08-29 16:44:35 30496]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-07-03 11:46:44 24904]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 10:15:00 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 04:22:52 114144]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 20:34:24 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-21 03:24:43 20992]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 09:14:42 203320]
R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 12:37:14 517096]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [2010-11-21 03:23:48 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys [2010-11-21 03:23:48 34816]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 03:23:48 117248]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-20 08:16:13 1255736]
S0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys [2012-04-19 02:50:26 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 02:46:48 36944]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 02:00:00 55280]
S0 sptd;sptd;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys [2012-02-22 03:25:32 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 11:32:14 47696]
S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys [2012-03-19 03:17:26 383808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-01 17:16:43 283200]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2011-12-06 03:11:56 235520]
S2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe [2011-08-09 02:55:00 918144]
S2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe [2011-08-09 02:56:04 947328]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 09:52:26 586880]
S2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.07\AsusFanControlService.exe [2011-09-20 10:53:25 1406080]
S2 avgwd;AVG WatchDog;D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 02:53:38 193288]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 12:33:42 83312]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 20:52:54 86016]
S2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
S2 SkypeUpdate;Skype Updater;D:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 11:28:36 160944]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2011-12-06 03:45:40 10720256]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [2011-12-06 02:12:14 327168]
S3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys [2011-09-14 16:05:34 129000]
S3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 16:05:34 394216]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [2011-10-17 17:40:50 93712]
S3 cmudaxp;ASUS Xonar Essence STX Audio Interface;C:\Windows\system32\drivers\cmudaxp.sys [2011-07-04 13:00:50 2726400]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys [2011-07-20 01:37:56 342704]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 17:28:32 26136]
S3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys [2011-08-15 09:30:04 56600]


Inhoud van de 'Gedeelde Taken' map

2012-09-03 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 08:06:29 . 2012-08-15 09:57:07]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49:30 97792 ----a-w- C:\Users\Joke en Jasper\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49:30 97792 ----a-w- C:\Users\Joke en Jasper\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49:30 97792 ----a-w- C:\Users\Joke en Jasper\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49:30 97792 ----a-w- C:\Users\Joke en Jasper\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788"="C:\Windows\Syswow64\cmicnfgp.dll" [2011-05-12 15:05:04 8790016]
"Cmaudio8788GX"="C:\Windows\syswow64\HsMgr.exe" [2008-07-11 14:04:22 200704]
"Cmaudio8788GX64"="C:\Windows\system\HsMgr64.exe" [2008-07-11 14:03:58 282112]

------- Bijkomende Scan -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Joke en Jasper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false



#3 TDSSKiller
options ticked, 3 files left to skip, log created

16:51:30.0275 1904 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:51:30.0379 1904 ============================================================
16:51:30.0379 1904 Current date / time: 2012/09/03 16:51:30.0379
16:51:30.0379 1904 SystemInfo:
16:51:30.0379 1904
16:51:30.0379 1904 OS Version: 6.1.7601 ServicePack: 1.0
16:51:30.0379 1904 Product type: Workstation
16:51:30.0379 1904 ComputerName: DYNASTYEVOLVED
16:51:30.0379 1904 UserName: Joke en Jasper
16:51:30.0379 1904 Windows directory: C:\Windows
16:51:30.0380 1904 System windows directory: C:\Windows
16:51:30.0380 1904 Running under WOW64
16:51:30.0380 1904 Processor architecture: Intel x64
16:51:30.0380 1904 Number of processors: 12
16:51:30.0380 1904 Page size: 0x1000
16:51:30.0380 1904 Boot type: Normal boot
16:51:30.0380 1904 ============================================================
16:51:31.0090 1904 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:51:31.0123 1904 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:51:31.0139 1904 ============================================================
16:51:31.0139 1904 \Device\Harddisk0\DR0:
16:51:31.0139 1904 MBR partitions:
16:51:31.0139 1904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
16:51:31.0139 1904 \Device\Harddisk1\DR1:
16:51:31.0139 1904 MBR partitions:
16:51:31.0139 1904 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
16:51:31.0139 1904 ============================================================
16:51:31.0141 1904 C: <-> \Device\Harddisk0\DR0\Partition1
16:51:31.0175 1904 D: <-> \Device\Harddisk1\DR1\Partition1
16:51:31.0176 1904 ============================================================
16:51:31.0176 1904 Initialize success
16:51:31.0176 1904 ============================================================
16:52:08.0704 2368 ============================================================
16:52:08.0704 2368 Scan started
16:52:08.0704 2368 Mode: Manual; SigCheck; TDLFS;
16:52:08.0704 2368 ============================================================
16:52:09.0046 2368 ================ Scan system memory ========================
16:52:09.0046 2368 System memory - ok
16:52:09.0046 2368 ================ Scan services =============================
16:52:09.0089 2368 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:52:09.0181 2368 1394ohci - ok
16:52:09.0188 2368 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:52:09.0202 2368 ACPI - ok
16:52:09.0204 2368 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:52:09.0221 2368 AcpiPmi - ok
16:52:09.0240 2368 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:52:09.0248 2368 AdobeFlashPlayerUpdateSvc - ok
16:52:09.0253 2368 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:52:09.0265 2368 adp94xx - ok
16:52:09.0270 2368 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:52:09.0280 2368 adpahci - ok
16:52:09.0283 2368 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:52:09.0291 2368 adpu320 - ok
16:52:09.0294 2368 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:52:09.0335 2368 AeLookupSvc - ok
16:52:09.0341 2368 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:52:09.0353 2368 AFD - ok
16:52:09.0355 2368 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:52:09.0361 2368 agp440 - ok
16:52:09.0363 2368 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:52:09.0373 2368 ALG - ok
16:52:09.0374 2368 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:52:09.0380 2368 aliide - ok
16:52:09.0392 2368 ALSysIO - ok
16:52:09.0396 2368 [ B5E2434FC851698C1F119CF1C3935A50 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:52:09.0418 2368 AMD External Events Utility - ok
16:52:09.0420 2368 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:52:09.0426 2368 amdide - ok
16:52:09.0428 2368 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:52:09.0435 2368 AmdK8 - ok
16:52:09.0523 2368 [ 9E3B4946F7E1BCA0B763E19D81EDBF2C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:52:09.0655 2368 amdkmdag - ok
16:52:09.0661 2368 [ B9E1C7B7F1865F99B16FF2E1BB94EDB6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:52:09.0672 2368 amdkmdap - ok
16:52:09.0674 2368 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:52:09.0681 2368 AmdPPM - ok
16:52:09.0684 2368 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:52:09.0690 2368 amdsata - ok
16:52:09.0693 2368 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:52:09.0701 2368 amdsbs - ok
16:52:09.0703 2368 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:52:09.0708 2368 amdxata - ok
16:52:09.0710 2368 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:52:09.0734 2368 AppID - ok
16:52:09.0736 2368 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:52:09.0757 2368 AppIDSvc - ok
16:52:09.0759 2368 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:52:09.0779 2368 Appinfo - ok
16:52:09.0783 2368 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:52:09.0791 2368 AppMgmt - ok
16:52:09.0793 2368 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:52:09.0800 2368 arc - ok
16:52:09.0802 2368 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:52:09.0809 2368 arcsas - ok
16:52:09.0817 2368 [ FBDDF3593B218D4FB73564B74817EEAA ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe
16:52:09.0842 2368 asComSvc - ok
16:52:09.0851 2368 [ 3B52CA3643113058ED95097CBA4AE469 ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe
16:52:09.0865 2368 asHmComSvc - ok
16:52:09.0868 2368 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
16:52:09.0872 2368 AsIO - ok
16:52:09.0875 2368 [ 6D9C024AA8F24065A6DBEAB1F431D854 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
16:52:09.0883 2368 asmthub3 - ok
16:52:09.0888 2368 [ ECAD22F15D8F17CC04F24E9A6FB00F2F ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
16:52:09.0898 2368 asmtxhci - ok
16:52:09.0908 2368 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:52:09.0914 2368 aspnet_state - ok
16:52:09.0920 2368 [ 5C31DFB196CB3A488A041881634D86D2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
16:52:09.0931 2368 AsSysCtrlService - ok
16:52:09.0933 2368 [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
16:52:09.0937 2368 AsUpIO - ok
16:52:09.0948 2368 [ 44C6734E6153D889F7831407C92E76FC ] AsusFanControlService C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.07\AsusFanControlService.exe
16:52:09.0968 2368 AsusFanControlService - ok
16:52:09.0971 2368 [ A5E4CDB420540095D1293C874B5F89AA ] ASUSFILTER C:\Windows\syswow64\drivers\ASUSFILTER.sys
16:52:09.0976 2368 ASUSFILTER - ok
16:52:09.0978 2368 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:52:09.0998 2368 AsyncMac - ok
16:52:10.0000 2368 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:52:10.0005 2368 atapi - ok
16:52:10.0009 2368 [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:52:10.0014 2368 AtiHDAudioService - ok
16:52:10.0020 2368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:52:10.0046 2368 AudioEndpointBuilder - ok
16:52:10.0052 2368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:52:10.0075 2368 AudioSrv - ok
16:52:10.0078 2368 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
16:52:10.0083 2368 AVGIDSHA - ok
16:52:10.0087 2368 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
16:52:10.0094 2368 Avgldx64 - ok
16:52:10.0096 2368 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
16:52:10.0101 2368 Avgmfx64 - ok
16:52:10.0102 2368 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
16:52:10.0107 2368 Avgrkx64 - ok
16:52:10.0111 2368 [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
16:52:10.0119 2368 Avgtdia - ok
16:52:10.0172 2368 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
16:52:10.0189 2368 avgwd - ok
16:52:10.0194 2368 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:52:10.0221 2368 AxInstSV - ok
16:52:10.0227 2368 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:52:10.0241 2368 b06bdrv - ok
16:52:10.0246 2368 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:52:10.0255 2368 b57nd60a - ok
16:52:10.0260 2368 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:52:10.0267 2368 BDESVC - ok
16:52:10.0269 2368 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:52:10.0289 2368 Beep - ok
16:52:10.0296 2368 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:52:10.0322 2368 BFE - ok
16:52:10.0330 2368 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
16:52:10.0354 2368 BITS - ok
16:52:10.0357 2368 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:52:10.0363 2368 blbdrive - ok
16:52:10.0366 2368 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:52:10.0373 2368 bowser - ok
16:52:10.0375 2368 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:52:10.0382 2368 BrFiltLo - ok
16:52:10.0384 2368 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:52:10.0392 2368 BrFiltUp - ok
16:52:10.0395 2368 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:52:10.0415 2368 BridgeMP - ok
16:52:10.0418 2368 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:52:10.0425 2368 Browser - ok
16:52:10.0429 2368 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:52:10.0440 2368 Brserid - ok
16:52:10.0442 2368 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:52:10.0451 2368 BrSerWdm - ok
16:52:10.0452 2368 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:52:10.0460 2368 BrUsbMdm - ok
16:52:10.0462 2368 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:52:10.0469 2368 BrUsbSer - ok
16:52:10.0471 2368 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:52:10.0479 2368 BTHMODEM - ok
16:52:10.0482 2368 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:52:10.0502 2368 bthserv - ok
16:52:10.0508 2368 catchme - ok
16:52:10.0510 2368 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:52:10.0530 2368 cdfs - ok
16:52:10.0532 2368 cdrbsdrv - ok
16:52:10.0536 2368 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:52:10.0544 2368 cdrom - ok
16:52:10.0546 2368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:52:10.0567 2368 CertPropSvc - ok
16:52:10.0569 2368 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:52:10.0577 2368 circlass - ok
16:52:10.0582 2368 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:52:10.0591 2368 CLFS - ok
16:52:10.0598 2368 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:52:10.0603 2368 clr_optimization_v2.0.50727_32 - ok
16:52:10.0608 2368 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:52:10.0614 2368 clr_optimization_v2.0.50727_64 - ok
16:52:10.0622 2368 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:52:10.0627 2368 clr_optimization_v4.0.30319_32 - ok
16:52:10.0630 2368 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:52:10.0636 2368 clr_optimization_v4.0.30319_64 - ok
16:52:10.0638 2368 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:52:10.0645 2368 CmBatt - ok
16:52:10.0646 2368 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:52:10.0652 2368 cmdide - ok
16:52:10.0670 2368 [ 7917DF8B464BD042475A733671E8D946 ] cmudaxp C:\Windows\system32\drivers\cmudaxp.sys
16:52:10.0700 2368 cmudaxp - ok
16:52:10.0705 2368 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:52:10.0720 2368 CNG - ok
16:52:10.0722 2368 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:52:10.0728 2368 Compbatt - ok
16:52:10.0730 2368 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:52:10.0738 2368 CompositeBus - ok
16:52:10.0740 2368 COMSysApp - ok
16:52:10.0758 2368 [ F46FF007508C32788D8D5F32F27C25C7 ] CoordinatorServiceHost C:\Program Files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
16:52:10.0763 2368 CoordinatorServiceHost - ok
16:52:10.0766 2368 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:52:10.0772 2368 crcdisk - ok
16:52:10.0777 2368 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:52:10.0785 2368 CryptSvc - ok
16:52:10.0790 2368 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:52:10.0801 2368 CSC - ok
16:52:10.0808 2368 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:52:10.0820 2368 CscService - ok
16:52:10.0826 2368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:52:10.0849 2368 DcomLaunch - ok
16:52:10.0853 2368 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:52:10.0876 2368 defragsvc - ok
16:52:10.0879 2368 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:52:10.0899 2368 DfsC - ok
16:52:10.0902 2368 [ 113212D25D0C9BB8901A9833774DA97F ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
16:52:10.0908 2368 dg_ssudbus - ok
16:52:10.0912 2368 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:52:10.0935 2368 Dhcp - ok
16:52:10.0937 2368 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:52:10.0958 2368 discache - ok
16:52:10.0960 2368 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:52:10.0966 2368 Disk - ok
16:52:10.0968 2368 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
16:52:10.0975 2368 dmvsc - ok
16:52:10.0979 2368 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:52:10.0987 2368 Dnscache - ok
16:52:10.0991 2368 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:52:11.0013 2368 dot3svc - ok
16:52:11.0017 2368 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:52:11.0038 2368 DPS - ok
16:52:11.0040 2368 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:52:11.0048 2368 drmkaud - ok
16:52:11.0052 2368 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:52:11.0059 2368 dtsoftbus01 - ok
16:52:11.0067 2368 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:52:11.0081 2368 DXGKrnl - ok
16:52:11.0085 2368 [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
16:52:11.0093 2368 e1cexpress - ok
16:52:11.0095 2368 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:52:11.0116 2368 EapHost - ok
16:52:11.0140 2368 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:52:11.0177 2368 ebdrv - ok
16:52:11.0179 2368 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:52:11.0186 2368 EFS - ok
16:52:11.0193 2368 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:52:11.0208 2368 ehRecvr - ok
16:52:11.0211 2368 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:52:11.0218 2368 ehSched - ok
16:52:11.0224 2368 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:52:11.0236 2368 elxstor - ok
16:52:11.0238 2368 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:52:11.0244 2368 ErrDev - ok
16:52:11.0251 2368 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:52:11.0272 2368 EventSystem - ok
16:52:11.0276 2368 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:52:11.0298 2368 exfat - ok
16:52:11.0301 2368 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:52:11.0323 2368 fastfat - ok
16:52:11.0329 2368 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:52:11.0342 2368 Fax - ok
16:52:11.0344 2368 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:52:11.0351 2368 fdc - ok
16:52:11.0353 2368 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:52:11.0373 2368 fdPHost - ok
16:52:11.0375 2368 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:52:11.0395 2368 FDResPub - ok
16:52:11.0398 2368 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:52:11.0403 2368 FileInfo - ok
16:52:11.0405 2368 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:52:11.0425 2368 Filetrace - ok
16:52:11.0435 2368 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:52:11.0451 2368 FLEXnet Licensing Service - ok
16:52:11.0462 2368 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
16:52:11.0482 2368 FLEXnet Licensing Service 64 - ok
16:52:11.0484 2368 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:52:11.0491 2368 flpydisk - ok
16:52:11.0494 2368 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:52:11.0503 2368 FltMgr - ok
16:52:11.0512 2368 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:52:11.0530 2368 FontCache - ok
16:52:11.0533 2368 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:52:11.0537 2368 FontCache3.0.0.0 - ok
16:52:11.0540 2368 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:52:11.0546 2368 FsDepends - ok
16:52:11.0548 2368 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:52:11.0553 2368 Fs_Rec - ok
16:52:11.0556 2368 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:52:11.0565 2368 fvevol - ok
16:52:11.0568 2368 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:52:11.0574 2368 gagp30kx - ok
16:52:11.0580 2368 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:52:11.0607 2368 gpsvc - ok
16:52:11.0609 2368 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:52:11.0616 2368 hcw85cir - ok
16:52:11.0620 2368 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:52:11.0631 2368 HdAudAddService - ok
16:52:11.0634 2368 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:52:11.0642 2368 HDAudBus - ok
16:52:11.0645 2368 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:52:11.0651 2368 HidBatt - ok
16:52:11.0664 2368 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:52:11.0673 2368 HidBth - ok
16:52:11.0675 2368 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:52:11.0683 2368 HidIr - ok
16:52:11.0685 2368 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
16:52:11.0705 2368 hidserv - ok
16:52:11.0707 2368 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:52:11.0714 2368 HidUsb - ok
16:52:11.0716 2368 [ 44F92C1F913E582BEF9CAC66443C6230 ] hitmanpro36 C:\Windows\system32\drivers\hitmanpro36.sys
16:52:11.0721 2368 hitmanpro36 - ok
16:52:11.0723 2368 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:52:11.0744 2368 hkmsvc - ok
16:52:11.0748 2368 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:52:11.0757 2368 HomeGroupListener - ok
16:52:11.0760 2368 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:52:11.0768 2368 HomeGroupProvider - ok
16:52:11.0770 2368 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:52:11.0777 2368 HpSAMD - ok
16:52:11.0783 2368 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:52:11.0809 2368 HTTP - ok
16:52:11.0811 2368 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:52:11.0817 2368 hwpolicy - ok
16:52:11.0819 2368 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:52:11.0826 2368 i8042prt - ok
16:52:11.0831 2368 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:52:11.0841 2368 iaStorV - ok
16:52:11.0843 2368 [ C1010ADD3DDAE1196ED21057AF7B2AAE ] ICCWDT C:\Windows\system32\DRIVERS\ICCWDT.sys
16:52:11.0848 2368 ICCWDT - ok
16:52:11.0855 2368 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:52:11.0870 2368 idsvc - ok
16:52:11.0872 2368 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:52:11.0878 2368 iirsp - ok
16:52:11.0885 2368 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:52:11.0913 2368 IKEEXT - ok
16:52:11.0916 2368 [ 4552B448CF9C00BA2A94032AF35BD9FC ] ImeDictUpdateService C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
16:52:11.0921 2368 ImeDictUpdateService - ok
16:52:11.0923 2368 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:52:11.0929 2368 intelide - ok
16:52:11.0931 2368 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:52:11.0938 2368 intelppm - ok
16:52:11.0940 2368 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:52:11.0961 2368 IPBusEnum - ok
16:52:11.0964 2368 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:52:11.0983 2368 IpFilterDriver - ok
16:52:11.0989 2368 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:52:12.0014 2368 iphlpsvc - ok
16:52:12.0017 2368 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:52:12.0024 2368 IPMIDRV - ok
16:52:12.0026 2368 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:52:12.0047 2368 IPNAT - ok
16:52:12.0049 2368 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:52:12.0058 2368 IRENUM - ok
16:52:12.0060 2368 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:52:12.0066 2368 isapnp - ok
16:52:12.0070 2368 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:52:12.0078 2368 iScsiPrt - ok
16:52:12.0081 2368 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:52:12.0086 2368 kbdclass - ok
16:52:12.0088 2368 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:52:12.0095 2368 kbdhid - ok
16:52:12.0096 2368 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:52:12.0102 2368 KeyIso - ok
16:52:12.0104 2368 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:52:12.0110 2368 KSecDD - ok
16:52:12.0113 2368 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:52:12.0120 2368 KSecPkg - ok
16:52:12.0122 2368 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:52:12.0142 2368 ksthunk - ok
16:52:12.0147 2368 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:52:12.0170 2368 KtmRm - ok
16:52:12.0174 2368 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
16:52:12.0196 2368 LanmanServer - ok
16:52:12.0199 2368 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:52:12.0220 2368 LanmanWorkstation - ok
16:52:12.0223 2368 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:52:12.0243 2368 lltdio - ok
16:52:12.0247 2368 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:52:12.0271 2368 lltdsvc - ok
16:52:12.0273 2368 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:52:12.0293 2368 lmhosts - ok
16:52:12.0297 2368 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:52:12.0304 2368 LSI_FC - ok
16:52:12.0306 2368 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:52:12.0312 2368 LSI_SAS - ok
16:52:12.0315 2368 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:52:12.0321 2368 LSI_SAS2 - ok
16:52:12.0323 2368 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:52:12.0330 2368 LSI_SCSI - ok
16:52:12.0332 2368 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:52:12.0353 2368 luafv - ok
16:52:12.0355 2368 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:52:12.0361 2368 MBAMProtector - ok
16:52:12.0440 2368 [ 43683E970F008C93C9429EF428147A54 ] MBAMService D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:52:12.0469 2368 MBAMService - ok
16:52:12.0472 2368 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:52:12.0482 2368 Mcx2Svc - ok
16:52:12.0484 2368 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:52:12.0491 2368 megasas - ok
16:52:12.0496 2368 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:52:12.0505 2368 MegaSR - ok
16:52:12.0507 2368 [ E4DD818EF22BBBF4274AF767A96D34C8 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
16:52:12.0512 2368 MEIx64 - ok
16:52:12.0521 2368 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2012_64 C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
16:52:12.0524 2368 mi-raysat_3dsmax2012_64 ( UnsignedFile.Multi.Generic ) - warning
16:52:12.0524 2368 mi-raysat_3dsmax2012_64 - detected UnsignedFile.Multi.Generic (1)
16:52:12.0531 2368 Microsoft SharePoint Workspace Audit Service - ok
16:52:12.0533 2368 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:52:12.0553 2368 MMCSS - ok
16:52:12.0555 2368 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:52:12.0577 2368 Modem - ok
16:52:12.0579 2368 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:52:12.0587 2368 monitor - ok
16:52:12.0589 2368 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:52:12.0595 2368 mouclass - ok
16:52:12.0597 2368 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:52:12.0603 2368 mouhid - ok
16:52:12.0605 2368 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:52:12.0612 2368 mountmgr - ok
16:52:12.0615 2368 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:52:12.0621 2368 MozillaMaintenance - ok
16:52:12.0624 2368 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:52:12.0631 2368 mpio - ok
16:52:12.0633 2368 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:52:12.0654 2368 mpsdrv - ok
16:52:12.0661 2368 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:52:12.0689 2368 MpsSvc - ok
16:52:12.0692 2368 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:52:12.0702 2368 MRxDAV - ok
16:52:12.0705 2368 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:52:12.0713 2368 mrxsmb - ok
16:52:12.0717 2368 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:52:12.0725 2368 mrxsmb10 - ok
16:52:12.0728 2368 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:52:12.0735 2368 mrxsmb20 - ok
16:52:12.0737 2368 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:52:12.0742 2368 msahci - ok
16:52:12.0745 2368 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:52:12.0752 2368 msdsm - ok
16:52:12.0754 2368 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:52:12.0763 2368 MSDTC - ok
16:52:12.0766 2368 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:52:12.0787 2368 Msfs - ok
16:52:12.0788 2368 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:52:12.0808 2368 mshidkmdf - ok
16:52:12.0810 2368 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:52:12.0815 2368 msisadrv - ok
16:52:12.0819 2368 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:52:12.0840 2368 MSiSCSI - ok
16:52:12.0842 2368 msiserver - ok
16:52:12.0844 2368 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:52:12.0864 2368 MSKSSRV - ok
16:52:12.0866 2368 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:52:12.0886 2368 MSPCLOCK - ok
16:52:12.0888 2368 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:52:12.0908 2368 MSPQM - ok
16:52:12.0912 2368 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:52:12.0922 2368 MsRPC - ok
16:52:12.0925 2368 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:52:12.0931 2368 mssmbios - ok
16:52:12.0933 2368 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:52:12.0953 2368 MSTEE - ok
16:52:12.0955 2368 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:52:12.0962 2368 MTConfig - ok
16:52:12.0964 2368 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:52:12.0970 2368 Mup - ok
16:52:12.0975 2368 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:52:13.0000 2368 napagent - ok
16:52:13.0004 2368 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:52:13.0016 2368 NativeWifiP - ok
16:52:13.0025 2368 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
16:52:13.0039 2368 NDIS - ok
16:52:13.0041 2368 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:52:13.0061 2368 NdisCap - ok
16:52:13.0063 2368 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:52:13.0083 2368 NdisTapi - ok
16:52:13.0085 2368 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:52:13.0105 2368 Ndisuio - ok
16:52:13.0109 2368 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:52:13.0130 2368 NdisWan - ok
16:52:13.0132 2368 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:52:13.0151 2368 NDProxy - ok
16:52:13.0153 2368 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:52:13.0174 2368 NetBIOS - ok
16:52:13.0178 2368 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:52:13.0199 2368 NetBT - ok
16:52:13.0202 2368 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:52:13.0208 2368 Netlogon - ok
16:52:13.0212 2368 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:52:13.0233 2368 Netman - ok
16:52:13.0242 2368 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:52:13.0248 2368 NetMsmqActivator - ok
16:52:13.0250 2368 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:52:13.0255 2368 NetPipeActivator - ok
16:52:13.0260 2368 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:52:13.0285 2368 netprofm - ok
16:52:13.0287 2368 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:52:13.0292 2368 NetTcpActivator - ok
16:52:13.0294 2368 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:52:13.0299 2368 NetTcpPortSharing - ok
16:52:13.0302 2368 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:52:13.0308 2368 nfrd960 - ok
16:52:13.0312 2368 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:52:13.0334 2368 NlaSvc - ok
16:52:13.0338 2368 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:52:13.0358 2368 Npfs - ok
16:52:13.0360 2368 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:52:13.0380 2368 nsi - ok
16:52:13.0383 2368 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:52:13.0403 2368 nsiproxy - ok
16:52:13.0417 2368 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:52:13.0437 2368 Ntfs - ok
16:52:13.0439 2368 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:52:13.0458 2368 Null - ok
16:52:13.0461 2368 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:52:13.0469 2368 nvraid - ok
16:52:13.0472 2368 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:52:13.0479 2368 nvstor - ok
16:52:13.0482 2368 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:52:13.0488 2368 nv_agp - ok
16:52:13.0491 2368 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:52:13.0498 2368 ohci1394 - ok
16:52:13.0502 2368 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:52:13.0508 2368 ose - ok
16:52:13.0539 2368 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:52:13.0588 2368 osppsvc - ok
16:52:13.0595 2368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:52:13.0604 2368 p2pimsvc - ok
16:52:13.0609 2368 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:52:13.0619 2368 p2psvc - ok
16:52:13.0622 2368 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:52:13.0629 2368 Parport - ok
16:52:13.0631 2368 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:52:13.0637 2368 partmgr - ok
16:52:13.0640 2368 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:52:13.0651 2368 PcaSvc - ok
16:52:13.0654 2368 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:52:13.0661 2368 pci - ok
16:52:13.0663 2368 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:52:13.0669 2368 pciide - ok
16:52:13.0672 2368 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:52:13.0680 2368 pcmcia - ok
16:52:13.0682 2368 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:52:13.0688 2368 pcw - ok
16:52:13.0694 2368 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:52:13.0720 2368 PEAUTH - ok
16:52:13.0730 2368 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:52:13.0749 2368 PeerDistSvc - ok
16:52:13.0767 2368 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:52:13.0774 2368 PerfHost - ok
16:52:13.0788 2368 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:52:13.0821 2368 pla - ok
16:52:13.0826 2368 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:52:13.0837 2368 PlugPlay - ok
16:52:13.0839 2368 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:52:13.0846 2368 PNRPAutoReg - ok
16:52:13.0850 2368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:52:13.0857 2368 PNRPsvc - ok
16:52:13.0863 2368 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:52:13.0886 2368 PolicyAgent - ok
16:52:13.0890 2368 postgresql-x64-9.0 - ok
16:52:13.0894 2368 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:52:13.0916 2368 Power - ok
16:52:13.0918 2368 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:52:13.0939 2368 PptpMiniport - ok
16:52:13.0941 2368 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:52:13.0948 2368 Processor - ok
16:52:13.0951 2368 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:52:13.0959 2368 ProfSvc - ok
16:52:13.0961 2368 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:52:13.0967 2368 ProtectedStorage - ok
16:52:13.0969 2368 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:52:13.0989 2368 Psched - ok
16:52:13.0992 2368 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
16:52:13.0996 2368 PxHlpa64 - ok
16:52:14.0009 2368 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:52:14.0032 2368 ql2300 - ok
16:52:14.0035 2368 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:52:14.0042 2368 ql40xx - ok
16:52:14.0046 2368 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:52:14.0057 2368 QWAVE - ok
16:52:14.0060 2368 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:52:14.0069 2368 QWAVEdrv - ok
16:52:14.0071 2368 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:52:14.0091 2368 RasAcd - ok
16:52:14.0093 2368 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:52:14.0113 2368 RasAgileVpn - ok
16:52:14.0116 2368 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:52:14.0137 2368 RasAuto - ok
16:52:14.0139 2368 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:52:14.0160 2368 Rasl2tp - ok
16:52:14.0164 2368 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:52:14.0187 2368 RasMan - ok
16:52:14.0189 2368 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:52:14.0210 2368 RasPppoe - ok
16:52:14.0213 2368 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:52:14.0233 2368 RasSstp - ok
16:52:14.0237 2368 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:52:14.0259 2368 rdbss - ok
16:52:14.0261 2368 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:52:14.0269 2368 rdpbus - ok
16:52:14.0271 2368 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:52:14.0291 2368 RDPCDD - ok
16:52:14.0295 2368 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:52:14.0302 2368 RDPDR - ok
16:52:14.0304 2368 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:52:14.0324 2368 RDPENCDD - ok
16:52:14.0327 2368 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:52:14.0346 2368 RDPREFMP - ok
16:52:14.0349 2368 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:52:14.0356 2368 RdpVideoMiniport - ok
16:52:14.0359 2368 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:52:14.0367 2368 RDPWD - ok
16:52:14.0370 2368 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:52:14.0378 2368 rdyboost - ok
16:52:14.0380 2368 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:52:14.0401 2368 RemoteAccess - ok
16:52:14.0405 2368 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:52:14.0426 2368 RemoteRegistry - ok
16:52:14.0428 2368 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:52:14.0449 2368 RpcEptMapper - ok
16:52:14.0451 2368 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:52:14.0458 2368 RpcLocator - ok
16:52:14.0464 2368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
16:52:14.0486 2368 RpcSs - ok
16:52:14.0488 2368 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:52:14.0509 2368 rspndr - ok
16:52:14.0511 2368 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:52:14.0517 2368 s3cap - ok
16:52:14.0519 2368 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:52:14.0525 2368 SamSs - ok
16:52:14.0527 2368 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:52:14.0534 2368 sbp2port - ok
16:52:14.0537 2368 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:52:14.0559 2368 SCardSvr - ok
16:52:14.0561 2368 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:52:14.0582 2368 scfilter - ok
16:52:14.0592 2368 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:52:14.0618 2368 Schedule - ok
16:52:14.0621 2368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:52:14.0640 2368 SCPolicySvc - ok
16:52:14.0643 2368 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:52:14.0652 2368 SDRSVC - ok
16:52:14.0654 2368 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:52:14.0673 2368 secdrv - ok
16:52:14.0675 2368 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:52:14.0695 2368 seclogon - ok
16:52:14.0698 2368 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
16:52:14.0719 2368 SENS - ok
16:52:14.0721 2368 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:52:14.0728 2368 SensrSvc - ok
16:52:14.0730 2368 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:52:14.0737 2368 Serenum - ok
16:52:14.0739 2368 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:52:14.0746 2368 Serial - ok
16:52:14.0748 2368 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:52:14.0755 2368 sermouse - ok
16:52:14.0760 2368 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:52:14.0781 2368 SessionEnv - ok
16:52:14.0783 2368 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:52:14.0790 2368 sffdisk - ok
16:52:14.0792 2368 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:52:14.0800 2368 sffp_mmc - ok
16:52:14.0802 2368 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:52:14.0810 2368 sffp_sd - ok
16:52:14.0812 2368 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:52:14.0818 2368 sfloppy - ok
16:52:14.0823 2368 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:52:14.0845 2368 SharedAccess - ok
16:52:14.0850 2368 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:52:14.0872 2368 ShellHWDetection - ok
16:52:14.0874 2368 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:52:14.0880 2368 SiSRaid2 - ok
16:52:14.0883 2368 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:52:14.0889 2368 SiSRaid4 - ok
16:52:14.0933 2368 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate D:\Program Files (x86)\Skype\Updater\Updater.exe
16:52:14.0948 2368 SkypeUpdate - ok
16:52:14.0955 2368 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:52:14.0986 2368 Smb - ok
16:52:14.0991 2368 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:52:14.0998 2368 SNMPTRAP - ok
16:52:15.0000 2368 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
16:52:15.0013 2368 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
16:52:15.0013 2368 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
16:52:15.0015 2368 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:52:15.0021 2368 spldr - ok
16:52:15.0026 2368 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:52:15.0036 2368 Spooler - ok
16:52:15.0059 2368 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:52:15.0110 2368 sppsvc - ok
16:52:15.0113 2368 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:52:15.0133 2368 sppuinotify - ok
16:52:15.0139 2368 [ DFC4E2081324E505CA479E473A78D893 ] sptd C:\Windows\System32\Drivers\sptd.sys
16:52:15.0150 2368 sptd - ok
16:52:15.0155 2368 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:52:15.0166 2368 srv - ok
16:52:15.0170 2368 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:52:15.0180 2368 srv2 - ok
16:52:15.0183 2368 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:52:15.0190 2368 srvnet - ok
16:52:15.0194 2368 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:52:15.0215 2368 SSDPSRV - ok
16:52:15.0217 2368 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:52:15.0238 2368 SstpSvc - ok
16:52:15.0241 2368 [ 78CD64791F8634CF7B582FD085E57C4B ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
16:52:15.0248 2368 ssudmdm - ok
16:52:15.0251 2368 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:52:15.0256 2368 stexstor - ok
16:52:15.0262 2368 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:52:15.0277 2368 stisvc - ok
16:52:15.0280 2368 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:52:15.0285 2368 storflt - ok
16:52:15.0287 2368 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:52:15.0293 2368 storvsc - ok
16:52:15.0295 2368 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:52:15.0300 2368 swenum - ok
16:52:15.0307 2368 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:52:15.0317 2368 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
16:52:15.0317 2368 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
16:52:15.0323 2368 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:52:15.0348 2368 swprv - ok
16:52:15.0350 2368 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
16:52:15.0357 2368 Synth3dVsc - ok
16:52:15.0370 2368 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:52:15.0396 2368 SysMain - ok
16:52:15.0399 2368 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:52:15.0409 2368 TabletInputService - ok
16:52:15.0413 2368 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:52:15.0434 2368 TapiSrv - ok
16:52:15.0437 2368 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:52:15.0458 2368 TBS - ok
16:52:15.0471 2368 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:52:15.0494 2368 Tcpip - ok
16:52:15.0507 2368 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:52:15.0529 2368 TCPIP6 - ok
16:52:15.0533 2368 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:52:15.0553 2368 tcpipreg - ok
16:52:15.0556 2368 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:52:15.0562 2368 TDPIPE - ok
16:52:15.0564 2368 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:52:15.0570 2368 TDTCP - ok
16:52:15.0573 2368 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:52:15.0592 2368 tdx - ok
16:52:15.0595 2368 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:52:15.0601 2368 TermDD - ok
16:52:15.0603 2368 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
16:52:15.0609 2368 terminpt - ok
16:52:15.0616 2368 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:52:15.0639 2368 TermService - ok
16:52:15.0642 2368 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:52:15.0652 2368 Themes - ok
16:52:15.0654 2368 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:52:15.0674 2368 THREADORDER - ok
16:52:15.0677 2368 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:52:15.0698 2368 TrkWks - ok
16:52:15.0701 2368 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:52:15.0722 2368 TrustedInstaller - ok
16:52:15.0725 2368 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:52:15.0744 2368 tssecsrv - ok
16:52:15.0746 2368 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:52:15.0753 2368 TsUsbFlt - ok
16:52:15.0755 2368 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:52:15.0761 2368 TsUsbGD - ok
16:52:15.0764 2368 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
16:52:15.0770 2368 tsusbhub - ok
16:52:15.0773 2368 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:52:15.0793 2368 tunnel - ok
16:52:15.0795 2368 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:52:15.0801 2368 uagp35 - ok
16:52:15.0805 2368 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:52:15.0828 2368 udfs - ok
16:52:15.0832 2368 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:52:15.0840 2368 UI0Detect - ok
16:52:15.0842 2368 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:52:15.0848 2368 uliagpkx - ok
16:52:15.0850 2368 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:52:15.0857 2368 umbus - ok
16:52:15.0859 2368 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:52:15.0865 2368 UmPass - ok
16:52:15.0868 2368 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:52:15.0876 2368 UmRdpService - ok
16:52:15.0881 2368 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:52:15.0904 2368 upnphost - ok
16:52:15.0907 2368 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:52:15.0914 2368 usbccgp - ok
16:52:15.0917 2368 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:52:15.0926 2368 usbcir - ok
16:52:15.0928 2368 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:52:15.0935 2368 usbehci - ok
16:52:15.0939 2368 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:52:15.0948 2368 usbhub - ok
16:52:15.0950 2368 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:52:15.0956 2368 usbohci - ok
16:52:15.0958 2368 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:52:15.0966 2368 usbprint - ok
16:52:15.0968 2368 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:52:15.0976 2368 usbscan - ok
16:52:15.0979 2368 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:52:15.0986 2368 USBSTOR - ok
16:52:15.0988 2368 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:52:15.0993 2368 usbuhci - ok
16:52:15.0996 2368 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:52:16.0016 2368 UxSms - ok
16:52:16.0018 2368 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:52:16.0024 2368 VaultSvc - ok
16:52:16.0026 2368 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:52:16.0031 2368 vdrvroot - ok
16:52:16.0037 2368 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:52:16.0061 2368 vds - ok
16:52:16.0064 2368 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:52:16.0072 2368 vga - ok
16:52:16.0074 2368 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:52:16.0094 2368 VgaSave - ok
16:52:16.0095 2368 VGPU - ok
16:52:16.0099 2368 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:52:16.0107 2368 vhdmp - ok
16:52:16.0109 2368 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:52:16.0114 2368 viaide - ok
16:52:16.0118 2368 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:52:16.0125 2368 vmbus - ok
16:52:16.0127 2368 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:52:16.0134 2368 VMBusHID - ok
16:52:16.0136 2368 [ 93F279A2C172562050700A18FA84BE2E ] vncmirror C:\Windows\system32\DRIVERS\vncmirror.sys
16:52:16.0141 2368 vncmirror - ok
16:52:16.0143 2368 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:52:16.0149 2368 volmgr - ok
16:52:16.0154 2368 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:52:16.0163 2368 volmgrx - ok
16:52:16.0167 2368 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:52:16.0175 2368 volsnap - ok
16:52:16.0178 2368 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:52:16.0186 2368 vsmraid - ok
16:52:16.0198 2368 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:52:16.0233 2368 VSS - ok
16:52:16.0236 2368 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:52:16.0244 2368 vwifibus - ok
16:52:16.0248 2368 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:52:16.0272 2368 W32Time - ok
16:52:16.0275 2368 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:52:16.0282 2368 WacomPen - ok
16:52:16.0284 2368 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:52:16.0304 2368 WANARP - ok
16:52:16.0306 2368 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:52:16.0325 2368 Wanarpv6 - ok
16:52:16.0335 2368 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:52:16.0355 2368 WatAdminSvc - ok
16:52:16.0367 2368 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:52:16.0388 2368 wbengine - ok
16:52:16.0392 2368 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:52:16.0403 2368 WbioSrvc - ok
16:52:16.0408 2368 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:52:16.0421 2368 wcncsvc - ok
16:52:16.0423 2368 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:52:16.0430 2368 WcsPlugInService - ok
16:52:16.0432 2368 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:52:16.0437 2368 Wd - ok
16:52:16.0443 2368 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:52:16.0456 2368 Wdf01000 - ok
16:52:16.0459 2368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:52:16.0481 2368 WdiServiceHost - ok
16:52:16.0482 2368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:52:16.0492 2368 WdiSystemHost - ok
16:52:16.0496 2368 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:52:16.0508 2368 WebClient - ok
16:52:16.0511 2368 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:52:16.0534 2368 Wecsvc - ok
16:52:16.0536 2368 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:52:16.0557 2368 wercplsupport - ok
16:52:16.0560 2368 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:52:16.0581 2368 WerSvc - ok
16:52:16.0583 2368 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:52:16.0602 2368 WfpLwf - ok
16:52:16.0604 2368 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:52:16.0610 2368 WIMMount - ok
16:52:16.0612 2368 WinDefend - ok
16:52:16.0615 2368 WinHttpAutoProxySvc - ok
16:52:16.0623 2368 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:52:16.0644 2368 Winmgmt - ok
16:52:16.0660 2368 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:52:16.0698 2368 WinRM - ok
16:52:16.0703 2368 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:52:16.0711 2368 WinUsb - ok
16:52:16.0719 2368 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:52:16.0737 2368 Wlansvc - ok
16:52:16.0754 2368 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:52:16.0784 2368 wlidsvc - ok
16:52:16.0787 2368 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:52:16.0793 2368 WmiAcpi - ok
16:52:16.0797 2368 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:52:16.0805 2368 wmiApSrv - ok
16:52:16.0807 2368 WMPNetworkSvc - ok
16:52:16.0810 2368 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:52:16.0816 2368 WPCSvc - ok
16:52:16.0818 2368 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:52:16.0826 2368 WPDBusEnum - ok
16:52:16.0828 2368 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:52:16.0848 2368 ws2ifsl - ok
16:52:16.0851 2368 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
16:52:16.0861 2368 wscsvc - ok
16:52:16.0863 2368 WSearch - ok
16:52:16.0881 2368 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:52:16.0913 2368 wuauserv - ok
16:52:16.0916 2368 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:52:16.0936 2368 WudfPf - ok
16:52:16.0940 2368 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:52:16.0961 2368 WUDFRd - ok
16:52:16.0963 2368 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:52:16.0983 2368 wudfsvc - ok
16:52:16.0987 2368 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:52:16.0999 2368 WwanSvc - ok
16:52:17.0002 2368 ================ Scan global ===============================
16:52:17.0003 2368 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:52:17.0007 2368 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:52:17.0012 2368 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:52:17.0014 2368 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:52:17.0019 2368 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:52:17.0020 2368 [Global] - ok
16:52:17.0020 2368 ================ Scan MBR ==================================
16:52:17.0022 2368 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:52:17.0107 2368 \Device\Harddisk0\DR0 - ok
16:52:17.0120 2368 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:52:17.0208 2368 \Device\Harddisk1\DR1 - ok
16:52:17.0209 2368 ================ Scan VBR ==================================
16:52:17.0212 2368 [ BA19139545852F13D106CD367B738ABA ] \Device\Harddisk0\DR0\Partition1
16:52:17.0213 2368 \Device\Harddisk0\DR0\Partition1 - ok
16:52:17.0217 2368 [ 3ADE8AF8E423F56F1A8C62F12B82AA25 ] \Device\Harddisk1\DR1\Partition1
16:52:17.0219 2368 \Device\Harddisk1\DR1\Partition1 - ok
16:52:17.0220 2368 ============================================================
16:52:17.0220 2368 Scan finished
16:52:17.0220 2368 ============================================================
16:52:17.0231 4100 Detected object count: 3
16:52:17.0231 4100 Actual detected object count: 3
16:52:29.0254 4100 mi-raysat_3dsmax2012_64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:52:29.0254 4100 mi-raysat_3dsmax2012_64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:52:29.0256 4100 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:52:29.0256 4100 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:52:29.0258 4100 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
16:52:29.0258 4100 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:52:32.0590 1004 Deinitialize success



#4 Malwarebytes' Anti-Malware
MalwareBytes deleted, reboot, downloaded and installed posted version, quick scan done, no detections, log posted.

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Databaseversie: v2012.09.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joke en Jasper :: DYNASTYEVOLVED [administrator]

Realtime bescherming: Uitgeschakeld

3-9-2012 16:59:43
mbam-log-2012-09-03 (16-59-43).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 222289
Verstreken tijd: 44 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)



#6 Event Viewer
Cleared the events, reboot, did the scan, found some problems and fixed those, reboot afterwards, log created. (but very long so won't post unless asked)


#7 Event Viewer Tool by Vino Rosso
First log, system:

Vino's Event Viewer v01c run on Windows 2008 in Dutch
Report run at 03/09/2012 17:14:48

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Kritiek Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Fout Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/09/2012 15:08:46
Type: Fout Category: 0
Event: 13 Source: ACPI
: de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze fout leiden tot problemen met de computer.

Log: 'System' Date/Time: 03/09/2012 15:08:41
Type: Fout Category: 0
Event: 13 Source: ACPI
: de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze fout leiden tot problemen met de computer.

Log: 'System' Date/Time: 03/09/2012 15:08:36
Type: Fout Category: 0
Event: 13 Source: ACPI
: de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze fout leiden tot problemen met de computer.

Log: 'System' Date/Time: 03/09/2012 15:08:31
Type: Fout Category: 0
Event: 13 Source: ACPI
: de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze fout leiden tot problemen met de computer.

Log: 'System' Date/Time: 03/09/2012 15:08:26
Type: Fout Category: 0
Event: 13 Source: ACPI
: de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze fout leiden tot problemen met de computer.

Log: 'System' Date/Time: 03/09/2012 15:08:21
Type: Fout Category: 0
Event: 13 Source: ACPI
: de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze fout leiden tot problemen met de computer.

Log: 'System' Date/Time: 03/09/2012 15:08:16
Type: Fout Category: 0
Event: 13 Source: ACPI
: de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze fout leiden tot problemen met de computer.

Log: 'System' Date/Time: 03/09/2012 15:08:11
Type: Fout Category: 0
Event: 13 Source: ACPI
: de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze fout leiden tot problemen met de computer.

Log: 'System' Date/Time: 03/09/2012 15:08:04
Type: Fout Category: 0
Event: 13 Source: ACPI
: de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze fout leiden tot problemen met de computer.

Log: 'System' Date/Time: 03/09/2012 15:06:31
Type: Fout Category: 0
Event: 7023 Source: Service Control Manager
De Windows Defender-service is gestopt met de volgende foutcode: Kan opgegeven module niet vinden..

Log: 'System' Date/Time: 03/09/2012 15:06:24
Type: Fout Category: 0
Event: 1060 Source: Application Popup
\SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma.

Log: 'System' Date/Time: 03/09/2012 15:06:21
Type: Fout Category: 0
Event: 1060 Source: Application Popup
\SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma.

Log: 'System' Date/Time: 03/09/2012 15:06:20
Type: Fout Category: 0
Event: 1060 Source: Application Popup
\SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Waarschuwing Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/09/2012 15:06:24
Type: Waarschuwing Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
Het stuurprogramma \Driver\cdrbsdrv kan niet worden geladen voor het apparaat DTSOFTBUS&Rev1\DTCDROM&Rev1\1&79f5d87&0&00.

Log: 'System' Date/Time: 03/09/2012 15:06:21
Type: Waarschuwing Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
Het stuurprogramma \Driver\cdrbsdrv kan niet worden geladen voor het apparaat IDE\CdRomOptiarc_DVD_RW_AD-7280S_________________1.01____\5&b1205e9&0&2.0.0.

Second log, application:

Vino's Event Viewer v01c run on Windows 2008 in Dutch
Report run at 03/09/2012 17:16:34

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Kritiek Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Fout Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/09/2012 15:08:16
Type: Fout Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Gebeurtenisfilter met query SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 kan niet opnieuw worden geactiveerd in naamruimte //./root/CIMV2 vanwege fout 0x80041003. Mogelijk worden er geen gebeurtenissen via dit filter doorgegeven totdat het probleem is verholpen.

Log: 'Application' Date/Time: 03/09/2012 15:07:17
Type: Fout Category: 0
Event: 4103 Source: Microsoft-Windows-Winlogon
Het activeren van de licentie van Windows is mislukt. Fout 0x80070005.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Waarschuwing Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/09/2012 15:07:17
Type: Waarschuwing Category: 0
Event: 4105 Source: Microsoft-Windows-Winlogon
Windows is in de kennisgevingsperiode.


#8 OTL
First log:

OTL logfile created on: 3-9-2012 17:18:42 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Joke en Jasper\Desktop\virus fix
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

31,98 Gb Total Physical Memory | 28,72 Gb Available Physical Memory | 89,80% Memory free
63,95 Gb Paging File | 60,40 Gb Available in Paging File | 94,44% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 10,63 Gb Free Space | 8,92% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 81,83 Gb Free Space | 4,39% Space Free | Partition Type: NTFS

Computer Name: DYNASTYEVOLVED | User Name: Joke en Jasper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-31 06:22:52 | 000,917,984 | ---- | M] (Mozilla Corporation) -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-08-29 19:01:45 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Joke en Jasper\Desktop\virus fix\OTL.exe
PRC - [2012-08-15 11:57:07 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-07-03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-04-05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011-09-27 15:58:04 | 000,961,536 | ---- | M] () -- D:\Users\Joke en Jasper\AppData\Roaming\WebNoti\WebNoti.exe
PRC - [2011-09-20 12:53:25 | 001,406,080 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.07\AsusFanControlService.exe
PRC - [2011-09-08 22:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2011-09-08 22:22:04 | 001,496,192 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\AI Suite II\AI Suite II.exe
PRC - [2011-09-01 15:45:34 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\AI Suite II\EPU\EPUHelp.exe
PRC - [2011-08-19 11:57:38 | 001,118,848 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
PRC - [2011-08-09 04:56:04 | 000,947,328 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe
PRC - [2011-08-09 04:55:00 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe
PRC - [2011-02-22 22:52:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2010-11-26 22:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\AI Suite II\AsRoutineController.exe
PRC - [2010-10-21 11:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2008-07-11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012-08-31 06:22:52 | 002,242,528 | ---- | M] () -- D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-08-15 11:57:06 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2011-09-27 15:58:04 | 000,961,536 | ---- | M] () -- D:\Users\Joke en Jasper\AppData\Roaming\WebNoti\WebNoti.exe
MOD - [2011-09-21 19:10:54 | 000,881,664 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Sensor\Sensor.dll
MOD - [2011-09-20 19:11:28 | 000,985,600 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\BarGadget\BarGadget.dll
MOD - [2011-09-19 20:59:10 | 000,885,248 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\TabGadget\TabGadget.dll
MOD - [2011-09-12 20:11:08 | 001,617,408 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011-08-26 14:55:36 | 001,046,016 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Probe_II\ProbeII.dll
MOD - [2011-08-23 17:19:52 | 001,294,848 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\MyLogo\MyLogo.dll
MOD - [2011-08-22 11:36:08 | 001,074,688 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\ASUS Update\Update.dll
MOD - [2011-08-09 13:15:00 | 001,242,624 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Settings\Settings.dll
MOD - [2011-07-21 10:06:44 | 000,846,848 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Splitter\Splitter.dll
MOD - [2011-07-12 20:14:52 | 000,147,456 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\AssistFunc.dll
MOD - [2011-03-17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010-10-20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010-10-05 09:22:50 | 000,253,952 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\pngio.dll
MOD - [2010-10-05 09:22:50 | 000,208,896 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\ImageHelper.dll
MOD - [2010-08-23 04:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.15\aaHMLib.dll
MOD - [2009-08-12 21:15:52 | 000,253,952 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Sensor\AlertHelper\pngio.dll
MOD - [2008-07-11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012-02-12 17:41:55 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011-12-06 05:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011-04-15 14:13:23 | 000,111,104 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe -- (postgresql-x64-9.0)
SRV:64bit: - [2011-02-22 22:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-08-31 06:22:52 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-08-29 20:07:31 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012-08-29 20:07:31 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2012-08-15 11:57:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011-09-20 12:53:25 | 001,406,080 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.07\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2011-08-09 04:56:04 | 000,947,328 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe -- (asHmComSvc)
SRV - [2011-08-09 04:55:00 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe -- (asComSvc)
SRV - [2010-10-21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010-10-05 08:07:08 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-08-29 18:44:35 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012-07-03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-04-19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012-04-01 19:16:43 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-03-19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012-02-24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012-02-22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012-02-16 12:02:00 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012-01-31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011-12-23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011-12-06 05:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-12-06 04:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011-10-30 21:23:08 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-10-30 21:23:08 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-10-17 19:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-09-14 18:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011-09-14 18:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011-08-18 14:45:42 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2011-08-15 11:30:04 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011-07-20 03:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011-07-04 15:00:50 | 002,726,400 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2010-11-21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010-11-21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010-11-21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-08-17 19:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012-05-09 13:22:09 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 3C 2E E6 24 86 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.60
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.2.44079
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.12
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...?FORM=IEFM1&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-07-09 16:07:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-07-09 16:07:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: D:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012-07-03 10:10:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012-08-31 06:22:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2012-08-29 20:10:03 | 000,000,000 | ---D | M]

[2012-02-11 21:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Extensions
[2012-08-29 12:35:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions
[2012-07-02 11:29:56 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] ("Adblock") -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2012-08-29 12:35:03 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-02-22 11:07:37 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\[email protected]
[2012-02-22 11:07:37 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\[email protected]
[2012-03-20 20:43:15 | 000,000,000 | ---D | M] (Woordenboek Nederlands) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\[email protected]
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\[email protected]
[2012-08-28 22:57:33 | 000,005,397 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\2torrents.xml
[2012-07-16 16:48:27 | 000,000,838 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\alltorrent.xml
[2009-11-06 13:06:12 | 000,002,171 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\bing.xml
[2008-05-31 22:56:38 | 000,001,751 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\bittorrent-monster.xml
[2012-08-28 22:57:33 | 000,001,412 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\bittorrent.xml
[2012-08-28 22:57:33 | 000,004,690 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\flextorrent.xml
[2012-07-16 16:48:27 | 000,000,812 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\fulltorrent.xml
[2012-08-28 22:57:34 | 000,002,109 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\funkytorrentscom.xml
[2008-06-21 16:54:06 | 000,000,908 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\imdb.xml
[2012-08-28 22:57:34 | 000,001,846 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\isohunt---bittorrent.xml
[2012-07-16 16:48:27 | 000,000,826 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\mininova.xml
[2012-07-16 16:48:27 | 000,000,858 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\newtorrentsinfo.xml
[2008-05-31 22:56:36 | 000,001,110 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\the-pirate-bay.xml
[2008-05-31 22:56:40 | 000,001,138 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\torrent-finder.xml
[2012-08-28 22:57:34 | 000,002,143 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\torrentbox.xml
[2012-08-28 22:57:34 | 000,002,169 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\torrentportal.xml
[2012-07-16 16:48:27 | 000,000,853 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\torrentreactornet.xml
[2012-07-16 16:48:27 | 000,000,795 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\torrentspy.xml
[2008-06-22 18:38:52 | 000,001,108 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\wikipedia-en.xml
[2012-08-17 09:29:21 | 001,136,465 | ---- | M] () (No name found) -- C:\USERS\JOKE EN JASPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YB29ZKOC.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012-08-28 22:55:32 | 000,230,013 | ---- | M] () (No name found) -- C:\USERS\JOKE EN JASPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YB29ZKOC.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012-09-03 16:47:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4 - HKLM..\Run: [AVG_TRAY] D:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [WebNoti] D:\Users\Joke en Jasper\AppData\Roaming\WebNoti\WebNoti.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Joke en Jasper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Joke en Jasper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41D861AA-F82F-4918-8556-2D1EBE420AA0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O29:64bit: - HKLM SecurityProviders - (EtdevnOmhenc.dll) - File not found
O29 - HKLM SecurityProviders - (EtdevnOmhenc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (D:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Joke en Jasper^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Joke en Jasper^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - - File not found
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: Garmin Lifetime Updater - hkey= - key= - D:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
MsConfig:64bit - StartUpReg: IME14 CHS Setup - hkey= - key= - C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
MsConfig:64bit - StartUpReg: IME14 CHT Setup - hkey= - key= - C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
MsConfig:64bit - StartUpReg: IME14 JPN Setup - hkey= - key= - C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
MsConfig:64bit - StartUpReg: IME14 KOR Setup - hkey= - key= - C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEKLMG.EXE (Microsoft Corporation)
MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - D:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - D:\Program Files (x86)\Quicktime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: hitmanpro36 - C:\Windows\SysNative\drivers\hitmanpro36.sys ()
SafeBootMin:64bit: hitmanpro36.sys - C:\Windows\SysNative\drivers\hitmanpro36.sys ()
SafeBootMin:64bit: HitmanPro36Crusader - Reg Error: Value error.
SafeBootMin:64bit: HitmanPro36CrusaderBoot - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: HitmanPro36Crusader - Reg Error: Value error.
SafeBootMin: HitmanPro36CrusaderBoot - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: hitmanpro36 - C:\Windows\SysNative\drivers\hitmanpro36.sys ()
SafeBootNet:64bit: hitmanpro36.sys - C:\Windows\SysNative\drivers\hitmanpro36.sys ()
SafeBootNet:64bit: HitmanPro36Crusader - Reg Error: Value error.
SafeBootNet:64bit: HitmanPro36CrusaderBoot - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: HitmanPro36Crusader - Reg Error: Value error.
SafeBootNet: HitmanPro36CrusaderBoot - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {154B6D73-365B-9D87-E26B-7E5C65BAD88B} - Browser Customizations
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2A72E91C-E043-B5A2-2D48-5990DB3F20E4} - Browser Customizations
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {A37998DD-39FB-6DDE-5CB6-FAD20B04A924} - Internet Explorer
ActiveX:64bit: {B0E70922-2883-7772-D4F3-9AF30DE26CB7} - Browser Customizations
ActiveX:64bit: {C4601D5D-FD92-85F6-AC5D-CF52F1E348CD} - Browser Customizations
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {191826A6-9C60-AAD7-0DAB-C2EB6AFDDF90} - Internet Explorer
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {55BDD200-F67C-9DC2-D41E-A55E2458E136} - Themes Setup
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.tscc - C:\Windows\SysWOW64\tsccvid64.dll (TechSmith Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.tscc - C:\Windows\SysWOW64\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-09-03 16:58:46 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-09-03 16:47:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012-09-03 16:46:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-09-03 16:42:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012-09-03 16:29:54 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Desktop\virus fix
[2012-09-03 09:29:34 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{3F6FB12D-8877-4F69-9692-981985DA1E30}
[2012-09-02 11:11:39 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{24F17AFD-CE2F-41FE-AD6A-FBE0B7E78951}
[2012-09-01 23:11:16 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{7351D51A-4E2E-4E7F-BEF3-59793727A1EF}
[2012-09-01 11:10:53 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{EFF59348-6058-42E7-9E9F-7AA9E9A4AF82}
[2012-08-31 22:32:15 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{8E3C39AF-B3F3-43E4-BFFD-A933F38D9853}
[2012-08-31 06:16:26 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{15D73F9F-52E1-4CC5-B813-F3AC3F2E162B}
[2012-08-30 23:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012-08-30 23:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2012-08-30 13:19:06 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{EE6018DC-E097-41B2-99DE-9DADC76AEE8B}
[2012-08-29 20:11:51 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\SolidWorks
[2012-08-29 20:09:57 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Documents\SolidWorks Visual Studio Tools for Applications
[2012-08-29 20:09:51 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\DassaultSystemes
[2012-08-29 20:09:51 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\DassaultSystemes
[2012-08-29 20:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes
[2012-08-29 20:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2011
[2012-08-29 20:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SolidWorks Corp
[2012-08-29 20:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SolidWorks
[2012-08-29 20:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
[2012-08-29 20:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012-08-29 20:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SolidWorks Shared
[2012-08-29 20:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012-08-29 20:07:29 | 000,000,000 | ---D | C] -- C:\SolidWorks Data
[2012-08-29 20:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks Installation Manager
[2012-08-29 20:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SolidWorks Installation Manager
[2012-08-29 20:04:45 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Documents\SolidWorks Downloads
[2012-08-29 20:04:45 | 000,000,000 | ---D | C] -- C:\Windows\SolidWorks
[2012-08-29 20:04:44 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\SolidWorks
[2012-08-29 19:42:25 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Desktop\Solidworks
[2012-08-29 18:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012-08-29 18:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012-08-29 18:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012-08-29 18:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012-08-29 17:39:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-08-29 17:39:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-08-29 17:39:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-08-29 17:39:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-08-29 17:39:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-08-29 16:05:45 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Desktop\David_Guetta_feat._Sia-She_Wolf_(Falling_To_Pieces)-PROMO-CDR-FLAC-2012-WRE
[2012-08-29 12:34:07 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\DVDVideoSoft
[2012-08-29 09:53:47 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Documents\Untitled
[2012-08-29 09:40:39 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2012-08-29 09:32:19 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{D1A6348E-DB84-4247-880F-102387B499BB}
[2012-08-28 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Documents\OFX Presets
[2012-08-28 10:46:34 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{26F59685-944C-4620-8204-A9091119C38A}
[2012-08-27 21:55:21 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{DC5FD364-DC51-4AF3-AB72-FE10CD79BB55}
[2012-08-27 10:54:15 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\Xilisoft
[2012-08-27 10:54:14 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\Xilisoft
[2012-08-27 05:07:59 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{CF354A09-85ED-4F57-8C4C-3220BF42522C}
[2012-08-26 10:43:00 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{5323E27C-C8C3-40FB-A85D-530CE4E4FA4E}
[2012-08-25 22:42:37 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{B051394C-4683-4EBA-9B23-9C4791AC5C5C}
[2012-08-25 10:27:36 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{579D78DF-30E5-4787-B05D-0202029B30F3}
[2012-08-24 22:27:13 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{747FDAF6-D78C-4218-A72F-883A443425AF}
[2012-08-24 10:13:31 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{F16F2F22-CF82-4E66-A4B6-017E790F62C7}
[2012-08-23 20:13:31 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{0781EA7F-A735-4B3E-AF9C-E5071B0C58CA}
[2012-08-23 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
[2012-08-23 11:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Blackmagic Design
[2012-08-23 11:18:50 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\postgresql
[2012-08-23 11:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Blackmagic Design
[2012-08-23 11:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.0
[2012-08-23 11:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\PostgreSQL
[2012-08-23 08:13:04 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{A18F5D48-54D6-416E-BDCC-3F1869515F55}
[2012-08-22 20:12:41 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{D3D579B6-4822-4961-9F72-809D6604B0A3}
[2012-08-22 08:12:31 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{C7910886-D4E1-457B-9C2A-7BFDFBA5E83B}
[2012-08-20 22:20:59 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{F08324F5-28A3-4EB8-910C-D9CA76F877BF}
[2012-08-18 15:49:08 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{22BFC448-BE34-494E-BA03-02D60C84D962}
[2012-08-18 15:48:58 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{12576399-997C-4739-8178-608F3157B35B}
[2012-08-17 22:34:51 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{635E1179-643A-4902-9CD2-2D43E32B74AB}
[2012-08-17 22:34:40 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{C68102E1-4E1D-4B31-890C-869962823CFB}
[2012-08-17 09:19:04 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{FE6AC035-9D6C-4F89-8C4E-8727FA2F391D}
[2012-08-17 09:18:54 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{E8E41CB6-3416-4FE1-889F-FE4AD1768E0B}
[2012-08-16 08:26:59 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{3B73AA08-BCE3-41CC-A69C-114493CEAA71}
[2012-08-16 08:26:50 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{713CE5C1-AFA9-4E8C-B46A-522C9B6B9E73}
[2012-08-15 23:30:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-08-15 23:30:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-08-15 23:30:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-08-15 23:30:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-08-15 23:30:06 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012-08-15 23:30:06 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012-08-15 23:30:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012-08-15 23:30:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-08-15 23:30:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-08-15 23:30:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012-08-15 23:30:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012-08-15 23:30:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-08-15 23:30:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-08-15 10:56:47 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012-08-15 10:56:35 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012-08-15 10:56:35 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012-08-15 10:56:35 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012-08-15 10:56:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012-08-15 10:56:13 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012-08-15 10:56:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012-08-15 10:55:49 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012-08-14 22:18:05 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{CEAB15C9-8CBD-4495-98EA-00093426DFD5}
[2012-08-14 22:17:55 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{9BC3E3DD-E936-4B88-B3F9-510EC68EEF11}
[2012-08-14 07:53:21 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{16EDED64-86C5-42E4-9D7C-E37058A1C4D8}
[2012-08-14 07:53:06 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{6AAA750F-5E5C-4C2E-9112-1A6C5699CD50}
[2012-08-13 19:40:26 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\TechSmith
[2012-08-13 19:40:23 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Documents\Camtasia Studio
[2012-08-13 19:40:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2012-08-13 19:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7
[2012-08-13 19:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2012-08-13 19:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2012-08-08 22:27:04 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{E366130A-4D15-4256-B3F9-71AD3A628489}
[2012-08-08 22:26:54 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{E6D6A4B5-3B85-474A-9FB1-30E8926AD140}
[2012-08-08 08:15:17 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\dvdcss
[2012-08-08 08:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2012-08-08 08:14:56 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\Digiarty
[2012-08-08 08:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2012-08-08 08:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2012-08-08 08:07:43 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{B781BECF-7D90-4A78-989E-46116F015F51}
[2012-08-08 08:07:33 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{9B96D4E4-EC38-4180-BC71-6DBBAD1BD090}
[2012-08-07 19:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\VideoCopilot
[2012-08-07 19:16:30 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Documents\VideoCopilot
[2012-08-07 09:31:30 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{39CF1DB4-8A13-40B9-A5DA-9848A4744A01}
[2012-08-07 09:31:21 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{7C3392E1-97B0-4B5F-8084-D2372860D46B}
[2012-08-06 19:21:25 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\Skype
[2012-08-06 19:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012-08-06 19:21:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012-08-06 19:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012-08-06 10:31:10 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{23E3891C-370B-401F-9FB3-B1B64CF37F01}
[2012-08-06 10:30:59 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{BC3C1767-42C6-46A2-8A41-9226984E0A18}
[2012-08-05 22:30:36 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{1F284A45-D683-43BB-B2BB-DE506E811A36}
[2012-08-05 22:30:26 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{FC402D5C-AFA6-4852-925C-D2B09F4944E3}
[2012-08-05 07:33:53 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{3D6A203A-00D8-4BE8-9932-1E3608D7F561}
[2012-08-05 07:33:44 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{C617BE1E-0237-4595-B90D-E18E450A6A6F}

========== Files - Modified Within 30 Days ==========

[2012-09-03 17:12:25 | 001,671,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-09-03 17:12:25 | 000,746,034 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012-09-03 17:12:25 | 000,654,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-09-03 17:12:25 | 000,153,090 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012-09-03 17:12:25 | 000,121,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-09-03 17:06:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-09-03 16:58:47 | 000,000,805 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-09-03 16:57:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-09-03 16:47:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-09-03 16:34:42 | 000,002,072 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.imi
[2012-09-03 09:34:31 | 093,556,287 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012-09-01 11:57:43 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-09-01 11:57:43 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-08-30 20:15:25 | 151,658,678 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\114195643.mp4
[2012-08-30 17:49:26 | 000,277,540 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012-08-30 08:57:26 | 011,853,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-08-29 21:09:39 | 000,277,985 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\Carli_111_VriendenVan.pdf
[2012-08-29 20:27:13 | 000,140,288 | ---- | M] () -- C:\Users\Joke en Jasper\Documents\Part1.SLDPRT
[2012-08-29 20:10:13 | 000,002,821 | ---- | M] () -- C:\Users\Joke en Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks Explorer 2011.lnk
[2012-08-29 20:10:13 | 000,002,293 | ---- | M] () -- C:\Users\Joke en Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks eDrawings 2011.lnk
[2012-08-29 20:10:06 | 000,000,000 | ---- | M] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012-08-29 20:09:54 | 000,000,023 | -H-- | M] () -- C:\Windows\yacht.xws
[2012-08-29 20:09:23 | 000,002,763 | ---- | M] () -- C:\Users\Joke en Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2011.lnk
[2012-08-29 20:07:08 | 000,001,250 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk
[2012-08-29 19:38:57 | 000,000,654 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\Overig.lnk
[2012-08-29 18:44:35 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012-08-29 18:43:27 | 000,001,498 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012-08-29 13:07:07 | 014,003,541 | ---- | M] () -- C:\Users\Joke en Jasper\Documents\Untitled.ncor
[2012-08-29 11:51:37 | 000,000,132 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012-08-29 09:19:21 | 000,675,480 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\5.veg
[2012-08-28 21:01:27 | 000,633,680 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\4.veg
[2012-08-28 20:01:45 | 000,153,500 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\3.jpg
[2012-08-28 20:01:37 | 000,347,084 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\2.jpg
[2012-08-28 20:01:32 | 000,188,065 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\1.jpg
[2012-08-27 10:53:36 | 000,615,112 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\3.veg
[2012-08-17 19:15:01 | 000,001,456 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012-08-16 18:15:27 | 000,052,920 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\Nutricia_Los.jpg
[2012-08-15 11:57:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-08-15 11:57:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012-09-03 16:58:47 | 000,000,805 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-08-30 20:10:45 | 151,658,678 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\114195643.mp4
[2012-08-29 21:09:39 | 000,277,985 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\Carli_111_VriendenVan.pdf
[2012-08-29 20:27:13 | 000,140,288 | ---- | C] () -- C:\Users\Joke en Jasper\Documents\Part1.SLDPRT
[2012-08-29 20:10:13 | 000,002,821 | ---- | C] () -- C:\Users\Joke en Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks Explorer 2011.lnk
[2012-08-29 20:10:06 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012-08-29 20:10:04 | 000,002,293 | ---- | C] () -- C:\Users\Joke en Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks eDrawings 2011.lnk
[2012-08-29 20:09:54 | 000,000,023 | -H-- | C] () -- C:\Windows\yacht.xws
[2012-08-29 20:09:23 | 000,002,763 | ---- | C] () -- C:\Users\Joke en Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2011.lnk
[2012-08-29 20:07:08 | 000,001,250 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk
[2012-08-29 19:38:57 | 000,000,654 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\Overig.lnk
[2012-08-29 18:44:35 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012-08-29 18:43:27 | 000,001,498 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012-08-29 17:39:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-08-29 17:39:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-08-29 17:39:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-08-29 17:39:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-08-29 17:39:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-08-29 09:40:56 | 014,003,541 | ---- | C] () -- C:\Users\Joke en Jasper\Documents\Untitled.ncor
[2012-08-28 21:06:35 | 000,675,480 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\5.veg
[2012-08-28 20:57:22 | 000,633,680 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\4.veg
[2012-08-28 20:01:42 | 000,153,500 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\3.jpg
[2012-08-28 20:01:36 | 000,347,084 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\2.jpg
[2012-08-28 20:01:27 | 000,188,065 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\1.jpg
[2012-08-27 05:08:14 | 000,615,112 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\3.veg
[2012-08-21 21:27:08 | 000,001,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
[2012-08-21 21:26:53 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012-08-21 21:26:47 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012-08-21 21:26:46 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
[2012-08-21 21:26:26 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012-08-16 18:15:27 | 000,052,920 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\Nutricia_Los.jpg
[2012-05-28 12:00:59 | 000,001,456 | ---- | C] () -- C:\Users\Joke en Jasper\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012-03-28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012-03-28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012-03-28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012-03-28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012-03-28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012-03-03 16:25:40 | 000,000,132 | ---- | C] () -- C:\Users\Joke en Jasper\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012-02-12 22:27:32 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012-02-12 17:40:22 | 001,648,260 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-02-12 15:48:25 | 000,000,132 | ---- | C] () -- C:\Users\Joke en Jasper\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012-02-12 15:45:44 | 005,503,632 | ---- | C] () -- C:\Windows\PE_File.dll
[2012-02-12 15:37:32 | 005,441,440 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012-02-11 21:21:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-02-11 21:19:20 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012-02-11 21:19:20 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2012-02-11 21:19:20 | 000,039,983 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012-02-11 21:19:20 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2012-02-11 21:19:12 | 000,002,072 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2012-02-11 21:19:10 | 000,005,327 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2012-02-11 21:19:10 | 000,004,844 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2012-02-11 21:03:39 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012-02-11 21:03:36 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012-02-11 20:55:56 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012-02-11 20:55:52 | 000,035,420 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011-12-06 04:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011-12-06 04:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011-12-05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011-12-05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011-09-13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: M4-CT128M4SSD2 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD20EARX-00PASB0 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic Ultra HS-SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 119,00GB
Starting Offset: 105906176
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1.863,00GB
Starting Offset: 1048576
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012-08-29 09:40:39 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Adobe
[2012-02-16 11:03:18 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Anthropics
[2012-02-23 12:35:58 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Apple Computer
[2012-02-11 21:19:27 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\ASUS
[2012-02-11 21:22:09 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\ATI
[2012-02-12 17:48:12 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Autodesk
[2012-02-11 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\AVG2012
[2012-07-18 10:54:53 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Belastingdienst
[2012-04-27 12:57:00 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Bitcoin
[2012-07-16 16:56:13 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Blue Cat Audio
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Canneverbe Limited
[2012-02-12 11:30:42 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012-04-03 20:41:27 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\com.prezi.PreziDesktop
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\DAEMON Tools Lite
[2012-08-29 20:09:51 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\DassaultSystemes
[2012-08-08 08:15:01 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Digiarty
[2012-07-09 15:12:02 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Dropbox
[2012-08-08 08:46:09 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\dvdcss
[2012-08-29 12:35:23 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\DVDVideoSoft
[2012-07-25 14:10:35 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Eyeblaster
[2012-07-03 11:48:13 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\FileZilla
[2012-08-30 14:54:52 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\foobar2000
[2012-05-29 14:45:05 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\FreeFLVConverter
[2012-07-02 22:31:20 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\GameHouse
[2012-07-11 23:06:57 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\GAMEON
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Garmin
[2012-03-01 11:08:27 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Google
[2012-04-16 11:54:08 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\HDRsoft
[2012-02-11 20:47:21 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Identities
[2012-02-11 20:57:19 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\InstallShield
[2012-07-02 22:33:20 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\iWin
[2012-02-11 21:18:09 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Macromedia
[2012-07-25 11:52:52 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Malwarebytes
[2010-11-21 18:58:23 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Media Center Programs
[2012-03-20 22:15:10 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Media Player Classic
[2012-08-29 20:09:57 | 000,000,000 | --SD | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Microsoft
[2012-02-11 21:16:02 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla
[2012-04-24 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\NeatVideo SV 64
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Notepad++
[2012-02-12 22:27:32 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\PACE Anti-Piracy
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Pegasys Inc
[2012-04-27 09:55:21 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\poclbm
[2012-08-23 11:24:46 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\postgresql
[2012-03-01 12:08:57 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Publish Providers
[2012-08-29 09:40:39 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2012-04-12 17:37:11 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Samsung
[2012-08-06 19:46:23 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Skype
[2012-08-29 20:11:54 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\SolidWorks
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Sony
[2012-06-14 19:50:56 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Sony Creative Software Inc
[2012-07-27 14:01:33 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Tyre
[2012-09-03 15:50:04 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\uTorrent
[2012-07-16 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Voxengo
[2012-07-16 16:54:47 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Winamp
[2012-02-11 21:19:00 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\WinRAR
[2012-08-27 10:54:14 | 000,000,000 | ---D | M] -- C:\Users\Joke en Jasper\AppData\Roaming\Xilisoft

< MD5 for: ATAPI.SYS >
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CSRSS.EXE >
[2009-07-14 03:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\SysNative\csrss.exe
[2009-07-14 03:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011-10-30 21:17:41 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011-10-30 21:17:41 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011-10-30 21:17:41 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011-10-30 21:17:41 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-10-30 21:17:41 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010-11-21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011-10-30 21:17:41 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011-10-30 21:17:41 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010-11-21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2010-11-21 05:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\erdnt\cache64\mswsock.dll
[2010-11-21 05:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010-11-21 05:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010-11-21 05:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache86\mswsock.dll
[2010-11-21 05:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010-11-21 05:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009-07-14 03:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\SysWOW64\NapiNSP.dll
[2009-07-14 03:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll
[2009-07-14 03:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\SysNative\NapiNSP.dll
[2009-07-14 03:41:52 | 000,068,096 | ---- | M] (Microsoft Corporation) MD5=58A0CDABEA255616827B1C22C9994466 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_0812326fa8e1ed67\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2010-11-21 05:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\SysWOW64\nlaapi.dll
[2010-11-21 05:24:01 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_d000a58855ea91a1\nlaapi.dll
[2010-11-21 05:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\SysNative\nlaapi.dll
[2010-11-21 05:23:54 | 000,070,656 | ---- | M] (Microsoft Corporation) MD5=2DF36F15B2BC1571A6A542A3C2107920 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_c5abfb362189cfa6\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009-07-14 03:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2009-07-14 03:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_d7c8b1ac70865dab\pnrpnsp.dll
[2009-07-14 03:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\SysNative\pnrpnsp.dll
[2009-07-14 03:41:53 | 000,086,016 | ---- | M] (Microsoft Corporation) MD5=613C8CE10A5FDE582BA5FA64C4D56AAA -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_cd74075a3c259bb0\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009-07-14 03:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\SysNative\PrintIsolationHost.exe
[2009-07-14 03:39:27 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=22F020C76E339EB2B2187BA73A7E4173 -- C:\Windows\winsxs\amd64_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_f8a40495785334a9\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009-07-14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009-07-14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009-07-14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009-07-14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009-07-14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010-11-21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010-11-21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010-11-21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010-11-21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010-11-21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010-11-21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010-11-21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010-11-21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010-11-21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009-07-14 03:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\SysNative\winrnr.dll
[2009-07-14 03:41:56 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E2072EB48238FCA8FBB7A9F5FABAC45 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_b543449669c73e11\winrnr.dll
[2009-07-14 03:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\SysWOW64\winrnr.dll
[2009-07-14 03:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009-07-14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009-07-14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009-07-14 03:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009-07-14 03:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012-08-31 06:22:52 | 000,853,192 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012-08-31 06:22:52 | 000,853,192 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012-08-31 06:22:52 | 000,853,192 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012-08-31 06:22:52 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012-08-31 06:22:52 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012-08-31 06:22:52 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012-02-11 21:59:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012-02-11 21:59:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012-02-11 21:59:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012-06-29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012-06-29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012-08-31 06:22:52 | 000,853,192 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012-08-31 06:22:52 | 000,853,192 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012-08-31 06:22:52 | 000,853,192 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012-08-31 06:22:52 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012-08-31 06:22:52 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012-08-31 06:22:52 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012-02-11 21:59:36 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012-02-11 21:59:36 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012-02-11 21:59:36 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012-06-29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012-06-29 03:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 1130 bytes -> C:\Users\Joke en Jasper\AppData\Local\97lBcKiMImGsd:9YgA7EthUu8LdedRp8W
@Alternate Data Stream - 1072 bytes -> C:\ProgramData\Microsoft:fSecUQAJ6SMlD3nK
@Alternate Data Stream - 1020 bytes -> C:\ProgramData\Microsoft:0VRA70mfIINlH3XJhKhI8T

< End of report >

Second log:

OTL Extras logfile created on: 3-9-2012 17:18:42 - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Joke en Jasper\Desktop\virus fix
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

31,98 Gb Total Physical Memory | 28,72 Gb Available Physical Memory | 89,80% Memory free
63,95 Gb Paging File | 60,40 Gb Available in Paging File | 94,44% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 10,63 Gb Free Space | 8,92% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 81,83 Gb Free Space | 4,39% Space Free | Partition Type: NTFS

Computer Name: DYNASTYEVOLVED | User Name: Joke en Jasper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js[@ = jsfile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = jsfile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\SysWow64\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\SysWow64\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BD358C7-FDCA-4143-A1C9-97046350E7D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{18CB9701-DCA2-4311-B6BA-2B109BA0A60E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1BAEE65D-BF68-435D-B2B4-296B88F57E0C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3617D2C8-BFA0-4C3A-B931-0D7FC100B97C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{36236035-1A0E-4CC6-AAF8-AE2A569945F0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3AA7AB7F-9F54-468F-8965-568BBFBB8DD1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{532FE9A2-88C5-4807-B3C5-EC7B1DE2D2B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55D6849E-DD49-4488-9712-DE5671709BA2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5CAEF8B8-2443-4DE9-99AF-371A996FB811}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FC99F3B-9726-423F-8248-6A025184316E}" = lport=137 | protocol=17 | dir=in | app=system |
"{62485842-CD47-4BA6-9E65-EF2A03A953EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72DEBA2E-8CB0-4FD9-99F7-DFE9E9EB11DD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{73F2E231-CB0B-4AFE-9821-ED0528CF3D12}" = rport=445 | protocol=6 | dir=out | app=system |
"{970889B6-73C0-48F8-949E-497CDA628743}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1CD3343-DAD8-4C52-8D09-2387BCB31518}" = lport=445 | protocol=6 | dir=in | app=system |
"{A271E49D-FBFF-402D-BE22-018FA4483465}" = lport=139 | protocol=6 | dir=in | app=system |
"{AA6D9DC8-9C15-4CD1-9360-7C1A90AED57C}" = rport=138 | protocol=17 | dir=out | app=system |
"{AE451900-4C09-443D-8FDC-6A8E4296C145}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5D4E79A-231E-43B4-AE38-E129EAC699D6}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9E3C801-BA22-4F74-B41F-746D7FDB2CA6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC859527-296A-45A9-9B2A-AE2E8FACAEDC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{DDFDED7E-9C0F-49D0-9E9D-C4028A83E97B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E0B98160-63C5-4F48-942E-9B5CCC069544}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
"{E540F2ED-B7E8-4E6E-965C-8BB9A9BDC919}" = lport=138 | protocol=17 | dir=in | app=system |
"{E88F5DE2-391A-4EB0-8828-E60C438F16C9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{EE1D56FE-3F78-4FF7-9830-E25470BFC27F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F69A4583-B7DA-49AF-8503-99EF57C2E756}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBF8E870-8B0B-4808-9D79-5E82525E241E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0599DA07-12AF-4D37-9C3D-386011E9F7C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09911F86-C800-4E2C-9B2C-8E2F2870A0C2}" = dir=in | app=c:\programdata\blackmagic design\davinci resolve\support\qtdecoder\qtdecoder.exe |
"{09AAEF16-D9B0-4F0E-BDAD-816480EBCC08}" = dir=in | app=c:\program files\blackmagic design\davinci resolve\elementspaneldaemon.exe |
"{0C4EA2AA-0B31-48FE-AEA4-2B8561A0FABD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C555AF6-A534-4003-8BDB-3D28A4A48EC0}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2012\avgemca.exe |
"{0D1F6E32-4D11-4018-85E9-5C4DB27B687D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0EE73E25-8CA1-4868-B754-C1EAD8A8FEA9}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{1076356F-498C-4771-B78F-958ECB84E388}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2012\avgemca.exe |
"{116B4289-4D0F-47FC-A825-BC3189E1E1B1}" = dir=in | app=d:\program files (x86)\skype\phone\skype.exe |
"{11A27A64-7DB4-4165-B04F-7D33DF0E7DB7}" = protocol=58 | dir=out | [email protected],-28546 |
"{14377601-CE2A-4EF5-9A11-8191D0E02A3B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{15B270D1-FE12-4181-8228-FD663A03ED66}" = dir=in | app=c:\program files\blackmagic design\davinci resolve\bmdpaneld.exe |
"{1E4F4613-C872-41D4-A4C5-7900631B759E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1EBB51D1-E8D7-4FF9-BF98-6E8267B9B8C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{27E60426-CB3E-4D60-B787-DB9F341070E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{28C85980-2CAD-46A6-A62F-3B45B0313473}" = protocol=17 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe |
"{294B829A-7086-4601-8B85-DDAC4972C510}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe |
"{2A297A03-5400-4276-BF01-B86A80573951}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2BBB8485-770C-4120-A6AC-D4ECDCC4E6DD}" = protocol=1 | dir=in | [email protected],-28543 |
"{2F60A20B-A97A-433F-A3EC-9C6D5DB34386}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31E16F06-4694-415C-BD33-C0F494AE7CCC}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2012\avgnsa.exe |
"{3ED2A47C-B502-4CAB-926A-DE4EE4FED33B}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe |
"{4965843A-EDC8-4A3F-9F52-DAFF599E08CB}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{4C307B22-7447-4B60-8BC4-79ED77703818}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{4E546796-DDE2-42A1-9763-7E1E321EE54D}" = protocol=17 | dir=in | app=d:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{501A2972-1261-4F32-9859-9D13E6E0FD1D}" = dir=in | app=c:\program files\blackmagic design\davinci resolve\euphonixpaneldaemon.exe |
"{54496D8D-3A33-4A82-B007-5599655417EB}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{58F51948-D734-4A5E-B071-63BE15E97F78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{591D3DE0-AE93-43C7-9D82-DBC03F786DEE}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{5C3371A3-666A-4066-B63D-9790B494BD2E}" = protocol=6 | dir=in | app=c:\program files (x86)\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{64077DD7-2580-449D-9C65-D01A6E5619D4}" = protocol=6 | dir=out | app=system |
"{6BE149ED-6EA8-49AE-9C45-939BB976371A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A07716F-2580-4887-A5A9-D704FE8293CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83DCAA6E-61DE-4054-90BD-65E3C4E0137A}" = dir=in | app=c:\program files\blackmagic design\davinci resolve\dpdecoder.exe |
"{850DE7F8-85BC-481D-9C0A-CDB3FD31ABAF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8C743D91-12E3-45D0-A301-FCF23517D418}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{9323382B-CEFA-4209-BFBB-7F3B1E329F19}" = dir=in | app=c:\program files\blackmagic design\davinci resolve\tangentpaneldaemon.exe |
"{970B8E2A-72C3-4366-88C1-A21C50D2C8E2}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{9C226AC5-5588-485A-9E3A-05A69C04A56C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9DC03071-1D13-4B44-AE7B-286374DF27C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A88EB257-6DE5-4228-B68D-2BF95A3BB39E}" = protocol=6 | dir=in | app=c:\users\joke en jasper\appdata\roaming\dropbox\bin\dropbox.exe |
"{AA62A556-4C21-46E6-B44A-51FF0BE29768}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\3dsmax.exe |
"{AB0A178A-2A0B-4A57-AC52-F4792BC0903C}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{B5E0C23E-9DD0-451D-B9C8-67EA72E1DD96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B97BC7A1-FEFC-4CE3-B51F-3AAD8A2ADC1C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B9E6A1D9-128E-41A6-8C43-3AB55B25BA9D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BAFA248D-2ED6-44CF-9A32-ED7E96E755FF}" = protocol=58 | dir=in | [email protected],-28545 |
"{BE3EFB48-281A-4B89-8B05-21BF92FC19A0}" = protocol=17 | dir=in | app=c:\users\joke en jasper\appdata\roaming\dropbox\bin\dropbox.exe |
"{C20D244A-4DB7-49AB-B4E6-13E26C941660}" = protocol=6 | dir=in | app=d:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{CE926520-9AFF-42C1-A207-348DAB04B467}" = protocol=1 | dir=out | [email protected],-28544 |
"{D4F2F31F-74A0-49BB-B280-0DD08064D6A8}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe |
"{D5DD79B1-05BE-414D-85AB-FA8D632CD7A9}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\3dsmax.exe |
"{D5DE8818-8BBE-4AF7-890F-C25A20EC547D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DBC12980-03F1-4D57-A39E-0A9C829FCF4F}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{DCEBF541-B727-4320-8AAB-88F5997CEBB5}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{E4031F91-CF41-4508-8762-6BFF9B2DB93A}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{E87E0A42-76C2-4700-B456-0CCD0387D819}" = protocol=6 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe |
"{E9869F7A-BD32-4F98-815F-5E55F24DE7EF}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2012\avgnsa.exe |
"{EA0D6E32-CDFE-4E4C-99B9-E40AC8194943}" = protocol=17 | dir=in | app=c:\program files (x86)\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{EDA9A1B0-CA1B-472D-8B78-910A7E0631CC}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe |
"{F0078B69-B755-4314-B45F-E6F7A2850CE5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{F27248C3-1FB1-44B3-B2A0-C380C01AB968}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{F4C93840-DB24-49E8-9C23-BF75DCDE9222}" = dir=in | app=c:\program files\blackmagic design\davinci resolve\jlcooperpaneldaemon.exe |
"{F8E57389-BE95-4A52-8614-4474B3BCBAFC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FCF4FDD5-4E97-4AB0-834D-B0DDEA9B477E}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{FE11FA10-1062-4F75-BE7E-2B174A9FD901}" = dir=in | app=c:\program files\blackmagic design\davinci resolve\resolve.exe |
"{FEB211AC-7C6E-46AB-8163-08F96AB76E8A}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2012\avgmfapx.exe |
"TCP Query User{30267361-6A2D-4BDC-98B0-8AF3B1323F47}C:\users\joke en jasper\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\joke en jasper\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{3C10CB11-E09F-4466-A4B6-873ECCE1FD6D}D:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=d:\program files (x86)\bitcoin\bitcoin-qt.exe |
"TCP Query User{6D7E67A2-88BC-4A26-957B-70DF48F8348E}C:\program files\adobe\adobe media encoder cs5.5\adobe media encoder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe media encoder cs5.5\adobe media encoder.exe |
"TCP Query User{6E6069DF-EF5F-4C76-BBD3-5CFC12C37D54}D:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=d:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{922709EC-FA7E-4849-920B-2B4B52B3F0C0}D:\program files (x86)\ai suite ii\ai suite ii.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ai suite ii\ai suite ii.exe |
"TCP Query User{9F219663-F3FA-4F4A-828D-2F384A485873}C:\program files\adobe\adobe after effects cs5.5\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe after effects cs5.5\support files\afterfx.exe |
"TCP Query User{AAAA2037-EA80-43E7-A861-5C69A29AF780}D:\program files (x86)\need for speed.shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\program files (x86)\need for speed.shift 2 unleashed\shift2u.exe |
"TCP Query User{ABDDD074-98C4-4932-936E-C5030F901706}C:\users\joke en jasper\desktop\emule0.50a\emule.exe" = protocol=6 | dir=in | app=c:\users\joke en jasper\desktop\emule0.50a\emule.exe |
"TCP Query User{CC338AC0-2C7E-4C7F-A1A1-C1DFBC6CFFFF}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{411B0013-E4B5-4F17-A0EF-931248466E71}D:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=d:\program files (x86)\bitcoin\bitcoin-qt.exe |
"UDP Query User{46A27DE1-D332-4C4C-B5C7-758671F73C3E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{4BE563C4-4FD0-4681-8134-888D80753267}D:\program files (x86)\ai suite ii\ai suite ii.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ai suite ii\ai suite ii.exe |
"UDP Query User{56D937FE-AB6E-4039-A61F-CA7FBDD67F6B}C:\users\joke en jasper\desktop\emule0.50a\emule.exe" = protocol=17 | dir=in | app=c:\users\joke en jasper\desktop\emule0.50a\emule.exe |
"UDP Query User{82BAC870-0E5B-4D84-84B7-4F96A3FB8C84}D:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=d:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{8F186906-7A1D-415A-AD7E-ED86A5CD12E7}D:\program files (x86)\need for speed.shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\program files (x86)\need for speed.shift 2 unleashed\shift2u.exe |
"UDP Query User{98F65717-B2FD-4751-B767-A7ACCB0BD774}C:\users\joke en jasper\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\joke en jasper\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{DDE1FCB5-DF31-4843-BDEF-36B4A402E92B}C:\program files\adobe\adobe after effects cs5.5\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe after effects cs5.5\support files\afterfx.exe |
"UDP Query User{DF7ADD80-4098-412E-8503-CD0E7AF63325}C:\program files\adobe\adobe media encoder cs5.5\adobe media encoder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe media encoder cs5.5\adobe media encoder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java™ 6 Update 31 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema 1.6.0.4014 x64
"{2B092722-5855-466F-B7A5-8C5E64C64C77}" = Magic Bullet Suite 64-bit
"{314DDDC0-E935-11E0-8F9F-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{33C19CDE-E935-11E0-A0DA-F04DA23A5C58}" = MSVCRT Redists
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50F2B6AA-775D-4A3C-A785-EE4F51C2D4B6}" = Keying Suite 64-bit
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{669A82E0-43E2-4645-8A2E-1A3DE78F8312}" = Adobe Photoshop Lightroom 4 64-bit
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{723C8298-C7B0-0409-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - English
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8844595D-7554-49D2-90C4-3771532B7B1A}" = Trapcode Suite 64-bit
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-001F-0401-1000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0401-1000-0000000FF1CE}_Office14.PROOFKIT_{4D5950EA-6D1F-44DB-A814-C8B57FE8E883}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0402-1000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2010
"{90140000-001F-0403-1000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0403-1000-0000000FF1CE}_Office14.PROOFKIT_{E8C8BA81-35B2-481B-A0D0-ED95300BEFD9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0404-1000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2010
"{90140000-001F-0404-1000-0000000FF1CE}_Office14.PROOFKIT_{22642F39-49B5-4AC1-9B55-9FD00A9F3C07}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0405-1000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0406-1000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2010
"{90140000-001F-0406-1000-0000000FF1CE}_Office14.PROOFKIT_{54897D82-0CE7-4A90-AEA6-AF0189AA02B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROOFKIT_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0408-1000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROOFKIT_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040B-1000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2010
"{90140000-001F-040B-1000-0000000FF1CE}_Office14.PROOFKIT_{57652F4A-E8F7-4FE2-8FA9-97731AD0D184}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROOFKIT_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040D-1000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-040D-1000-0000000FF1CE}_Office14.PROOFKIT_{A12DF803-B3E7-4304-B3AD-D1ED42FF2442}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040E-1000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROOFKIT_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0411-1000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2010
"{90140000-001F-0411-1000-0000000FF1CE}_Office14.PROOFKIT_{90419B91-2EA8-459E-B09F-F2D006DFDBC4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0412-1000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2010
"{90140000-001F-0412-1000-0000000FF1CE}_Office14.PROOFKIT_{90A8D00C-D27B-402C-ADE3-EEED0B8DDF54}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-1000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-1000-0000000FF1CE}_Office14.PROOFKIT_{AA4240DC-855A-477B-8E38-89FBC16056E3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0414-1000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010
"{90140000-001F-0415-1000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0415-1000-0000000FF1CE}_Office14.PROOFKIT_{329A3D98-9583-4B84-B18B-498E7AB65C43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-1000-0000000FF1CE}_Office14.PROOFKIT_{5A876683-AEAB-45E2-BA33-A767B54DB7E2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0418-1000-0000000FF1CE}" = Microsoft Office Proof (Romanian) 2010
"{90140000-001F-0419-1000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0419-1000-0000000FF1CE}_Office14.PROOFKIT_{0441704C-1789-4294-8DA5-7C85D54EDB3E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041A-1000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2010
"{90140000-001F-041B-1000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-041D-1000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
"{90140000-001F-041D-1000-0000000FF1CE}_Office14.PROOFKIT_{735E1B03-44E8-4D55-A553-EA9E32C96F7C}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041E-1000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2010
"{90140000-001F-041E-1000-0000000FF1CE}_Office14.PROOFKIT_{7D416F8F-9947-4E55-8D7B-846AF2AEABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041F-1000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2010
"{90140000-001F-0420-1000-0000000FF1CE}" = Microsoft Office Proof (Urdu) 2010
"{90140000-001F-0420-1000-0000000FF1CE}_Office14.PROOFKIT_{B2AFAB7A-A952-4837-9AD7-6B4108D27CF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0422-1000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2010
"{90140000-001F-0422-1000-0000000FF1CE}_Office14.PROOFKIT_{532AA5EF-AB2A-47E5-A704-A1D1428EAE1E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0424-1000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2010
"{90140000-001F-0425-1000-0000000FF1CE}" = Microsoft Office Proof (Estonian) 2010
"{90140000-001F-0426-1000-0000000FF1CE}" = Microsoft Office Proof (Latvian) 2010
"{90140000-001F-0427-1000-0000000FF1CE}" = Microsoft Office Proof (Lithuanian) 2010
"{90140000-001F-042D-1000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-042D-1000-0000000FF1CE}_Office14.PROOFKIT_{8587396B-3211-46B3-948A-0F3E9A907EBF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0439-1000-0000000FF1CE}" = Microsoft Office Proof (Hindi) 2010
"{90140000-001F-0439-1000-0000000FF1CE}_Office14.PROOFKIT_{A27DF557-678E-423F-962B-1C6BD8BC1B69}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-043F-1000-0000000FF1CE}" = Microsoft Office Proof (Kazakh) 2010
"{90140000-001F-0446-1000-0000000FF1CE}" = Microsoft Office Proof (Punjabi) 2010
"{90140000-001F-0446-1000-0000000FF1CE}_Office14.PROOFKIT_{56AB87B5-E702-401D-BE5A-CD6202DEBBDB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0447-1000-0000000FF1CE}" = Microsoft Office Proof (Gujarati) 2010
"{90140000-001F-0447-1000-0000000FF1CE}_Office14.PROOFKIT_{C880F737-9A8F-4BB7-8563-E5A6174EC9ED}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0449-1000-0000000FF1CE}" = Microsoft Office Proof (Tamil) 2010
"{90140000-001F-0449-1000-0000000FF1CE}_Office14.PROOFKIT_{C7CAE5B7-4E2A-4359-A6B4-0EAA06D0045D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044A-1000-0000000FF1CE}" = Microsoft Office Proof (Telugu) 2010
"{90140000-001F-044A-1000-0000000FF1CE}_Office14.PROOFKIT_{B5C43936-DC5B-4219-9BE4-5E382C0669B1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044B-1000-0000000FF1CE}" = Microsoft Office Proof (Kannada) 2010
"{90140000-001F-044B-1000-0000000FF1CE}_Office14.PROOFKIT_{2F0C6FD8-33F0-4FDC-B5D1-F96DBF5B98D5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044E-1000-0000000FF1CE}" = Microsoft Office Proof (Marathi) 2010
"{90140000-001F-044E-1000-0000000FF1CE}_Office14.PROOFKIT_{71127C8A-07A4-4D6A-951E-81DDBBF5EFB7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0456-1000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0456-1000-0000000FF1CE}_Office14.PROOFKIT_{C025C688-A985-4FF1-ADA3-3E060DBCD169}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0804-1000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2010
"{90140000-001F-0804-1000-0000000FF1CE}_Office14.PROOFKIT_{C7406AA8-F3E9-480F-897C-BC091D4BEFC6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0814-1000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010
"{90140000-001F-0816-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2010
"{90140000-001F-081A-1000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROOFKIT_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-0028-0404-0000-0000000FF1CE}_Office14.PROOFKIT_{C4E91DEE-9B52-4852-8047-B92758C300C8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-0028-0404-1000-0000000FF1CE}_Office14.PROOFKIT_{C70130CF-FE87-4114-97A8-F4B8A8AEA697}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{90140000-0028-0411-0000-0000000FF1CE}_Office14.PROOFKIT_{9A03E9A6-055C-4B4C-986D-5E225E5B0BFE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0411-1000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{90140000-0028-0411-1000-0000000FF1CE}_Office14.PROOFKIT_{CC22FB74-F6DA-4B88-B483-9E33720F2BB9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2010
"{90140000-0028-0412-0000-0000000FF1CE}_Office14.PROOFKIT_{EFB3E92A-AACB-4134-A9B2-F2DD229BA7FF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0412-1000-0000000FF1CE}" = Microsoft Office IME (Korean) 2010
"{90140000-0028-0412-1000-0000000FF1CE}_Office14.PROOFKIT_{BB4794CD-AEB0-47EC-A02C-F2695CB42AFE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010
"{90140000-0028-0804-0000-0000000FF1CE}_Office14.PROOFKIT_{A1025A74-A97A-4FC5-89CF-7D4AECC18ED0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0804-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010
"{90140000-0028-0804-1000-0000000FF1CE}_Office14.PROOFKIT_{FC2AF002-AC6B-4B45-8361-4ACC44E9818E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-004A-0409-1000-0000000FF1CE}" = Microsoft Office ProofMUI (English) 2010
"{90140000-004A-0409-1000-0000000FF1CE}_Office14.PROOFKIT_{7CD7F049-A4F8-4A34-825E-A79A0B539438}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
"{90140000-004B-0000-1000-0000000FF1CE}" = Microsoft Office Proofing Kit 2010
"{90140000-004B-0000-1000-0000000FF1CE}_Office14.PROOFKIT_{BDC40483-62A4-4AEF-B031-1EFFCE45F92C}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel® Network Connections 16.5.2.0
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}" = AMD Catalyst Install Manager
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CA534E04-D3D5-45CE-8693-B87A6DD548BC}" = DaVinci Resolve
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{EF393943-0CCE-9CD9-6181-96DF4E4428EF}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Autodesk 3ds Max 2012 64-bit - English" = Autodesk 3ds Max 2012 64-bit - English
"Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
"AVG" = AVG 2012
"C-Media Oxygen HD Audio Driver" = UNi Xonar Audio Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Neat Video for After Effects_is1" = Neat Video v3.1.0 Demo plug-in for After Effects (64-bit)
"Neat Video for Sony Vegas_is1" = Neat Video v2.6 Pro plug-in for Sony Vegas (64-bit)
"Office14.PROOFKIT" = Microsoft Office Proofing Tools Kit Compilation 2010
"PortraitProfessionalStudio64v10_is1" = Portrait Professional Studio 64 v10.0
"PostgreSQL 9.0" = PostgreSQL 9.0
"PROSetDX" = Intel® Network Connections 16.5.2.0
"V-Ray for 3dsmax 2012 for x64" = V-Ray for 3dsmax 2012 for x64
"WinRAR archiver" = WinRAR 4.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
"{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
"{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F96456B-96E1-E14D-D1AE-386E8DCF53EF}" = Prezi Desktop
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
"{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
"{44D94F3A-D38C-48DF-AEF7-4CD8B078F30F}" = Blue Cat's FreqAnalyst VST 2.01
"{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{52A73A2E-2478-45E5-A390-8C0A6F525678}" = SolidWorks eDrawings 2011 SP0
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5F590D74-AA75-410F-A778-3CDFCE12DCD4}" = SolidWorks Explorer 2011 SP0
"{606A0AC5-5F90-4379-81AE-11B44707E094}" = Adobe After Effects CS5.5 Third Party Content
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0401-0000-0000000FF1CE}_Office14.PROOFKIT_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0402-0000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2010
"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0403-0000-0000000FF1CE}_Office14.PROOFKIT_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2010
"{90140000-001F-0404-0000-0000000FF1CE}_Office14.PROOFKIT_{B87E50FB-B8F9-4B81-8D63-F5A3C5A330B3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2010
"{90140000-001F-0406-0000-0000000FF1CE}_Office14.PROOFKIT_{59BCA417-5095-450B-931A-AE6194728386}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROOFKIT_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROOFKIT_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2010
"{90140000-001F-040B-0000-0000000FF1CE}_Office14.PROOFKIT_{0EF937D0-95B1-42E3-9643-9D49E4323DF9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-040D-0000-0000000FF1CE}_Office14.PROOFKIT_{16C5AEEC-D632-4FAA-BFDC-BBF36F473E09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROOFKIT_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2010
"{90140000-001F-0411-0000-0000000FF1CE}_Office14.PROOFKIT_{9FB78D03-3A34-4A57-B65D-0D7F32C1B603}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0412-0000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2010
"{90140000-001F-0412-0000-0000000FF1CE}_Office14.PROOFKIT_{92B4E762-6E97-4B27-AD3F-DE304D57CCC1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROOFKIT_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010
"{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0415-0000-0000000FF1CE}_Office14.PROOFKIT_{1D751709-BA6C-49E2-844B-4F4F20F410C9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-0000-0000000FF1CE}_Office14.PROOFKIT_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0418-0000-0000000FF1CE}" = Microsoft Office Proof (Romanian) 2010
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0419-0000-0000000FF1CE}_Office14.PROOFKIT_{DD6E7CDF-BDFF-43CF-8CCE-84FBEC5ABB77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
"{90140000-001F-041D-0000-0000000FF1CE}_Office14.PROOFKIT_{D00E944F-5ECB-42FF-B58E-8FDCF2219DE8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041E-0000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2010
"{90140000-001F-041E-0000-0000000FF1CE}_Office14.PROOFKIT_{A6E7F499-EF2F-41BE-B74D-AEE04EC065B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041F-0000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2010
"{90140000-001F-0420-0000-0000000FF1CE}" = Microsoft Office Proof (Urdu) 2010
"{90140000-001F-0420-0000-0000000FF1CE}_Office14.PROOFKIT_{C6145631-4180-455C-930C-B003F513FC8D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2010
"{90140000-001F-0422-0000-0000000FF1CE}_Office14.PROOFKIT_{C8998656-7C0A-417B-A5AC-5ABF2E34DDD7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0424-0000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2010
"{90140000-001F-0425-0000-0000000FF1CE}" = Microsoft Office Proof (Estonian) 2010
"{90140000-001F-0426-0000-0000000FF1CE}" = Microsoft Office Proof (Latvian) 2010
"{90140000-001F-0427-0000-0000000FF1CE}" = Microsoft Office Proof (Lithuanian) 2010
"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-042D-0000-0000000FF1CE}_Office14.PROOFKIT_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0439-0000-0000000FF1CE}" = Microsoft Office Proof (Hindi) 2010
"{90140000-001F-0439-0000-0000000FF1CE}_Office14.PROOFKIT_{83525C9D-003C-4B32-9B03-0ED4D21A3E6F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-043F-0000-0000000FF1CE}" = Microsoft Office Proof (Kazakh) 2010
"{90140000-001F-0446-0000-0000000FF1CE}" = Microsoft Office Proof (Punjabi) 2010
"{90140000-001F-0446-0000-0000000FF1CE}_Office14.PROOFKIT_{A3543719-9180-4465-9A46-7452A413CD6A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0447-0000-0000000FF1CE}" = Microsoft Office Proof (Gujarati) 2010
"{90140000-001F-0447-0000-0000000FF1CE}_Office14.PROOFKIT_{5E44BC48-F996-4AD3-AA33-345E2F83D753}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0449-0000-0000000FF1CE}" = Microsoft Office Proof (Tamil) 2010
"{90140000-001F-0449-0000-0000000FF1CE}_Office14.PROOFKIT_{9B0C53A1-64B2-4FEC-9043-0850F6ECDE04}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044A-0000-0000000FF1CE}" = Microsoft Office Proof (Telugu) 2010
"{90140000-001F-044A-0000-0000000FF1CE}_Office14.PROOFKIT_{98DEF7A2-EB26-4C27-B4EB-06AB4E3BF95E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044B-0000-0000000FF1CE}" = Microsoft Office Proof (Kannada) 2010
"{90140000-001F-044B-0000-0000000FF1CE}_Office14.PROOFKIT_{45B439F9-F6BD-4DE6-852A-0F5D21742B72}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044E-0000-0000000FF1CE}" = Microsoft Office Proof (Marathi) 2010
"{90140000-001F-044E-0000-0000000FF1CE}_Office14.PROOFKIT_{52C4A160-60CE-4134-89F5-A3C40AACB2AE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0456-0000-0000000FF1CE}_Office14.PROOFKIT_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2010
"{90140000-001F-0804-0000-0000000FF1CE}_Office14.PROOFKIT_{A620ACD4-585E-40D3-80B9-FD31766D1E2A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010
"{90140000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2010
"{90140000-001F-081A-0000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-004A-0409-0000-0000000FF1CE}" = Microsoft Office ProofMUI (English) 2010
"{90140000-004A-0409-0000-0000000FF1CE}_Office14.PROOFKIT_{995800C5-D90E-4107-8BF7-7AA4DC8C383D}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
"{90140000-004B-0000-0000-0000000FF1CE}" = Microsoft Office Proofing Kit 2010
"{90140000-004B-0000-0000-0000000FF1CE}_Office14.PROOFKIT_{253A3CD5-168D-4E9B-B346-6D14220BBE7F}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
"{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
"{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
"{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = Catalyst Control Center
"{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}" = SolidWorks 2011 SP0
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
"{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011
"Aangifte inkomstenbelasting voor ondernemers 2011" = Aangifte inkomstenbelasting voor ondernemers 2011
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Autodesk 3ds Max 2012 64-bit - English SP2" = Autodesk 3ds Max 2012 64-bit - English SP2
"Bejeweled 31.0" = Bejeweled 3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"com.prezi.PreziDesktop" = Prezi Desktop
"CycoreFX HD-64 1.7.1 for After Effects" = CycoreFX HD-64 1.7.1 for After Effects
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Shrink_is1" = DVD Shrink 3.2
"Fairy Treasure 1.00" = Fairy Treasure 1.00
"FileZilla Client" = FileZilla Client 3.5.3
"foobar2000" = foobar2000 v1.1.11
"Fraps" = Fraps (remove only)
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"GTA IV - Ultimate Vehicle Pack" = GTA IV - Ultimate Vehicle Pack v8.0.0.0
"InstallShield_{2B092722-5855-466F-B7A5-8C5E64C64C77}" = Magic Bullet Suite 64-bit
"InstallShield_{50F2B6AA-775D-4A3C-A785-EE4F51C2D4B6}" = Keying Suite 64-bit
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8844595D-7554-49D2-90C4-3771532B7B1A}" = Trapcode Suite 64-bit
"Jewel Quest III" = Jewel Quest III
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox 15.0 (x86 nl)" = Mozilla Firefox 15.0 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neat Video for After Effects_is1" = Neat Video v2.21 Demo plug-in for After Effects
"Neat Video for VirtualDub_is1" = Neat Video v2.0 Demo plug-in for Virtual Dub
"Need For Speed.Shift 2 Unleashed_is1" = Need For Speed.Shift 2 Unleashed
"Notepad++" = Notepad++
"Office14.PROOFKIT" = Microsoft Office Proofing Tools Kit Compilation 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PhotomatixPro4.0x32_is1" = Photomatix Pro version 4.0.2
"Plus500" = Plus500
"Portrait Professional Studio 9_is1" = Portrait Professional Studio 9.0
"SABnzbd" = SABnzbd 0.6.15
"SolidWorks Installation Manager 20110-40000-1100-200" = SolidWorks 2011 SP0
"The Rise of Atlantis 1.00" = The Rise of Atlantis 1.00
"Tyre_is1" = Tyre
"uTorrent" = µTorrent
"Vector Magic" = Vector Magic
"WebNoti" = Paiq Web Notifier (verwijderen)
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinX DVD Ripper_is1" = WinX DVD Ripper 5.5.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3-9-2012 11:07:17 | Computer Name = DynastyEvolved | Source = Winlogon | ID = 4103
Description = Het activeren van de licentie van Windows is mislukt. Fout 0x80070005.

Error - 3-9-2012 11:08:16 | Computer Name = DynastyEvolved | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3-9-2012 11:06:31 | Computer Name = DynastyEvolved | Source = Service Control Manager | ID = 7023
Description = De Windows Defender-service is gestopt met de volgende foutcode: %%126.

Error - 3-9-2012 11:08:04 | Computer Name = DynastyEvolved | Source = ACPI | ID = 327693
Description = : de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode
gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de
BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant
van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze
fout leiden tot problemen met de computer.

Error - 3-9-2012 11:08:11 | Computer Name = DynastyEvolved | Source = ACPI | ID = 327693
Description = : de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode
gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de
BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant
van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze
fout leiden tot problemen met de computer.

Error - 3-9-2012 11:08:16 | Computer Name = DynastyEvolved | Source = ACPI | ID = 327693
Description = : de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode
gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de
BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant
van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze
fout leiden tot problemen met de computer.

Error - 3-9-2012 11:08:21 | Computer Name = DynastyEvolved | Source = ACPI | ID = 327693
Description = : de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode
gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de
BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant
van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze
fout leiden tot problemen met de computer.

Error - 3-9-2012 11:08:26 | Computer Name = DynastyEvolved | Source = ACPI | ID = 327693
Description = : de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode
gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de
BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant
van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze
fout leiden tot problemen met de computer.

Error - 3-9-2012 11:08:31 | Computer Name = DynastyEvolved | Source = ACPI | ID = 327693
Description = : de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode
gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de
BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant
van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze
fout leiden tot problemen met de computer.

Error - 3-9-2012 11:08:36 | Computer Name = DynastyEvolved | Source = ACPI | ID = 327693
Description = : de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode
gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de
BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant
van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze
fout leiden tot problemen met de computer.

Error - 3-9-2012 11:08:41 | Computer Name = DynastyEvolved | Source = ACPI | ID = 327693
Description = : de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode
gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de
BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant
van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze
fout leiden tot problemen met de computer.

Error - 3-9-2012 11:08:46 | Computer Name = DynastyEvolved | Source = ACPI | ID = 327693
Description = : de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode
gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de
BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant
van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze
fout leiden tot problemen met de computer.


< End of report >


#9 farbar service scanner
All options ticked, log created:

Farbar Service Scanner Version: 06-08-2012
Ran by Joke en Jasper (administrator) on 03-09-2012 at 17:28:16
Running from "C:\Users\Joke en Jasper\Desktop\virus fix"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#4
RKinner
Posted 03 September 2012 - 10:33 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 31
Java™ 7 Update 5
Java™ 6 Update 31 (64-bit)

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware. IF you need Java on the 64 bit IE then you need to also use it to visit Java.com


Copy the text in the code box by highlighting and Ctrl + c 



:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
@Alternate Data Stream - 1130 bytes -> C:\Users\Joke en Jasper\AppData\Local\97lBcKiMImGsd:9YgA7EthUu8LdedRp8W
@Alternate Data Stream - 1072 bytes -> C:\ProgramData\Microsoft:fSecUQAJ6SMlD3nK
@Alternate Data Stream - 1020 bytes -> C:\ProgramData\Microsoft:0VRA70mfIINlH3XJhKhI8T

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Users\Joke en Jasper\AppData\Local\97lBcKiMImGsd
reg export HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders %userprofile%\Desktop\security.txt /c

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"
    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.
It appears that Old Timer is now hiding the log in c:\_OTL\RemovedFiles\09032012-some number.log if you don't catch it the first time. I'm having it create an export of a reg key that looks funny. I've tried to have OTL fix the key. If something goes wrong with the fix you can rename security.txt to security.reg then right click on it and Merge. I'd like you to attach the security.txt file to your next post in any case.


If the problem still exists then I would try it in Firefox safe mode:

http://support.mozil...using-safe-mode

Does it still look funny with all add-ons disabled? If not go back in and turn on about half and see if that brings back the problem. You should be able to figure out which one it is.

Your PC has some other issues that will cause you some major problems soon.

Error - 3-9-2012 11:07:17 | Computer Name = DynastyEvolved | Source = Winlogon | ID = 4103
Description = Het activeren van de licentie van Windows is mislukt. Fout 0x80070005.


Within 30 days Windows will turn itself off and the only thing you can do with it then is activate it. I've seen this happen after a virus scan. The anti-virus looks at certain file in windows and windows thinks it has been tampered with so requires a new activation.


Activate using the Internet

When you begin the activation process, Windows tries to detect an Internet connection. If one is found, you can activate online. If you use a modem to connect to the Internet but aren't currently online, you'll have the option to activate using a modem.
To activate by using a direct connection

Open Windows Activation by clicking the Start button Picture of the Start button, right-clicking Computer, clicking Properties, and then clicking Activate Windows now.‌

If Windows detects an Internet connection, click Activate Windows online now. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Type your Windows 7 product key when prompted, click Next, and then follow the instructions.


Also I see a problem with your BIOS.

Event: 13 Source: ACPI
: de EC (embedded controller) heeft niet binnen de opgegeven time-outperiode gereageerd. Dit kan duiden op een fout in de EC-hardware of -firmware, of dat de BIOS op een onjuiste manier toegang de EC probeert te krijgen. U dient de fabrikant van uw computer om een bijgewerkte BIOS te vragen. In sommige situaties kan deze fout leiden tot problemen met de computer.


You need to visit your PC maker's website and see if they have a new BIOS for you PC.
  • 0

#5
proxii
Posted 04 September 2012 - 02:18 AM

proxii

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Ron,
Thanks again!

Java uninstalled and installed the new version.
Ran OTL, winsock2.reg is not on my desktop (only two desktop.ini hidden files) but internet works.
Log file created and found, posted below. I can't find the security.txt file.

eBay still looks strange, even with all addons disabled.

BUT, when I use private navigation in Firefox (ctrl+shift+p) the eBay page is normal again...

I also did notice that windows wasn't activated anymore. No problem, one call to Microsoft and I'll get the key. (At least, last time that worked)

Asus (the maker of my motherboard) did also release a new Bios so I downloaded it and flashed it.


OTL logfile:

========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
ADS C:\Users\Joke en Jasper\AppData\Local\97lBcKiMImGsd:9YgA7EthUu8LdedRp8W deleted successfully.
ADS C:\ProgramData\Microsoft:fSecUQAJ6SMlD3nK deleted successfully.
ADS C:\ProgramData\Microsoft:0VRA70mfIINlH3XJhKhI8T deleted successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 bestand(en) gekopieerd
C:\Users\Joke en Jasper\Desktop\virus fix\cmd.bat deleted successfully.
C:\Users\Joke en Jasper\Desktop\virus fix\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 bestand(en) gekopieerd
C:\Users\Joke en Jasper\Desktop\virus fix\cmd.bat deleted successfully.
C:\Users\Joke en Jasper\Desktop\virus fix\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 bestand(en) gekopieerd
C:\Users\Joke en Jasper\Desktop\virus fix\cmd.bat deleted successfully.
C:\Users\Joke en Jasper\Desktop\virus fix\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 bestand(en) gekopieerd
C:\Users\Joke en Jasper\Desktop\virus fix\cmd.bat deleted successfully.
C:\Users\Joke en Jasper\Desktop\virus fix\cmd.txt deleted successfully.
C:\Users\Joke en Jasper\AppData\Local\97lBcKiMImGsd folder moved successfully.
< reg export HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders %userprofile%\Desktop\security.txt /c >
C:\Users\Joke en Jasper\Desktop\virus fix\cmd.bat deleted successfully.
C:\Users\Joke en Jasper\Desktop\virus fix\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|"credssp.dll" /E : value set successfully!
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Joke en Jasper
->Flash cache emptied: 237394 bytes

User: postgres
->Flash cache emptied: 56475 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Joke en Jasper
->Java cache emptied: 4838675 bytes

User: postgres

User: Public

Total Java Files Cleaned = 5,00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 09042012_094853

Edited by proxii, 04 September 2012 - 02:19 AM.

  • 0

#6
RKinner
Posted 04 September 2012 - 10:03 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
The winsock2 thing was a mistake on my part. I should have deleted that line from the text since I didn't use it this time. The security.txt file should have been there though. Don't know why it did not show up. The reg fix didn't seem to work either.

Looking back over your logs I see I missed something that Combofix flagged. Your user32.dll files don't look right. Let's fix them with combofix.


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

AtJob::

FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll | C:\Windows\system32\user32.dll
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll | C:\Windows\SysWOW64\user32.dll


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.


Let's try OTL again:

First uninstall Malwarebytes Anti-Malware (PRO) so it doesn't interfere.
You might also uninstall Hitman Pro. This is actually a very dangerous program to use. I've seen a lot of cases where it removed malware incorrectly and left an unbootable system.

Copy the text in the code box by highlighting and Ctrl + c


:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O29:64bit: - HKLM SecurityProviders - (EtdevnOmhenc.dll) - File not found
O29 - HKLM SecurityProviders - (EtdevnOmhenc.dll) - File not found

:Commands
[EMPTYTEMP]
[Reboot]

then Double on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.


Copy the text in the code box:


/md5start
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemdrive%\$Recycle.Bin|@;true;true;true
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#7
proxii
Posted 05 September 2012 - 03:16 AM

proxii

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Ron, thanks for sticking with me. :)
Did all the things but still no luck....

A lot of the scans create a log in Dutch, is that a problem for you? If so, is there a way that these logs will come in English? (Maybe set my PC's location and language to English?)

Anyway, I ran Combofix with the script, here's the log:

ComboFix 12-09-04.03 - Joke en Jasper 05-09-2012 11:00:58.4.12 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.32718.29170 [GMT 2:00]
Gestart vanuit: c:\users\Joke en Jasper\Desktop\virus fix\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Joke en Jasper\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --> c:\windows\system32\user32.dll
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWOW64\user32.dll
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-08-05 to 2012-09-05 ))))))))))))))))))))))))))))))
.
.
2012-09-05 09:03 . 2012-09-05 09:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-04 07:48 . 2012-09-04 07:48 -------- d-----w- C:\_OTL
2012-09-04 07:46 . 2012-09-04 07:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-04 07:46 . 2012-09-04 07:46 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-04 07:46 . 2012-09-04 07:46 -------- d-----w- c:\program files (x86)\Java
2012-09-03 14:58 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 21:00 . 2012-08-30 21:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-08-30 21:00 . 2012-08-30 21:00 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-08-29 16:48 . 2012-08-29 17:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-29 16:44 . 2012-08-29 16:44 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-08-29 16:36 . 2012-08-29 16:36 -------- d-----w- c:\program files\HitmanPro
2012-08-29 16:33 . 2012-08-29 16:43 -------- d-----w- c:\programdata\HitmanPro
2012-08-29 10:34 . 2012-08-29 10:35 -------- d-----w- c:\users\Joke en Jasper\AppData\Roaming\DVDVideoSoft
2012-08-29 07:40 . 2012-08-29 07:40 -------- d-----w- c:\users\Joke en Jasper\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
2012-08-27 08:54 . 2012-08-27 08:54 -------- d-----w- c:\users\Joke en Jasper\AppData\Local\Xilisoft
2012-08-27 08:54 . 2012-08-27 08:54 -------- d-----w- c:\users\Joke en Jasper\AppData\Roaming\Xilisoft
2012-08-23 09:24 . 2012-08-23 09:24 -------- d-----w- c:\program files\Blackmagic Design
2012-08-23 09:18 . 2012-08-23 09:24 -------- d-----w- c:\users\Joke en Jasper\AppData\Roaming\postgresql
2012-08-23 09:18 . 2012-08-23 09:18 -------- d-----w- c:\programdata\Blackmagic Design
2012-08-23 09:17 . 2012-08-23 09:17 -------- d-----w- c:\users\postgres
2012-08-23 09:17 . 2012-08-23 09:17 -------- d-----w- c:\program files\PostgreSQL
2012-08-15 08:56 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 08:56 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 08:56 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 08:56 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 08:56 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 08:56 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 08:56 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 08:56 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 08:56 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 08:56 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 08:56 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 08:55 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-13 17:40 . 2012-08-13 17:40 -------- d-----w- c:\users\Joke en Jasper\AppData\Local\TechSmith
2012-08-13 17:40 . 2012-08-13 17:40 -------- d-----w- c:\windows\SysWow64\QuickTime
2012-08-13 17:39 . 2012-08-13 17:40 -------- d-----w- c:\programdata\TechSmith
2012-08-13 17:39 . 2012-08-13 17:39 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2012-08-08 06:15 . 2012-08-08 06:46 -------- d-----w- c:\users\Joke en Jasper\AppData\Roaming\dvdcss
2012-08-08 06:14 . 2012-08-08 06:15 -------- d-----w- c:\users\Joke en Jasper\AppData\Roaming\Digiarty
2012-08-08 06:12 . 2012-08-08 06:13 -------- d-----w- c:\programdata\DVD Shrink
2012-08-07 17:18 . 2012-08-07 17:19 -------- d-----w- c:\programdata\VideoCopilot
2012-08-06 17:21 . 2012-08-06 17:46 -------- d-----w- c:\users\Joke en Jasper\AppData\Roaming\Skype
2012-08-06 17:21 . 2012-08-06 17:21 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-08-06 17:21 . 2012-08-06 17:21 -------- d-----w- c:\programdata\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 08:07 . 2012-02-12 13:37 5438096 ----a-w- c:\windows\PE_Rom.dll
2012-09-04 08:06 . 2012-02-12 13:45 5792336 ----a-w- c:\windows\PE_File.dll
2012-09-04 07:46 . 2012-07-25 11:53 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-04 07:46 . 2012-02-23 12:53 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-15 21:29 . 2012-02-11 19:58 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-15 09:57 . 2012-04-02 08:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 09:57 . 2012-02-11 19:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 05:43 . 2012-07-11 23:17 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-09-03_14.47.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:23 . 2010-11-21 03:23 14336 c:\windows\SysWOW64\slwga.dll
+ 2010-11-21 03:09 . 2012-09-05 08:55 56372 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-05 08:55 40914 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-21 03:24 . 2010-11-21 03:24 15360 c:\windows\system32\slwga.dll
- 2012-02-11 18:46 . 2012-08-15 09:57 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-11 18:46 . 2012-09-03 16:17 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-03 16:17 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 09:57 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-11 18:54 . 2012-09-05 08:55 9474 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3646392386-748874636-2614076268-1000_UserData.bin
+ 2012-09-05 09:04 . 2012-09-05 09:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-03 14:47 . 2012-09-03 14:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-10 21:38 . 2009-06-10 21:38 113629 c:\windows\SysWOW64\slmgr.vbs
+ 2012-09-04 07:46 . 2012-09-04 07:46 246760 c:\windows\SysWOW64\javaws.exe
+ 2012-09-04 07:46 . 2012-09-04 07:46 174056 c:\windows\SysWOW64\javaw.exe
+ 2012-09-04 07:46 . 2012-09-04 07:46 174056 c:\windows\SysWOW64\java.exe
+ 2010-11-21 03:24 . 2010-11-21 03:24 419840 c:\windows\system32\systemcpl.dll
- 2010-11-21 03:24 . 2012-04-20 08:16 419840 c:\windows\system32\systemcpl.dll
+ 2009-06-10 20:59 . 2009-06-10 20:59 113629 c:\windows\system32\slmgr.vbs
- 2010-11-21 16:48 . 2012-09-03 07:33 746034 c:\windows\system32\perfh013.dat
+ 2010-11-21 16:48 . 2012-09-05 08:57 746034 c:\windows\system32\perfh013.dat
- 2009-07-14 02:36 . 2012-09-03 07:33 654880 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-05 08:57 654880 c:\windows\system32\perfh009.dat
+ 2010-11-21 16:48 . 2012-09-05 08:57 153090 c:\windows\system32\perfc013.dat
- 2010-11-21 16:48 . 2012-09-03 07:33 153090 c:\windows\system32\perfc013.dat
- 2009-07-14 02:36 . 2012-09-03 07:33 121752 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-09-05 08:57 121752 c:\windows\system32\perfc009.dat
+ 2012-02-11 18:46 . 2012-09-03 16:17 294912 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-11 18:46 . 2012-08-15 09:57 294912 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 05:01 . 2012-09-05 09:03 856012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-03 14:46 856012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-09-04 07:46 . 2012-09-04 07:46 179200 c:\windows\Installer\3767b.msi
- 2012-02-12 14:05 . 2012-08-29 21:07 8988328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-12 14:05 . 2012-09-04 22:56 8988328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-11 19:21 . 2012-09-05 09:03 37248924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3646392386-748874636-2614076268-1000-12288.dat
+ 2012-09-04 07:46 . 2012-09-04 07:46 27545600 c:\windows\Installer\37675.msi
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joke en Jasper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joke en Jasper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joke en Jasper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Joke en Jasper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebNoti"="d:\users\Joke en Jasper\AppData\Roaming\WebNoti\WebNoti.exe" [2011-09-27 961536]
"AdobeBridge"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="d:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0d:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 ALSysIO;ALSysIO;c:\users\JOKEEN~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-12 1431888]
R3 hitmanpro36;HitmanPro 3.6 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-08-29 30496]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-20 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-01 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-06 235520]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe [2011-08-09 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe [2011-08-09 947328]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.07\AsusFanControlService.exe [2011-09-20 1406080]
S2 avgwd;AVG WatchDog;d:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 83312]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 86016]
S2 postgresql-x64-9.0;postgresql-x64-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-x64-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
S2 SkypeUpdate;Skype Updater;d:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-12-06 10720256]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-12-06 327168]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
S3 cmudaxp;ASUS Xonar Essence STX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-07-04 2726400]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-07-20 342704]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-08-15 56600]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joke en Jasper\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joke en Jasper\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joke en Jasper\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Joke en Jasper\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8790016]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Joke en Jasper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:9e,53,4f,41,ef,23,34,63,88,5a,e5,0e,24,13,b3,89,8d,a8,5d,73,50,
c8,10,1b,e2,9c,d8,27,7f,7d,0e,e7,b9,ad,c7,8a,92,8f,0e,44,ef,55,9d,1e,3b,4b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:9e,53,4f,41,ef,23,34,63,88,5a,e5,0e,24,13,b3,89,8d,a8,5d,73,50,
c8,10,1b,e2,9c,d8,27,7f,7d,0e,e7,b9,ad,c7,8a,92,8f,0e,44,ef,55,9d,1e,3b,4b,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
d:\program files (x86)\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
d:\program files (x86)\AI Suite II\AsRoutineController.exe
c:\windows\SysWOW64\rundll32.exe
d:\program files (x86)\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Voltooingstijd: 2012-09-05 11:05:31 - machine werd herstart
ComboFix-quarantined-files.txt 2012-09-05 09:05
.
Pre-Run: 12.245.102.592 bytes beschikbaar
Post-Run: 11.775.356.928 bytes beschikbaar
.
- - End Of File - - DF7F27F61E64B77EEDDDC2D887008DD8



After that I ran the first OTl custom fix thing, here's the log:

All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:EtdevnOmhenc.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:EtdevnOmhenc.dll deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Joke en Jasper
->Temp folder emptied: 711240 bytes
->Temporary Internet Files folder emptied: 346201 bytes
->Java cache emptied: 64959 bytes
->FireFox cache emptied: 629316831 bytes
->Flash cache emptied: 3138 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 18387260 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 668 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 619,00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 09052012_110807

Files\Folders moved on Reboot...
C:\Users\Joke en Jasper\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



And then the second custom fix with two log's, here's the first one:

OTL logfile created on: 5-9-2012 11:12:07 - Run 3
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Joke en Jasper\Desktop\virus fix
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

31,95 Gb Total Physical Memory | 29,09 Gb Available Physical Memory | 91,03% Memory free
63,90 Gb Paging File | 60,79 Gb Available in Paging File | 95,13% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 11,49 Gb Free Space | 9,64% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 121,17 Gb Free Space | 6,50% Space Free | Partition Type: NTFS

Computer Name: DYNASTYEVOLVED | User Name: Joke en Jasper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-08-31 06:22:52 | 000,917,984 | ---- | M] (Mozilla Corporation) -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012-08-29 19:01:45 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Joke en Jasper\Desktop\virus fix\OTL.exe
PRC - [2012-04-05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011-09-27 15:58:04 | 000,961,536 | ---- | M] () -- D:\Users\Joke en Jasper\AppData\Roaming\WebNoti\WebNoti.exe
PRC - [2011-09-20 12:53:25 | 001,406,080 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.07\AsusFanControlService.exe
PRC - [2011-09-08 22:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2011-09-08 22:22:04 | 001,496,192 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\AI Suite II\AI Suite II.exe
PRC - [2011-09-01 15:45:34 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\AI Suite II\EPU\EPUHelp.exe
PRC - [2011-08-19 11:57:38 | 001,118,848 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
PRC - [2011-08-09 04:56:04 | 000,947,328 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe
PRC - [2011-08-09 04:55:00 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe
PRC - [2011-02-22 22:52:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
PRC - [2010-11-26 22:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- D:\Program Files (x86)\AI Suite II\AsRoutineController.exe
PRC - [2010-10-21 11:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2008-07-11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012-08-31 06:22:52 | 002,242,528 | ---- | M] () -- D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011-09-27 15:58:04 | 000,961,536 | ---- | M] () -- D:\Users\Joke en Jasper\AppData\Roaming\WebNoti\WebNoti.exe
MOD - [2011-09-21 19:10:54 | 000,881,664 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Sensor\Sensor.dll
MOD - [2011-09-20 19:11:28 | 000,985,600 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\BarGadget\BarGadget.dll
MOD - [2011-09-19 20:59:10 | 000,885,248 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\TabGadget\TabGadget.dll
MOD - [2011-09-12 20:11:08 | 001,617,408 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011-08-26 14:55:36 | 001,046,016 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Probe_II\ProbeII.dll
MOD - [2011-08-23 17:19:52 | 001,294,848 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\MyLogo\MyLogo.dll
MOD - [2011-08-22 11:36:08 | 001,074,688 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\ASUS Update\Update.dll
MOD - [2011-08-09 13:15:00 | 001,242,624 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Settings\Settings.dll
MOD - [2011-07-21 10:06:44 | 000,846,848 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Splitter\Splitter.dll
MOD - [2011-07-12 20:14:52 | 000,147,456 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\AssistFunc.dll
MOD - [2010-10-05 09:22:50 | 000,253,952 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\pngio.dll
MOD - [2010-10-05 09:22:50 | 000,208,896 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\ImageHelper.dll
MOD - [2010-08-23 04:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.15\aaHMLib.dll
MOD - [2009-08-12 21:15:52 | 000,253,952 | ---- | M] () -- D:\Program Files (x86)\AI Suite II\Sensor\AlertHelper\pngio.dll
MOD - [2008-07-11 16:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012-02-12 17:41:55 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011-12-06 05:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011-04-15 14:13:23 | 000,111,104 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe -- (postgresql-x64-9.0)
SRV:64bit: - [2011-02-22 22:52:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012-08-31 06:22:52 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-08-29 20:07:31 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012-08-29 20:07:31 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2012-08-15 11:57:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011-09-20 12:53:25 | 001,406,080 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.07\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2011-08-09 04:56:04 | 000,947,328 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.15\aaHMSvc.exe -- (asHmComSvc)
SRV - [2011-08-09 04:55:00 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.16\atkexComSvc.exe -- (asComSvc)
SRV - [2010-10-21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010-10-05 08:07:08 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files (x86)\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-08-29 18:44:35 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012-04-19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012-04-01 19:16:43 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-03-19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012-02-24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012-02-22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012-02-16 12:02:00 | 000,564,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012-01-31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011-12-23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011-12-06 05:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011-12-06 04:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011-10-30 21:23:08 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-10-30 21:23:08 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-10-17 19:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011-09-14 18:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011-09-14 18:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011-08-18 14:45:42 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2011-08-15 11:30:04 | 000,056,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011-07-20 03:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011-07-04 15:00:50 | 002,726,400 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2010-11-21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010-11-21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010-11-21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-08-17 19:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012-05-09 13:22:09 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 3E 67 40 DA 8A CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://go.microsoft..../?LinkId=69157"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-07-09 16:07:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012-07-09 16:07:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: D:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012-07-03 10:10:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012-08-31 06:22:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2012-09-04 09:44:40 | 000,000,000 | ---D | M]

[2012-02-11 21:16:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Extensions
[2012-09-04 12:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions
[2012-07-02 11:29:56 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] ("Adblock") -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2012-08-29 12:35:03 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-02-22 11:07:37 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\[email protected]
[2012-02-22 11:07:37 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\[email protected]
[2012-03-20 20:43:15 | 000,000,000 | ---D | M] (Woordenboek Nederlands) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\[email protected]
[2012-07-09 16:07:39 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Joke en Jasper\AppData\Roaming\mozilla\Firefox\Profiles\yb29zkoc.default\extensions\[email protected]
[2012-09-05 10:56:09 | 000,005,397 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\2torrents.xml
[2012-07-16 16:48:27 | 000,000,838 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\alltorrent.xml
[2009-11-06 13:06:12 | 000,002,171 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\bing.xml
[2008-05-31 22:56:38 | 000,001,751 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\bittorrent-monster.xml
[2012-09-05 10:56:09 | 000,001,412 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\bittorrent.xml
[2012-09-05 10:56:09 | 000,004,690 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\flextorrent.xml
[2012-07-16 16:48:27 | 000,000,812 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\fulltorrent.xml
[2012-09-05 10:56:10 | 000,002,109 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\funkytorrentscom.xml
[2008-06-21 16:54:06 | 000,000,908 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\imdb.xml
[2012-09-05 10:56:10 | 000,001,846 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\isohunt---bittorrent.xml
[2012-07-16 16:48:27 | 000,000,826 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\mininova.xml
[2012-07-16 16:48:27 | 000,000,858 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\newtorrentsinfo.xml
[2008-05-31 22:56:36 | 000,001,110 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\the-pirate-bay.xml
[2008-05-31 22:56:40 | 000,001,138 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\torrent-finder.xml
[2012-09-05 10:56:10 | 000,002,143 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\torrentbox.xml
[2012-09-05 10:56:10 | 000,002,169 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\torrentportal.xml
[2012-07-16 16:48:27 | 000,000,853 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\torrentreactornet.xml
[2012-07-16 16:48:27 | 000,000,795 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\torrentspy.xml
[2008-06-22 18:38:52 | 000,001,108 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Mozilla\Firefox\Profiles\yb29zkoc.default\searchplugins\wikipedia-en.xml
[2012-08-17 09:29:21 | 001,136,465 | ---- | M] () (No name found) -- C:\USERS\JOKE EN JASPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YB29ZKOC.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012-08-28 22:55:32 | 000,230,013 | ---- | M] () (No name found) -- C:\USERS\JOKE EN JASPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YB29ZKOC.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012-09-05 11:04:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4 - HKLM..\Run: [AVG_TRAY] D:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [WebNoti] D:\Users\Joke en Jasper\AppData\Roaming\WebNoti\WebNoti.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Joke en Jasper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Joke en Jasper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41D861AA-F82F-4918-8556-2D1EBE420AA0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (D:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-09-05 11:05:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-09-05 11:04:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012-09-04 09:48:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-09-04 09:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012-09-04 09:46:50 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012-09-04 09:46:47 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012-09-04 09:46:47 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012-09-04 09:46:47 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012-09-04 09:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012-09-03 16:29:54 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Desktop\virus fix
[2012-09-03 09:29:34 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{3F6FB12D-8877-4F69-9692-981985DA1E30}
[2012-09-02 11:11:39 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{24F17AFD-CE2F-41FE-AD6A-FBE0B7E78951}
[2012-09-01 23:11:16 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{7351D51A-4E2E-4E7F-BEF3-59793727A1EF}
[2012-09-01 11:10:53 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{EFF59348-6058-42E7-9E9F-7AA9E9A4AF82}
[2012-08-31 22:32:15 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{8E3C39AF-B3F3-43E4-BFFD-A933F38D9853}
[2012-08-31 06:16:26 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{15D73F9F-52E1-4CC5-B813-F3AC3F2E162B}
[2012-08-30 23:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012-08-30 23:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2012-08-30 13:19:06 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{EE6018DC-E097-41B2-99DE-9DADC76AEE8B}
[2012-08-29 20:11:51 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\SolidWorks
[2012-08-29 20:09:57 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Documents\SolidWorks Visual Studio Tools for Applications
[2012-08-29 20:09:51 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\DassaultSystemes
[2012-08-29 20:09:51 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\DassaultSystemes
[2012-08-29 20:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes
[2012-08-29 20:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2011
[2012-08-29 20:08:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SolidWorks Corp
[2012-08-29 20:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SolidWorks
[2012-08-29 20:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
[2012-08-29 20:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012-08-29 20:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SolidWorks Shared
[2012-08-29 20:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012-08-29 20:07:29 | 000,000,000 | ---D | C] -- C:\SolidWorks Data
[2012-08-29 20:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks Installation Manager
[2012-08-29 20:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SolidWorks Installation Manager
[2012-08-29 20:04:45 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Documents\SolidWorks Downloads
[2012-08-29 20:04:45 | 000,000,000 | ---D | C] -- C:\Windows\SolidWorks
[2012-08-29 20:04:44 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\SolidWorks
[2012-08-29 19:42:25 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Desktop\Solidworks
[2012-08-29 18:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012-08-29 18:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012-08-29 18:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012-08-29 18:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012-08-29 17:39:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-08-29 17:39:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-08-29 17:39:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-08-29 17:39:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-08-29 17:39:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-08-29 16:05:45 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Desktop\David_Guetta_feat._Sia-She_Wolf_(Falling_To_Pieces)-PROMO-CDR-FLAC-2012-WRE
[2012-08-29 12:34:07 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\DVDVideoSoft
[2012-08-29 09:53:47 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Documents\Untitled
[2012-08-29 09:40:39 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2012-08-29 09:32:19 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{D1A6348E-DB84-4247-880F-102387B499BB}
[2012-08-28 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Documents\OFX Presets
[2012-08-28 10:46:34 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{26F59685-944C-4620-8204-A9091119C38A}
[2012-08-27 21:55:21 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{DC5FD364-DC51-4AF3-AB72-FE10CD79BB55}
[2012-08-27 10:54:15 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\Xilisoft
[2012-08-27 10:54:14 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\Xilisoft
[2012-08-27 05:07:59 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{CF354A09-85ED-4F57-8C4C-3220BF42522C}
[2012-08-26 10:43:00 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{5323E27C-C8C3-40FB-A85D-530CE4E4FA4E}
[2012-08-25 22:42:37 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{B051394C-4683-4EBA-9B23-9C4791AC5C5C}
[2012-08-25 10:27:36 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{579D78DF-30E5-4787-B05D-0202029B30F3}
[2012-08-24 22:27:13 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{747FDAF6-D78C-4218-A72F-883A443425AF}
[2012-08-24 10:13:31 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{F16F2F22-CF82-4E66-A4B6-017E790F62C7}
[2012-08-23 20:13:31 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{0781EA7F-A735-4B3E-AF9C-E5071B0C58CA}
[2012-08-23 11:24:37 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
[2012-08-23 11:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Blackmagic Design
[2012-08-23 11:18:50 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\postgresql
[2012-08-23 11:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Blackmagic Design
[2012-08-23 11:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.0
[2012-08-23 11:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\PostgreSQL
[2012-08-23 08:13:04 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{A18F5D48-54D6-416E-BDCC-3F1869515F55}
[2012-08-22 20:12:41 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{D3D579B6-4822-4961-9F72-809D6604B0A3}
[2012-08-22 08:12:31 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{C7910886-D4E1-457B-9C2A-7BFDFBA5E83B}
[2012-08-20 22:20:59 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{F08324F5-28A3-4EB8-910C-D9CA76F877BF}
[2012-08-18 15:49:08 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{22BFC448-BE34-494E-BA03-02D60C84D962}
[2012-08-18 15:48:58 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{12576399-997C-4739-8178-608F3157B35B}
[2012-08-17 22:34:51 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{635E1179-643A-4902-9CD2-2D43E32B74AB}
[2012-08-17 22:34:40 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{C68102E1-4E1D-4B31-890C-869962823CFB}
[2012-08-17 09:19:04 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{FE6AC035-9D6C-4F89-8C4E-8727FA2F391D}
[2012-08-17 09:18:54 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{E8E41CB6-3416-4FE1-889F-FE4AD1768E0B}
[2012-08-16 08:26:59 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{3B73AA08-BCE3-41CC-A69C-114493CEAA71}
[2012-08-16 08:26:50 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{713CE5C1-AFA9-4E8C-B46A-522C9B6B9E73}
[2012-08-15 23:30:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-08-15 23:30:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-08-15 23:30:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-08-15 23:30:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-08-15 23:30:06 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012-08-15 23:30:06 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012-08-15 23:30:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012-08-15 23:30:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-08-15 23:30:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-08-15 23:30:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012-08-15 23:30:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012-08-15 23:30:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-08-15 23:30:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-08-15 10:56:47 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012-08-15 10:56:35 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012-08-15 10:56:35 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012-08-15 10:56:35 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012-08-15 10:56:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012-08-15 10:56:13 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012-08-15 10:56:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012-08-15 10:55:49 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012-08-14 22:18:05 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{CEAB15C9-8CBD-4495-98EA-00093426DFD5}
[2012-08-14 22:17:55 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{9BC3E3DD-E936-4B88-B3F9-510EC68EEF11}
[2012-08-14 07:53:21 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{16EDED64-86C5-42E4-9D7C-E37058A1C4D8}
[2012-08-14 07:53:06 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{6AAA750F-5E5C-4C2E-9112-1A6C5699CD50}
[2012-08-13 19:40:26 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\TechSmith
[2012-08-13 19:40:23 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Documents\Camtasia Studio
[2012-08-13 19:40:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2012-08-13 19:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7
[2012-08-13 19:39:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2012-08-13 19:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2012-08-08 22:27:04 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{E366130A-4D15-4256-B3F9-71AD3A628489}
[2012-08-08 22:26:54 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{E6D6A4B5-3B85-474A-9FB1-30E8926AD140}
[2012-08-08 08:15:17 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\dvdcss
[2012-08-08 08:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2012-08-08 08:14:56 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\Digiarty
[2012-08-08 08:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
[2012-08-08 08:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2012-08-08 08:07:43 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{B781BECF-7D90-4A78-989E-46116F015F51}
[2012-08-08 08:07:33 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{9B96D4E4-EC38-4180-BC71-6DBBAD1BD090}
[2012-08-07 19:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\VideoCopilot
[2012-08-07 19:16:30 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\Documents\VideoCopilot
[2012-08-07 09:31:30 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{39CF1DB4-8A13-40B9-A5DA-9848A4744A01}
[2012-08-07 09:31:21 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Local\{7C3392E1-97B0-4B5F-8084-D2372860D46B}
[2012-08-06 19:21:25 | 000,000,000 | ---D | C] -- C:\Users\Joke en Jasper\AppData\Roaming\Skype
[2012-08-06 19:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012-08-06 19:21:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012-08-06 19:21:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

========== Files - Modified Within 30 Days ==========

[2012-09-05 11:13:29 | 001,671,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-09-05 11:13:29 | 000,746,034 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012-09-05 11:13:29 | 000,654,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-09-05 11:13:29 | 000,153,090 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012-09-05 11:13:29 | 000,121,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-09-05 11:08:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-09-05 11:04:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012-09-05 10:58:56 | 093,707,027 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012-09-05 10:57:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-09-04 22:23:39 | 000,002,072 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.imi
[2012-09-04 10:07:06 | 005,438,096 | ---- | M] () -- C:\Windows\PE_Rom.dll
[2012-09-04 10:06:13 | 005,792,336 | ---- | M] () -- C:\Windows\PE_File.dll
[2012-09-04 09:46:45 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012-09-04 09:46:45 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012-09-04 09:46:45 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012-09-04 09:46:45 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012-09-04 09:46:45 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012-09-04 09:46:45 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012-09-01 11:57:43 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-09-01 11:57:43 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-08-30 17:49:26 | 000,277,540 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012-08-30 08:57:26 | 011,853,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-08-29 21:09:39 | 000,277,985 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\Carli_111_VriendenVan.pdf
[2012-08-29 20:27:13 | 000,140,288 | ---- | M] () -- C:\Users\Joke en Jasper\Documents\Part1.SLDPRT
[2012-08-29 20:10:13 | 000,002,821 | ---- | M] () -- C:\Users\Joke en Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks Explorer 2011.lnk
[2012-08-29 20:10:13 | 000,002,293 | ---- | M] () -- C:\Users\Joke en Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks eDrawings 2011.lnk
[2012-08-29 20:10:06 | 000,000,000 | ---- | M] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012-08-29 20:09:54 | 000,000,023 | -H-- | M] () -- C:\Windows\yacht.xws
[2012-08-29 20:09:23 | 000,002,763 | ---- | M] () -- C:\Users\Joke en Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2011.lnk
[2012-08-29 19:38:57 | 000,000,654 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\Overig.lnk
[2012-08-29 18:44:35 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012-08-29 18:43:27 | 000,001,498 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012-08-29 13:07:07 | 014,003,541 | ---- | M] () -- C:\Users\Joke en Jasper\Documents\Untitled.ncor
[2012-08-29 11:51:37 | 000,000,132 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012-08-29 09:19:21 | 000,675,480 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\5.veg
[2012-08-28 21:01:27 | 000,633,680 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\4.veg
[2012-08-27 10:53:36 | 000,615,112 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\3.veg
[2012-08-17 19:15:01 | 000,001,456 | ---- | M] () -- C:\Users\Joke en Jasper\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012-08-16 18:15:27 | 000,052,920 | ---- | M] () -- C:\Users\Joke en Jasper\Desktop\Nutricia_Los.jpg
[2012-08-15 11:57:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-08-15 11:57:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012-08-29 21:09:39 | 000,277,985 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\Carli_111_VriendenVan.pdf
[2012-08-29 20:27:13 | 000,140,288 | ---- | C] () -- C:\Users\Joke en Jasper\Documents\Part1.SLDPRT
[2012-08-29 20:10:13 | 000,002,821 | ---- | C] () -- C:\Users\Joke en Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks Explorer 2011.lnk
[2012-08-29 20:10:06 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012-08-29 20:10:04 | 000,002,293 | ---- | C] () -- C:\Users\Joke en Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks eDrawings 2011.lnk
[2012-08-29 20:09:54 | 000,000,023 | -H-- | C] () -- C:\Windows\yacht.xws
[2012-08-29 20:09:23 | 000,002,763 | ---- | C] () -- C:\Users\Joke en Jasper\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2011.lnk
[2012-08-29 19:38:57 | 000,000,654 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\Overig.lnk
[2012-08-29 18:44:35 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012-08-29 18:43:27 | 000,001,498 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012-08-29 17:39:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-08-29 17:39:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-08-29 17:39:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-08-29 17:39:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-08-29 17:39:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-08-29 09:40:56 | 014,003,541 | ---- | C] () -- C:\Users\Joke en Jasper\Documents\Untitled.ncor
[2012-08-28 21:06:35 | 000,675,480 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\5.veg
[2012-08-28 20:57:22 | 000,633,680 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\4.veg
[2012-08-27 05:08:14 | 000,615,112 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\3.veg
[2012-08-21 21:27:08 | 000,001,194 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
[2012-08-21 21:26:53 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012-08-21 21:26:47 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012-08-21 21:26:46 | 000,001,090 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
[2012-08-21 21:26:26 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012-08-16 18:15:27 | 000,052,920 | ---- | C] () -- C:\Users\Joke en Jasper\Desktop\Nutricia_Los.jpg
[2012-05-28 12:00:59 | 000,001,456 | ---- | C] () -- C:\Users\Joke en Jasper\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012-03-28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012-03-28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012-03-28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012-03-28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012-03-28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012-03-03 16:25:40 | 000,000,132 | ---- | C] () -- C:\Users\Joke en Jasper\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012-02-12 22:27:32 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012-02-12 17:40:22 | 001,648,260 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-02-12 15:48:25 | 000,000,132 | ---- | C] () -- C:\Users\Joke en Jasper\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012-02-12 15:45:44 | 005,792,336 | ---- | C] () -- C:\Windows\PE_File.dll
[2012-02-12 15:37:32 | 005,438,096 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012-02-11 21:21:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012-02-11 21:19:20 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2012-02-11 21:19:20 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2012-02-11 21:19:20 | 000,039,983 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2012-02-11 21:19:20 | 000,000,057 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2012-02-11 21:19:12 | 000,002,072 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2012-02-11 21:19:10 | 000,005,327 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2012-02-11 21:19:10 | 000,004,844 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2012-02-11 21:03:39 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012-02-11 21:03:36 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012-02-11 20:55:56 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012-02-11 20:55:52 | 000,035,420 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011-12-06 04:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011-12-06 04:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011-12-05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011-12-05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011-09-13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== Custom Scans ==========

< >

< MD5 for: USER32.DLL >
[2010-11-21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010-11-21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010-11-21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010-11-21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010-11-21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010-11-21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< End of report >


And the second one:

OTL Extras logfile created on: 5-9-2012 11:12:07 - Run 3
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Joke en Jasper\Desktop\virus fix
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

31,95 Gb Total Physical Memory | 29,09 Gb Available Physical Memory | 91,03% Memory free
63,90 Gb Paging File | 60,79 Gb Available in Paging File | 95,13% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 11,49 Gb Free Space | 9,64% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 121,17 Gb Free Space | 6,50% Space Free | Partition Type: NTFS

Computer Name: DYNASTYEVOLVED | User Name: Joke en Jasper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js[@ = jsfile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = jsfile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BD358C7-FDCA-4143-A1C9-97046350E7D6}" = rport=139 | protocol=6 | dir=out | app=system |
"{18CB9701-DCA2-4311-B6BA-2B109BA0A60E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1BAEE65D-BF68-435D-B2B4-296B88F57E0C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3617D2C8-BFA0-4C3A-B931-0D7FC100B97C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{36236035-1A0E-4CC6-AAF8-AE2A569945F0}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3AA7AB7F-9F54-468F-8965-568BBFBB8DD1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{532FE9A2-88C5-4807-B3C5-EC7B1DE2D2B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{55D6849E-DD49-4488-9712-DE5671709BA2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5CAEF8B8-2443-4DE9-99AF-371A996FB811}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5FC99F3B-9726-423F-8248-6A025184316E}" = lport=137 | protocol=17 | dir=in | app=system |
"{62485842-CD47-4BA6-9E65-EF2A03A953EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72DEBA2E-8CB0-4FD9-99F7-DFE9E9EB11DD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{73F2E231-CB0B-4AFE-9821-ED0528CF3D12}" = rport=445 | protocol=6 | dir=out | app=system |
"{970889B6-73C0-48F8-949E-497CDA628743}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1CD3343-DAD8-4C52-8D09-2387BCB31518}" = lport=445 | protocol=6 | dir=in | app=system |
"{A271E49D-FBFF-402D-BE22-018FA4483465}" = lport=139 | protocol=6 | dir=in | app=system |
"{AA6D9DC8-9C15-4CD1-9360-7C1A90AED57C}" = rport=138 | protocol=17 | dir=out | app=system |
"{AE451900-4C09-443D-8FDC-6A8E4296C145}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5D4E79A-231E-43B4-AE38-E129EAC699D6}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9E3C801-BA22-4F74-B41F-746D7FDB2CA6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC859527-296A-45A9-9B2A-AE2E8FACAEDC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{DDFDED7E-9C0F-49D0-9E9D-C4028A83E97B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E0B98160-63C5-4F48-942E-9B5CCC069544}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
"{E540F2ED-B7E8-4E6E-965C-8BB9A9BDC919}" = lport=138 | protocol=17 | dir=in | app=system |
"{E88F5DE2-391A-4EB0-8828-E60C438F16C9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{EE1D56FE-3F78-4FF7-9830-E25470BFC27F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F69A4583-B7DA-49AF-8503-99EF57C2E756}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBF8E870-8B0B-4808-9D79-5E82525E241E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0599DA07-12AF-4D37-9C3D-386011E9F7C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09911F86-C800-4E2C-9B2C-8E2F2870A0C2}" = dir=in | app=c:\programdata\blackmagic design\davinci resolve\support\qtdecoder\qtdecoder.exe |
"{09AAEF16-D9B0-4F0E-BDAD-816480EBCC08}" = dir=in | app=c:\program files\blackmagic design\davinci resolve\elementspaneldaemon.exe |
"{0C4EA2AA-0B31-48FE-AEA4-2B8561A0FABD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C555AF6-A534-4003-8BDB-3D28A4A48EC0}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2012\avgemca.exe |
"{0D1F6E32-4D11-4018-85E9-5C4DB27B687D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0EE73E25-8CA1-4868-B754-C1EAD8A8FEA9}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{1076356F-498C-4771-B78F-958ECB84E388}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2012\avgemca.exe |
"{116B4289-4D0F-47FC-A825-BC3189E1E1B1}" = dir=in | app=d:\program files (x86)\skype\phone\skype.exe |
"{11A27A64-7DB4-4165-B04F-7D33DF0E7DB7}" = protocol=58 | dir=out | [email protected],-28546 |
"{14377601-CE2A-4EF5-9A11-8191D0E02A3B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{15B270D1-FE12-4181-8228-FD663A03ED66}" = dir=in | app=c:\program files\blackmagic design\davinci resolve\bmdpaneld.exe |
"{1E4F4613-C872-41D4-A4C5-7900631B759E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1EBB51D1-E8D7-4FF9-BF98-6E8267B9B8C5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{27E60426-CB3E-4D60-B787-DB9F341070E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{28C85980-2CAD-46A6-A62F-3B45B0313473}" = protocol=17 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe |
"{294B829A-7086-4601-8B85-DDAC4972C510}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe |
"{2A297A03-5400-4276-BF01-B86A80573951}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2BBB8485-770C-4120-A6AC-D4ECDCC4E6DD}" = protocol=1 | dir=in | [email protected],-28543 |
"{2F60A20B-A97A-433F-A3EC-9C6D5DB34386}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31E16F06-4694-415C-BD33-C0F494AE7CCC}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2012\avgnsa.exe |
"{3ED2A47C-B502-4CAB-926A-DE4EE4FED33B}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe |
"{4965843A-EDC8-4A3F-9F52-DAFF599E08CB}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{4C307B22-7447-4B60-8BC4-79ED77703818}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{4E546796-DDE2-42A1-9763-7E1E321EE54D}" = protocol=17 | dir=in | app=d:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{501A2972-1261-4F32-9859-9D13E6E0FD1D}" = dir=in | app=c:\program files\blackmagic design\davinci resolve\euphonixpaneldaemon.exe |
"{54496D8D-3A33-4A82-B007-5599655417EB}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{58F51948-D734-4A5E-B071-63BE15E97F78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{591D3DE0-AE93-43C7-9D82-DBC03F786DEE}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{5C3371A3-666A-4066-B63D-9790B494BD2E}" = protocol=6 | dir=in | app=c:\program files (x86)\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{64077DD7-2580-449D-9C65-D01A6E5619D4}" = protocol=6 | dir=out | app=system |
"{6BE149ED-6EA8-49AE-9C45-939BB976371A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A07716F-2580-4887-A5A9-D704FE8293CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83DCAA6E-61DE-4054-90BD-65E3C4E0137A}" = dir=in | app=c:\program files\blackmagic design\davinci resolve\dpdecoder.exe |
"{850DE7F8-85BC-481D-9C0A-CDB3FD31ABAF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8C743D91-12E3-45D0-A301-FCF23517D418}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{9323382B-CEFA-4209-BFBB-7F3B1E329F19}" = dir=in | app=c:\program files\blackmagic design\davinci resolve\tangentpaneldaemon.exe |
"{970B8E2A-72C3-4366-88C1-A21C50D2C8E2}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{9C226AC5-5588-485A-9E3A-05A69C04A56C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9DC03071-1D13-4B44-AE7B-286374DF27C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A88EB257-6DE5-4228-B68D-2BF95A3BB39E}" = protocol=6 | dir=in | app=c:\users\joke en jasper\appdata\roaming\dropbox\bin\dropbox.exe |
"{AA62A556-4C21-46E6-B44A-51FF0BE29768}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\3dsmax.exe |
"{AB0A178A-2A0B-4A57-AC52-F4792BC0903C}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{B5E0C23E-9DD0-451D-B9C8-67EA72E1DD96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B97BC7A1-FEFC-4CE3-B51F-3AAD8A2ADC1C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B9E6A1D9-128E-41A6-8C43-3AB55B25BA9D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BAFA248D-2ED6-44CF-9A32-ED7E96E755FF}" = protocol=58 | dir=in | [email protected],-28545 |
"{BE3EFB48-281A-4B89-8B05-21BF92FC19A0}" = protocol=17 | dir=in | app=c:\users\joke en jasper\appdata\roaming\dropbox\bin\dropbox.exe |
"{C20D244A-4DB7-49AB-B4E6-13E26C941660}" = protocol=6 | dir=in | app=d:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{CE926520-9AFF-42C1-A207-348DAB04B467}" = protocol=1 | dir=out | [email protected],-28544 |
"{D4F2F31F-74A0-49BB-B280-0DD08064D6A8}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe |
"{D5DD79B1-05BE-414D-85AB-FA8D632CD7A9}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\3dsmax.exe |
"{D5DE8818-8BBE-4AF7-890F-C25A20EC547D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DBC12980-03F1-4D57-A39E-0A9C829FCF4F}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{DCEBF541-B727-4320-8AAB-88F5997CEBB5}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{E4031F91-CF41-4508-8762-6BFF9B2DB93A}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{E87E0A42-76C2-4700-B456-0CCD0387D819}" = protocol=6 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe |
"{E9869F7A-BD32-4F98-815F-5E55F24DE7EF}" = protocol=6 | dir=in | app=d:\program files (x86)\avg\avg2012\avgnsa.exe |
"{EA0D6E32-CDFE-4E4C-99B9-E40AC8194943}" = protocol=17 | dir=in | app=c:\program files (x86)\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{EDA9A1B0-CA1B-472D-8B78-910A7E0631CC}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe |
"{F0078B69-B755-4314-B45F-E6F7A2850CE5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{F27248C3-1FB1-44B3-B2A0-C380C01AB968}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{F4C93840-DB24-49E8-9C23-BF75DCDE9222}" = dir=in | app=c:\program files\blackmagic design\davinci resolve\jlcooperpaneldaemon.exe |
"{F8E57389-BE95-4A52-8614-4474B3BCBAFC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{FCF4FDD5-4E97-4AB0-834D-B0DDEA9B477E}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{FE11FA10-1062-4F75-BE7E-2B174A9FD901}" = dir=in | app=c:\program files\blackmagic design\davinci resolve\resolve.exe |
"{FEB211AC-7C6E-46AB-8163-08F96AB76E8A}" = protocol=17 | dir=in | app=d:\program files (x86)\avg\avg2012\avgmfapx.exe |
"TCP Query User{30267361-6A2D-4BDC-98B0-8AF3B1323F47}C:\users\joke en jasper\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\joke en jasper\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{3C10CB11-E09F-4466-A4B6-873ECCE1FD6D}D:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=d:\program files (x86)\bitcoin\bitcoin-qt.exe |
"TCP Query User{6D7E67A2-88BC-4A26-957B-70DF48F8348E}C:\program files\adobe\adobe media encoder cs5.5\adobe media encoder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe media encoder cs5.5\adobe media encoder.exe |
"TCP Query User{6E6069DF-EF5F-4C76-BBD3-5CFC12C37D54}D:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=d:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{922709EC-FA7E-4849-920B-2B4B52B3F0C0}D:\program files (x86)\ai suite ii\ai suite ii.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ai suite ii\ai suite ii.exe |
"TCP Query User{9F219663-F3FA-4F4A-828D-2F384A485873}C:\program files\adobe\adobe after effects cs5.5\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe after effects cs5.5\support files\afterfx.exe |
"TCP Query User{AAAA2037-EA80-43E7-A861-5C69A29AF780}D:\program files (x86)\need for speed.shift 2 unleashed\shift2u.exe" = protocol=6 | dir=in | app=d:\program files (x86)\need for speed.shift 2 unleashed\shift2u.exe |
"TCP Query User{ABDDD074-98C4-4932-936E-C5030F901706}C:\users\joke en jasper\desktop\emule0.50a\emule.exe" = protocol=6 | dir=in | app=c:\users\joke en jasper\desktop\emule0.50a\emule.exe |
"TCP Query User{CC338AC0-2C7E-4C7F-A1A1-C1DFBC6CFFFF}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{411B0013-E4B5-4F17-A0EF-931248466E71}D:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=d:\program files (x86)\bitcoin\bitcoin-qt.exe |
"UDP Query User{46A27DE1-D332-4C4C-B5C7-758671F73C3E}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{4BE563C4-4FD0-4681-8134-888D80753267}D:\program files (x86)\ai suite ii\ai suite ii.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ai suite ii\ai suite ii.exe |
"UDP Query User{56D937FE-AB6E-4039-A61F-CA7FBDD67F6B}C:\users\joke en jasper\desktop\emule0.50a\emule.exe" = protocol=17 | dir=in | app=c:\users\joke en jasper\desktop\emule0.50a\emule.exe |
"UDP Query User{82BAC870-0E5B-4D84-84B7-4F96A3FB8C84}D:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=d:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{8F186906-7A1D-415A-AD7E-ED86A5CD12E7}D:\program files (x86)\need for speed.shift 2 unleashed\shift2u.exe" = protocol=17 | dir=in | app=d:\program files (x86)\need for speed.shift 2 unleashed\shift2u.exe |
"UDP Query User{98F65717-B2FD-4751-B767-A7ACCB0BD774}C:\users\joke en jasper\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\joke en jasper\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{DDE1FCB5-DF31-4843-BDEF-36B4A402E92B}C:\program files\adobe\adobe after effects cs5.5\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe after effects cs5.5\support files\afterfx.exe |
"UDP Query User{DF7ADD80-4098-412E-8503-CD0E7AF63325}C:\program files\adobe\adobe media encoder cs5.5\adobe media encoder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe media encoder cs5.5\adobe media encoder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema 1.6.0.4014 x64
"{2B092722-5855-466F-B7A5-8C5E64C64C77}" = Magic Bullet Suite 64-bit
"{314DDDC0-E935-11E0-8F9F-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{33C19CDE-E935-11E0-A0DA-F04DA23A5C58}" = MSVCRT Redists
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50F2B6AA-775D-4A3C-A785-EE4F51C2D4B6}" = Keying Suite 64-bit
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{669A82E0-43E2-4645-8A2E-1A3DE78F8312}" = Adobe Photoshop Lightroom 4 64-bit
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{723C8298-C7B0-0409-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - English
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8844595D-7554-49D2-90C4-3771532B7B1A}" = Trapcode Suite 64-bit
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-001F-0401-1000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0401-1000-0000000FF1CE}_Office14.PROOFKIT_{4D5950EA-6D1F-44DB-A814-C8B57FE8E883}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0402-1000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2010
"{90140000-001F-0403-1000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0403-1000-0000000FF1CE}_Office14.PROOFKIT_{E8C8BA81-35B2-481B-A0D0-ED95300BEFD9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0404-1000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2010
"{90140000-001F-0404-1000-0000000FF1CE}_Office14.PROOFKIT_{22642F39-49B5-4AC1-9B55-9FD00A9F3C07}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0405-1000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0406-1000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2010
"{90140000-001F-0406-1000-0000000FF1CE}_Office14.PROOFKIT_{54897D82-0CE7-4A90-AEA6-AF0189AA02B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROOFKIT_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0408-1000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROOFKIT_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040B-1000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2010
"{90140000-001F-040B-1000-0000000FF1CE}_Office14.PROOFKIT_{57652F4A-E8F7-4FE2-8FA9-97731AD0D184}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROOFKIT_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040D-1000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-040D-1000-0000000FF1CE}_Office14.PROOFKIT_{A12DF803-B3E7-4304-B3AD-D1ED42FF2442}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040E-1000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROOFKIT_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0411-1000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2010
"{90140000-001F-0411-1000-0000000FF1CE}_Office14.PROOFKIT_{90419B91-2EA8-459E-B09F-F2D006DFDBC4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0412-1000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2010
"{90140000-001F-0412-1000-0000000FF1CE}_Office14.PROOFKIT_{90A8D00C-D27B-402C-ADE3-EEED0B8DDF54}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-1000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-1000-0000000FF1CE}_Office14.PROOFKIT_{AA4240DC-855A-477B-8E38-89FBC16056E3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0414-1000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010
"{90140000-001F-0415-1000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0415-1000-0000000FF1CE}_Office14.PROOFKIT_{329A3D98-9583-4B84-B18B-498E7AB65C43}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-1000-0000000FF1CE}_Office14.PROOFKIT_{5A876683-AEAB-45E2-BA33-A767B54DB7E2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0418-1000-0000000FF1CE}" = Microsoft Office Proof (Romanian) 2010
"{90140000-001F-0419-1000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0419-1000-0000000FF1CE}_Office14.PROOFKIT_{0441704C-1789-4294-8DA5-7C85D54EDB3E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041A-1000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2010
"{90140000-001F-041B-1000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-041D-1000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
"{90140000-001F-041D-1000-0000000FF1CE}_Office14.PROOFKIT_{735E1B03-44E8-4D55-A553-EA9E32C96F7C}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041E-1000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2010
"{90140000-001F-041E-1000-0000000FF1CE}_Office14.PROOFKIT_{7D416F8F-9947-4E55-8D7B-846AF2AEABF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041F-1000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2010
"{90140000-001F-0420-1000-0000000FF1CE}" = Microsoft Office Proof (Urdu) 2010
"{90140000-001F-0420-1000-0000000FF1CE}_Office14.PROOFKIT_{B2AFAB7A-A952-4837-9AD7-6B4108D27CF1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0422-1000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2010
"{90140000-001F-0422-1000-0000000FF1CE}_Office14.PROOFKIT_{532AA5EF-AB2A-47E5-A704-A1D1428EAE1E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0424-1000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2010
"{90140000-001F-0425-1000-0000000FF1CE}" = Microsoft Office Proof (Estonian) 2010
"{90140000-001F-0426-1000-0000000FF1CE}" = Microsoft Office Proof (Latvian) 2010
"{90140000-001F-0427-1000-0000000FF1CE}" = Microsoft Office Proof (Lithuanian) 2010
"{90140000-001F-042D-1000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-042D-1000-0000000FF1CE}_Office14.PROOFKIT_{8587396B-3211-46B3-948A-0F3E9A907EBF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0439-1000-0000000FF1CE}" = Microsoft Office Proof (Hindi) 2010
"{90140000-001F-0439-1000-0000000FF1CE}_Office14.PROOFKIT_{A27DF557-678E-423F-962B-1C6BD8BC1B69}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-043F-1000-0000000FF1CE}" = Microsoft Office Proof (Kazakh) 2010
"{90140000-001F-0446-1000-0000000FF1CE}" = Microsoft Office Proof (Punjabi) 2010
"{90140000-001F-0446-1000-0000000FF1CE}_Office14.PROOFKIT_{56AB87B5-E702-401D-BE5A-CD6202DEBBDB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0447-1000-0000000FF1CE}" = Microsoft Office Proof (Gujarati) 2010
"{90140000-001F-0447-1000-0000000FF1CE}_Office14.PROOFKIT_{C880F737-9A8F-4BB7-8563-E5A6174EC9ED}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0449-1000-0000000FF1CE}" = Microsoft Office Proof (Tamil) 2010
"{90140000-001F-0449-1000-0000000FF1CE}_Office14.PROOFKIT_{C7CAE5B7-4E2A-4359-A6B4-0EAA06D0045D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044A-1000-0000000FF1CE}" = Microsoft Office Proof (Telugu) 2010
"{90140000-001F-044A-1000-0000000FF1CE}_Office14.PROOFKIT_{B5C43936-DC5B-4219-9BE4-5E382C0669B1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044B-1000-0000000FF1CE}" = Microsoft Office Proof (Kannada) 2010
"{90140000-001F-044B-1000-0000000FF1CE}_Office14.PROOFKIT_{2F0C6FD8-33F0-4FDC-B5D1-F96DBF5B98D5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044E-1000-0000000FF1CE}" = Microsoft Office Proof (Marathi) 2010
"{90140000-001F-044E-1000-0000000FF1CE}_Office14.PROOFKIT_{71127C8A-07A4-4D6A-951E-81DDBBF5EFB7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0456-1000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0456-1000-0000000FF1CE}_Office14.PROOFKIT_{C025C688-A985-4FF1-ADA3-3E060DBCD169}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0804-1000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2010
"{90140000-001F-0804-1000-0000000FF1CE}_Office14.PROOFKIT_{C7406AA8-F3E9-480F-897C-BC091D4BEFC6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0814-1000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010
"{90140000-001F-0816-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2010
"{90140000-001F-081A-1000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROOFKIT_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-0028-0404-0000-0000000FF1CE}_Office14.PROOFKIT_{C4E91DEE-9B52-4852-8047-B92758C300C8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-0028-0404-1000-0000000FF1CE}_Office14.PROOFKIT_{C70130CF-FE87-4114-97A8-F4B8A8AEA697}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{90140000-0028-0411-0000-0000000FF1CE}_Office14.PROOFKIT_{9A03E9A6-055C-4B4C-986D-5E225E5B0BFE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0411-1000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{90140000-0028-0411-1000-0000000FF1CE}_Office14.PROOFKIT_{CC22FB74-F6DA-4B88-B483-9E33720F2BB9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2010
"{90140000-0028-0412-0000-0000000FF1CE}_Office14.PROOFKIT_{EFB3E92A-AACB-4134-A9B2-F2DD229BA7FF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0412-1000-0000000FF1CE}" = Microsoft Office IME (Korean) 2010
"{90140000-0028-0412-1000-0000000FF1CE}_Office14.PROOFKIT_{BB4794CD-AEB0-47EC-A02C-F2695CB42AFE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010
"{90140000-0028-0804-0000-0000000FF1CE}_Office14.PROOFKIT_{A1025A74-A97A-4FC5-89CF-7D4AECC18ED0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0028-0804-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010
"{90140000-0028-0804-1000-0000000FF1CE}_Office14.PROOFKIT_{FC2AF002-AC6B-4B45-8361-4ACC44E9818E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-004A-0409-1000-0000000FF1CE}" = Microsoft Office ProofMUI (English) 2010
"{90140000-004A-0409-1000-0000000FF1CE}_Office14.PROOFKIT_{7CD7F049-A4F8-4A34-825E-A79A0B539438}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
"{90140000-004B-0000-1000-0000000FF1CE}" = Microsoft Office Proofing Kit 2010
"{90140000-004B-0000-1000-0000000FF1CE}_Office14.PROOFKIT_{BDC40483-62A4-4AEF-B031-1EFFCE45F92C}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90899269-554B-4672-9F8D-4A2A0D0AF5B5}" = Intel® Network Connections 16.5.2.0
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}" = AMD Catalyst Install Manager
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CA534E04-D3D5-45CE-8693-B87A6DD548BC}" = DaVinci Resolve
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{EF393943-0CCE-9CD9-6181-96DF4E4428EF}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Autodesk 3ds Max 2012 64-bit - English" = Autodesk 3ds Max 2012 64-bit - English
"Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
"AVG" = AVG 2012
"C-Media Oxygen HD Audio Driver" = UNi Xonar Audio Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Neat Video for After Effects_is1" = Neat Video v3.1.0 Demo plug-in for After Effects (64-bit)
"Neat Video for Sony Vegas_is1" = Neat Video v2.6 Pro plug-in for Sony Vegas (64-bit)
"Office14.PROOFKIT" = Microsoft Office Proofing Tools Kit Compilation 2010
"PortraitProfessionalStudio64v10_is1" = Portrait Professional Studio 64 v10.0
"PostgreSQL 9.0" = PostgreSQL 9.0
"PROSetDX" = Intel® Network Connections 16.5.2.0
"V-Ray for 3dsmax 2012 for x64" = V-Ray for 3dsmax 2012 for x64
"WinRAR archiver" = WinRAR 4.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
"{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
"{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F96456B-96E1-E14D-D1AE-386E8DCF53EF}" = Prezi Desktop
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
"{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
"{44D94F3A-D38C-48DF-AEF7-4CD8B078F30F}" = Blue Cat's FreqAnalyst VST 2.01
"{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{52A73A2E-2478-45E5-A390-8C0A6F525678}" = SolidWorks eDrawings 2011 SP0
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5F590D74-AA75-410F-A778-3CDFCE12DCD4}" = SolidWorks Explorer 2011 SP0
"{606A0AC5-5F90-4379-81AE-11B44707E094}" = Adobe After Effects CS5.5 Third Party Content
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0401-0000-0000000FF1CE}_Office14.PROOFKIT_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0402-0000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2010
"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0403-0000-0000000FF1CE}_Office14.PROOFKIT_{F030E098-C2CC-4056-971E-4D3AB0F55517}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2010
"{90140000-001F-0404-0000-0000000FF1CE}_Office14.PROOFKIT_{B87E50FB-B8F9-4B81-8D63-F5A3C5A330B3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0406-0000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2010
"{90140000-001F-0406-0000-0000000FF1CE}_Office14.PROOFKIT_{59BCA417-5095-450B-931A-AE6194728386}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROOFKIT_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROOFKIT_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040B-0000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2010
"{90140000-001F-040B-0000-0000000FF1CE}_Office14.PROOFKIT_{0EF937D0-95B1-42E3-9643-9D49E4323DF9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-040D-0000-0000000FF1CE}_Office14.PROOFKIT_{16C5AEEC-D632-4FAA-BFDC-BBF36F473E09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROOFKIT_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2010
"{90140000-001F-0411-0000-0000000FF1CE}_Office14.PROOFKIT_{9FB78D03-3A34-4A57-B65D-0D7F32C1B603}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0412-0000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2010
"{90140000-001F-0412-0000-0000000FF1CE}_Office14.PROOFKIT_{92B4E762-6E97-4B27-AD3F-DE304D57CCC1}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROOFKIT_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010
"{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0415-0000-0000000FF1CE}_Office14.PROOFKIT_{1D751709-BA6C-49E2-844B-4F4F20F410C9}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-0000-0000000FF1CE}_Office14.PROOFKIT_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0418-0000-0000000FF1CE}" = Microsoft Office Proof (Romanian) 2010
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0419-0000-0000000FF1CE}_Office14.PROOFKIT_{DD6E7CDF-BDFF-43CF-8CCE-84FBEC5ABB77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041A-0000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-041D-0000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
"{90140000-001F-041D-0000-0000000FF1CE}_Office14.PROOFKIT_{D00E944F-5ECB-42FF-B58E-8FDCF2219DE8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041E-0000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2010
"{90140000-001F-041E-0000-0000000FF1CE}_Office14.PROOFKIT_{A6E7F499-EF2F-41BE-B74D-AEE04EC065B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-041F-0000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2010
"{90140000-001F-0420-0000-0000000FF1CE}" = Microsoft Office Proof (Urdu) 2010
"{90140000-001F-0420-0000-0000000FF1CE}_Office14.PROOFKIT_{C6145631-4180-455C-930C-B003F513FC8D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0422-0000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2010
"{90140000-001F-0422-0000-0000000FF1CE}_Office14.PROOFKIT_{C8998656-7C0A-417B-A5AC-5ABF2E34DDD7}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0424-0000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2010
"{90140000-001F-0425-0000-0000000FF1CE}" = Microsoft Office Proof (Estonian) 2010
"{90140000-001F-0426-0000-0000000FF1CE}" = Microsoft Office Proof (Latvian) 2010
"{90140000-001F-0427-0000-0000000FF1CE}" = Microsoft Office Proof (Lithuanian) 2010
"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-042D-0000-0000000FF1CE}_Office14.PROOFKIT_{C6E07E58-897F-4686-A498-764B9D404F09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0439-0000-0000000FF1CE}" = Microsoft Office Proof (Hindi) 2010
"{90140000-001F-0439-0000-0000000FF1CE}_Office14.PROOFKIT_{83525C9D-003C-4B32-9B03-0ED4D21A3E6F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-043F-0000-0000000FF1CE}" = Microsoft Office Proof (Kazakh) 2010
"{90140000-001F-0446-0000-0000000FF1CE}" = Microsoft Office Proof (Punjabi) 2010
"{90140000-001F-0446-0000-0000000FF1CE}_Office14.PROOFKIT_{A3543719-9180-4465-9A46-7452A413CD6A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0447-0000-0000000FF1CE}" = Microsoft Office Proof (Gujarati) 2010
"{90140000-001F-0447-0000-0000000FF1CE}_Office14.PROOFKIT_{5E44BC48-F996-4AD3-AA33-345E2F83D753}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0449-0000-0000000FF1CE}" = Microsoft Office Proof (Tamil) 2010
"{90140000-001F-0449-0000-0000000FF1CE}_Office14.PROOFKIT_{9B0C53A1-64B2-4FEC-9043-0850F6ECDE04}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044A-0000-0000000FF1CE}" = Microsoft Office Proof (Telugu) 2010
"{90140000-001F-044A-0000-0000000FF1CE}_Office14.PROOFKIT_{98DEF7A2-EB26-4C27-B4EB-06AB4E3BF95E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044B-0000-0000000FF1CE}" = Microsoft Office Proof (Kannada) 2010
"{90140000-001F-044B-0000-0000000FF1CE}_Office14.PROOFKIT_{45B439F9-F6BD-4DE6-852A-0F5D21742B72}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-044E-0000-0000000FF1CE}" = Microsoft Office Proof (Marathi) 2010
"{90140000-001F-044E-0000-0000000FF1CE}_Office14.PROOFKIT_{52C4A160-60CE-4134-89F5-A3C40AACB2AE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0456-0000-0000000FF1CE}_Office14.PROOFKIT_{6CA060C9-FAFB-4A51-B533-A6AEE1A325BE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2010
"{90140000-001F-0804-0000-0000000FF1CE}_Office14.PROOFKIT_{A620ACD4-585E-40D3-80B9-FD31766D1E2A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010
"{90140000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2010
"{90140000-001F-081A-0000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-004A-0409-0000-0000000FF1CE}" = Microsoft Office ProofMUI (English) 2010
"{90140000-004A-0409-0000-0000000FF1CE}_Office14.PROOFKIT_{995800C5-D90E-4107-8BF7-7AA4DC8C383D}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
"{90140000-004B-0000-0000-0000000FF1CE}" = Microsoft Office Proofing Kit 2010
"{90140000-004B-0000-0000-0000000FF1CE}_Office14.PROOFKIT_{253A3CD5-168D-4E9B-B346-6D14220BBE7F}" = Microsoft Office 2010 Proofing Tools Kit Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
"{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
"{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
"{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = Catalyst Control Center
"{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0D3BFE5-5215-41BD-B82E-81D7FB6A9166}" = SolidWorks 2011 SP0
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
"{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Aangifte inkomstenbelasting 2011" = Aangifte inkomstenbelasting 2011
"Aangifte inkomstenbelasting voor ondernemers 2011" = Aangifte inkomstenbelasting voor ondernemers 2011
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Autodesk 3ds Max 2012 64-bit - English SP2" = Autodesk 3ds Max 2012 64-bit - English SP2
"Bejeweled 31.0" = Bejeweled 3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"com.prezi.PreziDesktop" = Prezi Desktop
"CycoreFX HD-64 1.7.1 for After Effects" = CycoreFX HD-64 1.7.1 for After Effects
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Shrink_is1" = DVD Shrink 3.2
"Fairy Treasure 1.00" = Fairy Treasure 1.00
"FileZilla Client" = FileZilla Client 3.5.3
"foobar2000" = foobar2000 v1.1.11
"Fraps" = Fraps (remove only)
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"GTA IV - Ultimate Vehicle Pack" = GTA IV - Ultimate Vehicle Pack v8.0.0.0
"InstallShield_{2B092722-5855-466F-B7A5-8C5E64C64C77}" = Magic Bullet Suite 64-bit
"InstallShield_{50F2B6AA-775D-4A3C-A785-EE4F51C2D4B6}" = Keying Suite 64-bit
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8844595D-7554-49D2-90C4-3771532B7B1A}" = Trapcode Suite 64-bit
"Jewel Quest III" = Jewel Quest III
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox 15.0 (x86 nl)" = Mozilla Firefox 15.0 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neat Video for After Effects_is1" = Neat Video v2.21 Demo plug-in for After Effects
"Neat Video for VirtualDub_is1" = Neat Video v2.0 Demo plug-in for Virtual Dub
"Need For Speed.Shift 2 Unleashed_is1" = Need For Speed.Shift 2 Unleashed
"Notepad++" = Notepad++
"Office14.PROOFKIT" = Microsoft Office Proofing Tools Kit Compilation 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PhotomatixPro4.0x32_is1" = Photomatix Pro version 4.0.2
"Plus500" = Plus500
"Portrait Professional Studio 9_is1" = Portrait Professional Studio 9.0
"SABnzbd" = SABnzbd 0.6.15
"SolidWorks Installation Manager 20110-40000-1100-200" = SolidWorks 2011 SP0
"The Rise of Atlantis 1.00" = The Rise of Atlantis 1.00
"Tyre_is1" = Tyre
"uTorrent" = µTorrent
"Vector Magic" = Vector Magic
"WebNoti" = Paiq Web Notifier (verwijderen)
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinX DVD Ripper_is1" = WinX DVD Ripper 5.5.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4-9-2012 4:15:20 | Computer Name = DynastyEvolved | Source = Winlogon | ID = 4103
Description = Het activeren van de licentie van Windows is mislukt. Fout 0x80070005.

Error - 4-9-2012 4:17:00 | Computer Name = DynastyEvolved | Source = WinMgmt | ID = 10
Description =

Error - 4-9-2012 6:03:59 | Computer Name = DynastyEvolved | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: FlashPlayerPlugin_11_3_300_271.exe,
versie: 11.3.300.271, tijdstempel: 0x5026ffac Naam van module met fout: NPSWF32_11_3_300_271.dll,
versie: 11.3.300.271, tijdstempel: 0x502701bf Uitzonderingscode: 0xc0000005 Foutoffset:
0x0066ea8c Id van proces met fout: 0xc2c Starttijd van toepassing met fout: 0x01cd8a80f37d6db0
Pad
naar toepassing met fout: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
Pad
naar module met fout: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
Rapport-id:
d7ddbce7-f677-11e1-962c-c8600069083a

Error - 4-9-2012 7:02:02 | Computer Name = DynastyEvolved | Source = SideBySide | ID = 16842785
Description = Kan activeringscontext voor 'C:\Program Files\Autodesk\Composite 2012\python\lib\distutils\command\wininst-8_d.exe'
niet maken. Kan afhankelijke assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
niet vinden. Gebruik sxstrace.exe voor een gedetailleerde diagnose.

Error - 5-9-2012 4:53:45 | Computer Name = DynastyEvolved | Source = Winlogon | ID = 4103
Description = Het activeren van de licentie van Windows is mislukt. Fout 0x80070005.

Error - 5-9-2012 4:55:23 | Computer Name = DynastyEvolved | Source = WinMgmt | ID = 10
Description =

Error - 5-9-2012 5:04:15 | Computer Name = DynastyEvolved | Source = Winlogon | ID = 4103
Description = Het activeren van de licentie van Windows is mislukt. Fout 0x80070005.

Error - 5-9-2012 5:05:56 | Computer Name = DynastyEvolved | Source = WinMgmt | ID = 10
Description =

Error - 5-9-2012 5:09:00 | Computer Name = DynastyEvolved | Source = Winlogon | ID = 4103
Description = Het activeren van de licentie van Windows is mislukt. Fout 0x80070005.

Error - 5-9-2012 5:10:40 | Computer Name = DynastyEvolved | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5-9-2012 5:02:10 | Computer Name = DynastyEvolved | Source = Service Control Manager | ID = 7030
Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
toegestaan. Deze service werkt mogelijk niet juist.

Error - 5-9-2012 5:03:40 | Computer Name = DynastyEvolved | Source = Service Control Manager | ID = 7030
Description = De PEVSystemStart-service staat aangeduid als een interactieve service.
Het systeem is echter zodanig geconfigureerd dat interactieve services niet zijn
toegestaan. Deze service werkt mogelijk niet juist.

Error - 5-9-2012 5:04:00 | Computer Name = DynastyEvolved | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS kan niet worden geladen
vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software
om een compatibele versie van het stuurprogramma.

Error - 5-9-2012 5:04:02 | Computer Name = DynastyEvolved | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS kan niet worden geladen
vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software
om een compatibele versie van het stuurprogramma.

Error - 5-9-2012 5:04:04 | Computer Name = DynastyEvolved | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS kan niet worden geladen
vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software
om een compatibele versie van het stuurprogramma.

Error - 5-9-2012 5:04:11 | Computer Name = DynastyEvolved | Source = Service Control Manager | ID = 7023
Description = De Windows Defender-service is gestopt met de volgende foutcode: %%126.

Error - 5-9-2012 5:08:07 | Computer Name = DynastyEvolved | Source = Service Control Manager | ID = 7034
Description = De ASUS Com Service-service is onverwacht beëindigd. Dit is nu 1 keer
gebeurd.

Error - 5-9-2012 5:08:44 | Computer Name = DynastyEvolved | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS kan niet worden geladen
vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software
om een compatibele versie van het stuurprogramma.

Error - 5-9-2012 5:08:46 | Computer Name = DynastyEvolved | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS kan niet worden geladen
vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software
om een compatibele versie van het stuurprogramma.

Error - 5-9-2012 5:08:48 | Computer Name = DynastyEvolved | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS kan niet worden geladen
vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software
om een compatibele versie van het stuurprogramma.


< End of report >
  • 0

#8
RKinner
Posted 05 September 2012 - 06:50 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Combofix did what ti was supposed to and is no longer complaining about the user32.dll file. I'm not sure what you webnoti is but Prevx says it's adware so let's get rid of it.


Copy the text in the code box by highlighting and Ctrl + c 


:OTL
O4 - HKCU..\Run: [WebNoti] D:\Users\Joke en Jasper\AppData\Roaming\WebNoti\WebNoti.exe ()

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all, close your browsers and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, it should not need to reboot.

The dutch is not a problem. I can sort of puzzle it out if I need to - I took a night school course in it once and I'm fluent in German and there is always Google Translate.

If you still have the problem then try ESET:
Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).

I am going off island today on the early ferry. Won't be back until late so no more replies until then.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP