Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hotmails keeps sending out spam reply messages [Solved]


  • This topic is locked This topic is locked

#1
doddeltje

doddeltje

    Member

  • Member
  • PipPip
  • 11 posts
since a few weeks, my hotmail account keeps sending out spam messages as a reply to any email I get

I have used several malware scanners, and changed my password a few times. It's still happening though.

Anyone wanting to help me through the process of getting rid of this? Would be highly appreciated!
  • 0

Advertisements


#2
doddeltje

doddeltje

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 26/02/2013 11:39:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

5,95 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 47,93% Memory free
11,90 Gb Paging File | 8,25 Gb Available in Paging File | 69,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,44 Gb Total Space | 171,88 Gb Free Space | 57,21% Space Free | Partition Type: NTFS
Drive D: | 23,45 Gb Total Space | 2,45 Gb Free Space | 10,46% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,22% Space Free | Partition Type: FAT32
Drive G: | 3,74 Gb Total Space | 1,85 Gb Free Space | 49,47% Space Free | Partition Type: FAT32
Drive M: | 9,76 Gb Total Space | 9,67 Gb Free Space | 99,06% Space Free | Partition Type: NTFS
Drive N: | 48,83 Gb Total Space | 48,65 Gb Free Space | 99,64% Space Free | Partition Type: NTFS
Drive P: | 136,72 Gb Total Space | 102,46 Gb Free Space | 74,94% Space Free | Partition Type: NTFS
Drive T: | 175,27 Gb Total Space | 169,56 Gb Free Space | 96,74% Space Free | Partition Type: NTFS

Computer Name: xxxxxxx | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/26 11:39:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Downloads\OTL.exe
PRC - [2013/02/11 13:27:31 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/02/11 13:26:52 | 001,808,240 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
PRC - [2013/01/29 22:32:58 | 001,078,624 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/01/29 22:23:06 | 011,802,464 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
PRC - [2013/01/29 22:23:06 | 000,395,616 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
PRC - [2013/01/20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/10/16 10:58:10 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012/10/15 21:27:56 | 000,108,544 | ---- | M] (VideoLAN) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
PRC - [2012/10/01 15:09:24 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/09 01:48:02 | 000,213,504 | ---- | M] (Iomega Corp) -- C:\Program Files (x86)\Iomega Storage Manager\pCloudd.exe
PRC - [2012/09/09 01:46:36 | 002,306,424 | ---- | M] (EMC) -- C:\Program Files (x86)\Iomega Storage Manager\IomegaStorageManager.exe
PRC - [2012/08/21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/04/26 11:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
PRC - [2011/06/28 10:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/06/15 02:19:42 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/06/13 15:47:12 | 000,336,440 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/05/31 08:18:04 | 001,342,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2011/05/21 15:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/05/06 08:06:46 | 000,263,496 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/05/06 08:06:28 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/05/06 08:06:02 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/04/30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/04/20 16:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2011/04/20 16:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2011/04/08 11:01:16 | 000,586,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/04/08 11:01:16 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/02/24 09:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/02/22 21:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/22 21:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/08/23 09:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010/03/08 23:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 19:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2009/05/05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2006/10/22 22:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/11 13:27:30 | 003,023,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/02/11 13:26:51 | 014,586,736 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/10/16 19:30:42 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
MOD - [2012/10/16 17:49:32 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/10/16 17:49:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/10/16 17:49:12 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/10/16 17:48:54 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/10/16 17:48:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/10/16 17:48:47 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/10/16 17:48:41 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/10/16 17:48:37 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/10/16 11:29:17 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012/10/15 21:28:38 | 002,286,592 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
MOD - [2012/10/15 21:28:38 | 000,044,032 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
MOD - [2012/10/15 21:28:36 | 011,998,208 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
MOD - [2012/10/15 21:28:30 | 000,386,560 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
MOD - [2012/10/15 21:28:30 | 000,185,856 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
MOD - [2012/10/15 21:28:30 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
MOD - [2012/10/15 21:28:30 | 000,049,664 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2012/10/15 21:28:30 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
MOD - [2012/10/15 21:28:30 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
MOD - [2012/10/15 21:28:28 | 000,037,376 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
MOD - [2012/10/15 21:28:26 | 001,719,296 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
MOD - [2012/10/15 21:28:26 | 001,318,912 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
MOD - [2012/10/15 21:28:26 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
MOD - [2012/10/15 21:28:24 | 000,372,224 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
MOD - [2012/10/15 21:28:24 | 000,265,216 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
MOD - [2012/10/15 21:28:20 | 000,154,624 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
MOD - [2012/10/15 21:28:20 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
MOD - [2012/10/15 21:28:20 | 000,051,200 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
MOD - [2012/10/15 21:28:20 | 000,037,376 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
MOD - [2012/10/15 21:28:18 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
MOD - [2012/10/15 21:28:18 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll
MOD - [2012/10/15 21:28:14 | 001,544,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
MOD - [2012/10/15 21:28:14 | 001,518,080 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
MOD - [2012/10/15 21:28:14 | 000,310,784 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
MOD - [2012/10/15 21:28:14 | 000,182,272 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
MOD - [2012/10/15 21:28:14 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
MOD - [2012/10/15 21:28:14 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
MOD - [2012/10/15 21:28:14 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
MOD - [2012/10/15 21:28:14 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
MOD - [2012/10/15 21:28:14 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
MOD - [2012/10/15 21:28:14 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
MOD - [2012/10/15 21:28:14 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll
MOD - [2012/10/15 21:28:14 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
MOD - [2012/10/15 21:28:14 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
MOD - [2012/10/15 21:28:14 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
MOD - [2012/10/15 21:28:08 | 001,238,016 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
MOD - [2012/10/15 21:28:08 | 000,037,376 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll
MOD - [2012/10/15 21:28:04 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll
MOD - [2012/10/15 21:28:04 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
MOD - [2012/10/15 21:28:02 | 000,258,560 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
MOD - [2012/10/15 21:28:02 | 000,219,648 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
MOD - [2012/10/15 21:28:02 | 000,157,696 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
MOD - [2012/10/15 21:28:00 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
MOD - [2012/10/15 21:28:00 | 000,092,160 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
MOD - [2012/10/15 21:28:00 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
MOD - [2012/10/15 21:28:00 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
MOD - [2012/10/15 21:28:00 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
MOD - [2012/10/15 21:28:00 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
MOD - [2012/10/15 21:27:58 | 000,724,992 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll
MOD - [2012/10/15 21:27:58 | 000,440,320 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll
MOD - [2012/10/15 21:27:58 | 000,198,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
MOD - [2012/10/15 21:27:58 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
MOD - [2012/10/15 21:27:58 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
MOD - [2012/10/15 21:27:56 | 000,111,616 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
MOD - [2012/10/15 21:27:56 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll
MOD - [2012/09/09 01:48:04 | 006,302,208 | ---- | M] () -- C:\Program Files (x86)\Iomega Storage Manager\wxmsw28u_vc_custom.dll
MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012/08/29 06:50:42 | 021,009,920 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libcef.dll
MOD - [2012/08/29 06:50:28 | 000,133,134 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
MOD - [2012/08/29 06:50:26 | 000,189,454 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll
MOD - [2012/08/29 06:50:24 | 000,983,054 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
MOD - [2012/04/21 09:34:34 | 000,876,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2012/03/06 23:46:58 | 000,603,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswOtl.dll
MOD - [2011/08/02 23:15:44 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_nl_b77a5c561934e089\System.resources.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 00:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/11/21 04:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/11/13 01:34:15 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/04/26 11:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Running] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV:64bit: - [2011/05/27 20:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/05/27 20:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/05/08 11:25:40 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/11 01:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/02/11 13:27:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/11 13:26:52 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/16 10:58:10 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/09/23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/09 01:48:02 | 000,213,504 | ---- | M] (Iomega Corp) [Auto | Running] -- C:\Program Files (x86)\Iomega Storage Manager\pCloudd.exe -- (PCloudd)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/15 02:19:42 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/06/15 02:18:06 | 000,097,952 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/05/21 15:52:16 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/05/06 08:06:46 | 000,263,496 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/04/30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/04/08 11:01:16 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/03/08 01:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/24 09:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/02/22 21:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/22 21:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/09 01:46:40 | 000,020,048 | ---- | M] (Iomega Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vNICdrv.sys -- (vNICdrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 10:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/26 14:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 20:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/08/02 23:31:36 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/08/02 23:31:36 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/15 02:18:32 | 000,496,800 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/06/15 02:18:32 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/06/15 02:18:30 | 000,167,072 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/06/15 02:18:30 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/06/15 02:18:30 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/06/15 02:18:30 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/06/15 02:18:28 | 000,330,400 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/06/15 02:18:28 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/05/27 20:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 20:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/27 20:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/05/08 11:58:06 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/08 10:50:14 | 000,301,568 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/04/26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/22 05:17:10 | 002,727,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/04/15 20:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/03/25 01:20:36 | 000,337,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/03/23 19:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/02/22 12:54:22 | 000,351,864 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 10:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 18:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/04/09 12:17:04 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010/04/09 12:16:58 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{EF07105E-70FF-4C05-92F6-A2C03B577BC0}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{EF07105E-70FF-4C05-92F6-A2C03B577BC0}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{EF07105E-70FF-4C05-92F6-A2C03B577BC0}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.1
FF - prefs.js..extensions.enabledAddons: belgiumeid%40eid.belgium.be:1.0.18
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..network.proxy.http: "88.159.183.161"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/16 09:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Mozilla Firefox\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/11 13:27:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/11 13:27:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/21 09:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
[2013/02/14 10:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\d026bp54.default\extensions
[2013/01/15 19:26:42 | 000,020,959 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\d026bp54.default\extensions\[email protected]
[2012/10/22 22:53:04 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\d026bp54.default\extensions\[email protected]
[2013/01/15 19:20:33 | 000,223,719 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\d026bp54.default\extensions\[email protected]
[2013/02/14 10:31:35 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\d026bp54.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/12 19:34:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/12 19:34:21 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/02/11 13:27:31 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/22 12:53:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/12/05 18:32:19 | 000,002,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/12/05 18:32:19 | 000,004,771 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/12/05 18:32:19 | 000,001,262 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\npwebsitelogon.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google Zoeken = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Website Logon = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\
CHR - Extension: avast! WebRep = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Gmail = C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup File not found
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nieuwe notitie - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8:64bit: - Extra context menu item: Toevoegen aan Evernote 4 - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nieuwe notitie - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Toevoegen aan Evernote 4 - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.133 195.130.130.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{044569C3-1468-4744-B20C-A472DE59F4CB}: DhcpNameServer = 195.130.131.133 195.130.130.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8064545-3265-45DC-873F-DB06FCD19856}: DhcpNameServer = 217.72.230.129 217.72.230.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/26 11:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/02/26 11:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2013/02/26 09:19:52 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{1807990C-596C-4A9F-80B5-2F108EDFBA4A}
[2013/02/25 21:19:51 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{91CE78C1-DFBE-4D67-89FA-26D9FB6A06D1}
[2013/02/25 09:19:49 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{21F1FD0B-A7EC-459C-B68F-A3F7F3581235}
[2013/02/24 16:44:39 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{1C63D89B-8525-4DC3-9E0C-BC5FE6558364}
[2013/02/24 04:04:56 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{41DDE826-2F36-48DB-98DB-A44EBF08FD83}
[2013/02/23 11:55:20 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{BBDEF1EC-8B32-4670-9163-852F1555FAE1}
[2013/02/22 20:03:08 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{B3BD7E04-3299-4A1D-B988-F0D19813A029}
[2013/02/22 08:02:53 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{DB2EC81F-69E2-4891-94A4-0B96E1558D61}
[2013/02/21 20:02:39 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{8BFAD9BC-D31D-443A-A156-60F638C6FA5D}
[2013/02/21 08:02:36 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{E473A777-D603-4F32-B94D-A3BD1E603891}
[2013/02/20 19:45:57 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{12951F9E-A2C2-4F09-B14A-38222A9A6FE1}
[2013/02/20 15:15:46 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{E4CA6D5E-42F3-4E30-BD7D-0AC56D0F097F}
[2013/02/19 20:10:48 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{55B4420B-381E-4498-B87E-B78F93517379}
[2013/02/19 07:49:22 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{FCBBE34B-569C-4620-8BB6-FAD07A057269}
[2013/02/19 00:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost VPN
[2013/02/19 00:13:41 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2013/02/19 00:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost VPN
[2013/02/18 15:15:01 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{7B0A65A1-09AE-4477-8B93-E61E329FA382}
[2013/02/18 15:15:01 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{1D8359CC-0078-4888-9976-1B9D4E683702}
[2013/02/18 03:05:56 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{F1723A74-5417-4DA2-BA31-01F115A47518}
[2013/02/18 01:30:40 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{782014AF-F8C5-4D0F-BFBB-382CCA7E5B35}
[2013/02/17 09:57:52 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{8DF34BA0-1940-4582-AC7A-54089079536F}
[2013/02/16 21:40:22 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{D68E7BC9-A897-4DD0-AB20-A68AD932E3BE}
[2013/02/16 09:40:16 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{BEB1F860-029B-487C-83E3-F62B64866A07}
[2013/02/15 21:05:56 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{98665D85-1EE6-41C0-89E2-4537A04CDB48}
[2013/02/15 09:08:52 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\octavio
[2013/02/15 09:05:51 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{AAC3A7C6-6AFA-4835-AAB2-1111D21FF22A}
[2013/02/14 10:29:43 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{32F60A67-F6B4-4135-A206-C690161BFA96}
[2013/02/13 21:06:19 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{525F36B8-041F-4417-9B8B-AAE63ECB382C}
[2013/02/13 09:06:13 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{CEB0CEE1-9C2B-4382-8BFF-CF0140F38101}
[2013/02/12 22:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/12 22:03:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/02/12 22:03:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/02/12 20:54:55 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{A130DCD4-907A-4932-9965-6187021712A0}
[2013/02/12 08:52:12 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{70152CD3-D4C4-4235-9D5E-AC5A9CBC8963}
[2013/02/11 20:52:08 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{06D17E12-D238-4274-A1EE-571AC7728D71}
[2013/02/11 08:35:34 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{F39C9CEC-097E-4FE6-8BC9-BAC3DF14D2AF}
[2013/02/10 19:45:24 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{18948BB6-1520-42C0-A949-B37A6534B4D5}
[2013/02/10 07:45:17 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{D0DD27E0-E40E-4A7A-9F6B-CC6C5328DB07}
[2013/02/09 10:00:25 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{4C288E8E-DD06-4ABC-9E4B-A456A7F48531}
[2013/02/08 21:18:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{C9E12773-1233-45CA-952F-60D327CA7E91}
[2013/02/08 09:18:20 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{3E5EFEEB-13C4-4225-A216-F4DDE7AD2446}
[2013/02/07 21:18:07 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{3B6B95C5-C831-45AD-8720-E0DE6EE216F6}
[2013/02/07 09:17:50 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{99E9ED52-FF3B-4130-8E1F-5ADD4C98096F}
[2013/02/06 19:38:40 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{FF04B990-C126-4598-8657-95B0F5D86286}
[2013/02/05 20:50:26 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{26569B4F-32CA-48E6-8342-CBADA64FC605}
[2013/02/05 11:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Senter
[2013/02/05 11:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Senter
[2013/02/05 08:50:23 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{831F6E17-A8E7-4ED0-98CD-F4EE3049239A}
[2013/02/04 09:34:11 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{7AC31296-F9F6-46E1-88DF-E199C50F5855}
[2013/02/03 21:33:58 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{903F4649-5932-4851-BBB0-A464F6192674}
[2013/02/03 09:33:53 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{FA07216E-BBBD-490C-8BF7-4E021D87AE89}
[2013/02/02 21:22:06 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{ABB13679-1B57-4CF4-B398-BA1F5BA9AE50}
[2013/02/02 09:22:06 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{51C745EC-AB7F-47C5-BB95-A18A722ED65D}
[2013/02/01 08:48:14 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{37CFEEAC-7046-4E66-889E-32761393753D}
[2013/01/31 12:24:05 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{DD19DCDC-67E4-4B9A-A920-B01B649CA5AC}
[2013/01/31 00:24:00 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{B8323CD9-A992-48B8-9F1F-F7F9321FFFAA}
[2013/01/30 09:11:47 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{8697D6B3-3E00-4C5B-80CF-030C4BAF865B}
[2013/01/29 21:11:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{ABEC0F5C-2489-42DC-9CC3-D739842B0285}
[2013/01/29 09:11:20 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{1FC04E38-1A0D-48F6-99A8-B96D17ECF112}
[2013/01/28 21:11:06 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{2A4A038B-4D8D-4A14-8A5D-82D24D16EA21}
[2013/01/28 09:11:03 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\{CA091D88-4D63-4557-8E29-30A2B7DD5E35}
[2013/01/27 13:04:17 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\tijdelijk

========== Files - Modified Within 30 Days ==========

[2013/02/26 11:43:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/26 11:42:37 | 000,001,075 | ---- | M] () -- C:\Users\Thomas\Desktop\SpywareBlaster.lnk
[2013/02/26 11:02:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/26 09:15:36 | 001,663,048 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/26 09:15:36 | 000,743,342 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013/02/26 09:15:36 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/26 09:15:36 | 000,152,426 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013/02/26 09:15:36 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/26 09:11:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/26 08:43:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/25 12:00:01 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\SyncBack XXXXXXX Thomas backup.job
[2013/02/25 11:14:20 | 000,000,336 | ---- | M] () -- C:\Windows\BRCALIB.INI
[2013/02/25 10:02:12 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\SyncBack XXXXXXXX dropbox backup.job
[2013/02/24 09:29:10 | 000,047,389 | ---- | M] () -- C:\Users\Thomas\Desktop\2883542.jpg
[2013/02/23 17:28:27 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/23 17:28:27 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/21 19:28:21 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForThomas.job
[2013/02/19 00:13:43 | 000,000,888 | ---- | M] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\CyberGhost VPN.lnk
[2013/02/19 00:13:43 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk
[2013/02/18 18:00:18 | 000,236,490 | ---- | M] () -- C:\Users\Thomas\Desktop\huur auto.xps
[2013/02/18 14:55:34 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys

========== Files Created - No Company Name ==========

[2013/02/26 11:42:37 | 000,001,075 | ---- | C] () -- C:\Users\Thomas\Desktop\SpywareBlaster.lnk
[2013/02/24 09:29:08 | 000,047,389 | ---- | C] () -- C:\Users\Thomas\Desktop\2883542.jpg
[2013/02/19 00:13:43 | 000,000,888 | ---- | C] () -- C:\Users\Thomas\Application Data\Microsoft\Internet Explorer\Quick Launch\CyberGhost VPN.lnk
[2013/02/19 00:13:43 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk
[2013/02/18 18:00:17 | 000,236,490 | ---- | C] () -- C:\Users\Thomas\Desktop\huur auto.xps
[2012/10/25 13:25:16 | 000,000,260 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/10/25 13:25:16 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/10/25 13:24:58 | 000,000,336 | ---- | C] () -- C:\Windows\BRCALIB.INI
[2012/10/25 13:23:30 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/10/25 13:23:30 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/10/25 13:23:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/10/25 13:23:13 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/10/16 11:41:56 | 001,640,480 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/07 20:01:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/07 19:51:40 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/06/28 11:18:42 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\belpicppgui.dll
[2011/05/13 16:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/04/15 20:05:50 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/04/15 20:05:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/15 20:05:48 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/15 19:59:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/04/15 19:33:40 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/28 23:05:28 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Canon
[2012/10/25 13:29:28 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ControlCenter4
[2013/02/25 16:05:33 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Dropbox
[2012/10/25 13:06:28 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Nuance
[2013/02/17 13:41:50 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\uTorrent
[2012/10/16 13:35:25 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

Edited by doddeltje, 26 February 2013 - 04:51 AM.

  • 0

#3
doddeltje

doddeltje

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL Extras logfile created on: 26/02/2013 11:39:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

5,95 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 47,93% Memory free
11,90 Gb Paging File | 8,25 Gb Available in Paging File | 69,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 300,44 Gb Total Space | 171,88 Gb Free Space | 57,21% Space Free | Partition Type: NTFS
Drive D: | 23,45 Gb Total Space | 2,45 Gb Free Space | 10,46% Space Free | Partition Type: NTFS
Drive E: | 3,96 Gb Total Space | 1,08 Gb Free Space | 27,22% Space Free | Partition Type: FAT32
Drive G: | 3,74 Gb Total Space | 1,85 Gb Free Space | 49,47% Space Free | Partition Type: FAT32
Drive M: | 9,76 Gb Total Space | 9,67 Gb Free Space | 99,06% Space Free | Partition Type: NTFS
Drive N: | 48,83 Gb Total Space | 48,65 Gb Free Space | 99,64% Space Free | Partition Type: NTFS
Drive P: | 136,72 Gb Total Space | 102,46 Gb Free Space | 74,94% Space Free | Partition Type: NTFS
Drive T: | 175,27 Gb Total Space | 169,56 Gb Free Space | 96,74% Space Free | Partition Type: NTFS

Computer Name: XXXXXX | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = internetshortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"AntivirusOverride" = 0
"UacDisableNotify" = 0
"AntiSpywareDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02693E68-B25E-49FA-8E11-5D88CEBF6FFF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{082A31B1-FB46-46F8-961C-DB69AB809643}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2632C502-6FF1-4D75-BAB6-8D748D307D4F}" = rport=137 | protocol=17 | dir=out | app=system |
"{30DB0C24-16A1-42A9-AC3F-782B4182FF78}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{3D79B4B2-4937-43DC-BBAE-EB7FBA570AA7}" = rport=445 | protocol=6 | dir=out | app=system |
"{3FA701EF-4AA5-4696-9A81-111B0E108BF7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{41FED36B-1CD4-40D0-9946-46FA4E439150}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A771F50-CAC2-4674-8879-F6DBF3456FAF}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{7009E232-629D-4D86-8629-0DCCD4EAA268}" = lport=137 | protocol=17 | dir=in | app=system |
"{7D07FAA9-88E8-4A9F-8B58-96F6037809AF}" = rport=139 | protocol=6 | dir=out | app=system |
"{7DE6D78B-436C-4F01-AFC1-C5EDC38D9DC0}" = lport=139 | protocol=6 | dir=in | app=system |
"{81DB781F-BFC2-4C96-9E2A-99F9F7077665}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{84741152-F2C9-4D68-8524-2483E5F16AD5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{90E650B6-2955-46D5-860B-FC027D4E0AC8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{96219697-AED5-4770-AAD1-2E9086FC693B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{999702B8-ADA5-4DF1-84F4-C04B4B5EF16F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B34C88A0-94C0-49DC-9603-4E93380532AE}" = lport=138 | protocol=17 | dir=in | app=system |
"{BC31A66F-8FD9-4903-9372-D0F24E47E6C0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C6C18BBD-BD8E-44E2-B661-FDE2437EED0C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C79F6484-8C12-4778-B352-E2BB00358061}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA3DCAC4-4FF4-4001-8DB7-FB8490CB9A74}" = rport=138 | protocol=17 | dir=out | app=system |
"{D43E34C0-4017-42DB-8CDF-DA214FFFA7DA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D98F468C-CD78-4570-BEFB-6C5D475E0641}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DA512E55-D6AD-4728-B410-489E8255AA3C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E7EDA110-728A-4D35-A957-516398965FEA}" = lport=445 | protocol=6 | dir=in | app=system |
"{EA18CB13-7E68-4874-B7F8-0E88F771323F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F7602B50-C333-482C-8C7B-3E33B009BC33}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F05B66E-A4CD-4E81-8137-D6CF8340C6ED}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1A30268C-B91D-4C2F-802D-68E4A4F96AA7}" = protocol=6 | dir=out | app=system |
"{385322CD-A44F-4ACC-8A97-7C672937A0F0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3FB59BE8-A7A9-48E1-A07F-95778A410F10}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45FB56B5-4960-480F-A0EF-577DF3BF6949}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4A583172-8A5C-4E18-9C74-DA6D3433FC14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5174C903-BE49-4438-9DE2-FC5ED3F86AD6}" = protocol=1 | dir=out | [email protected],-28544 |
"{646CFD9E-A41A-4AB3-B018-A58AFD79405D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D5DCF29-B15F-4297-A505-E4C6A8705317}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{71A98B68-C9CB-4A9F-8EB2-C54A35BC0785}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{791FAA8F-0763-4C6E-9DDF-3A7515C723FA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{83A593C8-F441-4C13-8F22-F2DF9B434723}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{90AFA2EF-3D41-49D8-ACEF-CFBCC35096A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94684B96-3C4B-4A02-9189-B10566225899}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{962163F7-E61A-4B33-8DD2-17B77DBF9224}" = protocol=1 | dir=in | [email protected],-28543 |
"{9C04B58A-F5A9-462B-B114-BC9B7E5D9CB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1857493-6560-4016-A489-7F0079FA1B8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1BA8A76-F727-4BF7-8726-5173103E0B1E}" = protocol=58 | dir=out | [email protected],-28546 |
"{A327EF9D-6951-49F0-A490-3A404ABEF18E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A394A915-DBF3-4F8B-AE7F-3C6B5EA3ABAA}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl10e\faxrx.exe |
"{A478BF48-E55E-4A07-8B8E-B8565FCE0F85}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl10e\faxrx.exe |
"{AB40B4FF-819C-4194-8F2D-FC34F07C1D63}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B2D6220C-0E24-4713-BA62-92914A9B55AA}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{C0ED8985-8A2B-41C7-90EC-8883B664E5EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C39960C1-534A-417C-92C4-1ACF1B958560}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{CBBD0A79-6DEC-48FC-B3AF-BE5E58CD105C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CCEA9791-88DC-47C2-A879-E4D1D61E3CEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D33724C7-18B5-4D68-BD81-8C860CD3FDCD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D3A3C4D3-EF1B-42F2-8970-D409FDBD6552}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D7EF4344-2007-4EAC-8DC4-31DCE89D3585}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8549B58-764A-4880-8CD6-F339F722FC05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1BD4276-287C-49FC-995D-D45E42483D5B}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"{FBDE4188-48AC-4533-8683-341928A87659}" = protocol=58 | dir=in | [email protected],-28545 |
"TCP Query User{41893A81-03A1-4D8B-860D-D1F95CCF0971}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{59B27C70-B48D-419B-99D1-04F0C40CE07F}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{5B07A5AD-4A0D-4CDD-AFC0-48FDD69236A4}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{B98F0EDE-1B69-4A11-B18C-1E1FA2AFE79C}C:\program files (x86)\iomega storage manager\iomegastoragemanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega storage manager\iomegastoragemanager.exe |
"TCP Query User{CF35ED6C-737A-41C6-9EFC-6F14B35E5D66}C:\program files (x86)\iomega storage manager\iomegastoragemanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega storage manager\iomegastoragemanager.exe |
"TCP Query User{DFA577AB-67DC-4ECD-8AF3-40E8846DCC28}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{000C7A6A-91F4-4422-884D-DB67E0B61EFA}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{11D85A06-058B-4C86-9E5B-2856C27A0C87}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{21EB9282-01A0-4AEA-8942-31CA8F5B382C}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{63D2B466-A47A-4C3B-844C-414A1A5C4B2A}C:\program files (x86)\iomega storage manager\iomegastoragemanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega storage manager\iomegastoragemanager.exe |
"UDP Query User{63FC154B-94FA-49B7-A62A-4E63A78F6A65}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{A021517D-4457-475D-B418-F5A49F6CADC7}C:\program files (x86)\iomega storage manager\iomegastoragemanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega storage manager\iomegastoragemanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F1190CB-24CC-29DC-3C85-CD8CFDDE045F}" = ccc-utility64
"{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{824563DE-75AD-4166-9DC0-B6482F207251}" = Belgium e-ID middleware 4.0.4 (build 7251)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}" = HP Launch Box
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B066BF95-890E-A532-A58F-D13E0805DC04}" = ATI Catalyst Install Manager
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3FE3642036A0F4AEC17772437CE14BB1E67006AA" = Stuurprogrammapakket voor Windows - Fedict SmartCard (10/04/2011 4.0.0.5)
"CyberGhost VPN_is1" = CyberGhost VPN
"Iomega Storage Manager" = Iomega Storage Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03A3841B-038A-ADE1-A06A-158EAFF68A9E}" = Catalyst Control Center Profiles Mobile
"{04A92BE5-E791-E374-01CB-B88CBFC1E8D1}" = PX Profile Update
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09D4979D-0EFE-4227-A070-56633D274896}_is1" = WBSO-RDA Aanvraag 2013-1
"{09D5AC17-7B7A-D201-7CA6-3F16D99828FB}" = CCC Help Hungarian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C262D84-FFA4-4621-8ED7-41F8287369F5}" = Google Apps Migration For Microsoft Outlook® 2.3.12.34
"{0C4C413A-9751-48BE-78DC-80248F8B306F}" = CCC Help Japanese
"{0D8B3696-E52D-4291-B833-9F6AEB1CC4AB}" = HP CoolSense
"{0F68E4AE-E8BA-1E4F-0CCA-B8678477A5CC}" = Catalyst Control Center
"{13FE3480-9E41-48C0-930F-BFC0767CC340}" = Google SketchUp 8
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CFC5FB4-2ACB-870F-043A-638919624D4E}" = CCC Help English
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24507E82-750C-3658-7C50-D5B7A1E27CCC}" = CCC Help Russian
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{26AD42DE-B8B7-4169-9421-F73322FA3687}" = HP Software Framework
"{28448C64-6562-6D8C-2F76-8DF399956955}" = Catalyst Control Center Localization All
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2942CAF8-0934-96C2-5FC0-2ED331D0530A}" = CCC Help Italian
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2F2CA8CC-814B-67C1-CF19-A8A1A2A503C5}" = CCC Help Korean
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{31CEFF4E-B6D1-46A5-9169-7C67570E7FFA}" = HP SimplePass 2011
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33F88EFD-5661-7FA7-C638-FD6496A0BF2E}" = CCC Help Swedish
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D66D542-7F6F-43E6-9B91-501E8D01F4F4}" = SlimCleaner
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{510446D7-2344-B59F-4CA5-66F5381D09FC}" = CCC Help Polish
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FBB960-1893-0F86-8EC1-DD0527D3ABCA}" = CCC Help Turkish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7F969F54-1D7F-5DA1-A9E2-59FC0A5F0FE0}" = Catalyst Control Center Graphics Previews Common
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84BD11C9-3AC8-4845-AFB3-39A551618820}" = HP Documentation
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{909DC555-322F-8A35-2550-6FC2E2EDFA23}" = CCC Help Finnish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{949D6B51-10E8-4CD4-A81E-064E38240415}" = Catalyst Control Center - Branding
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95E5798A-9827-92AD-5201-1E9B25819886}" = CCC Help Chinese Traditional
"{979742CC-2CBB-49D8-9BEE-C2F7875F5393}" = Brother MFL-Pro Suite MFC-9465CDN
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9CDE574D-5471-24A1-07DC-0B0F06810E11}" = CCC Help Thai
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAA79CA2-D65D-966B-48C2-D6C16433482C}" = Catalyst Control Center InstallProxy
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABEF00D0-FCAE-4E47-8D4E-D4AE5FD72B15}" = HP Quick Launch
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1043-7B44-AB0000000001}" = Adobe Reader XI - Nederlands
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B479B52B-4DE8-23FC-93CA-186D600F4A52}" = CCC Help Norwegian
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel® Identity Protection Technology 1.1.2.0
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1A2F65D-720B-82A0-10F6-4FEE797880BB}" = CCC Help German
"{C1BF14DC-3A45-8E0B-41C6-30E6D30F9968}" = CCC Help Chinese Standard
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7861B58-149A-4546-AD1D-798865EF36CF}" = CCC Help Portuguese
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBA9A6BF-1837-F0A4-79B6-15936EDC68AA}" = CCC Help Spanish
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FFFA5E-FEA5-073B-C371-3B3628D9A453}" = CCC Help French
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7670221-BF9B-4DFF-B26B-5BE55A87329F}" = HP On Screen Display
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DCA963D4-6AA2-11E2-80AA-984BE15F174E}" = Evernote v. 4.6.2
"{DD75B28A-94C3-97C2-C389-EA6BF1C809B7}" = CCC Help Danish
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFB2B20-5D76-335C-2C24-CEF3791B30B8}" = CCC Help Dutch
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7160D4F-B709-DFE4-9BF2-BB1C38598CF9}" = CCC Help Greek
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F70B153C-55D6-550A-7F50-6E09D99B1D7A}" = CCC Help Czech
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F92679BF-CA1F-4DD3-8269-A40A9AD873B1}" = Google Apps Sync™ for Microsoft Outlook® 3.2.353.947
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"Iomega Storage Manager" = Iomega Storage Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.65.1.1000
"Mozilla Firefox 18.0.2 (x86 nl)" = Mozilla Firefox 18.0.2 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Oboe Fingerings_is1" = Oboe Fingerings 1.0 (freeware)
"Office14.SingleImage" = Microsoft Office Professional 2010
"PremElem90" = Adobe Premiere Elements 9
"Quantum GIS Lisboa" = Quantum GIS Lisboa 1.8.0 Lisboa
"SpywareBlaster_is1" = SpywareBlaster 4.6
"SyncBack_is1" = SyncBack
"uTorrent" = µTorrent
"VIP Access SDK" = VIP Access SDK (1.0.1.2)
"VLC media player" = VLC media player 2.0.4
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-034ba50a-a60a-48f2-a593-5b7107c8eb71" = Cake Mania
"WTA-045bae71-73f7-4f8c-9aac-fbc1143af860" = Plants vs. Zombies - Game of the Year
"WTA-1c868f5d-f742-40aa-a511-2e5b31167354" = Vacation Quest - The Hawaiian Islands
"WTA-33679dcb-bd9c-4332-8d03-eae63ed07f04" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-35df7b85-3e1f-4448-9532-6115cfdb2bfd" = Slingo Deluxe
"WTA-47254147-a2c9-4c70-b490-b8cdd159d52c" = Virtual Villagers - The Secret City
"WTA-4f9ab165-55b0-4e50-b3c4-8a26ebabc161" = Governor of Poker 2 Premium Edition
"WTA-51317147-c054-40fe-a2f4-741387cd8457" = Farm Frenzy
"WTA-62d35da4-64d0-423b-967c-aaaac20459bb" = Blasterball 3
"WTA-6fc0ac32-8959-4557-9a92-e44430f4977d" = Penguins!
"WTA-704be864-7b0c-494c-90be-4be85a8bb819" = Jewel Quest Solitaire
"WTA-7125bac1-f902-4f22-bf83-732c4d355704" = Mah Jong Medley
"WTA-71a4396f-6481-4182-92e7-487e5ce9c31a" = Zuma Deluxe
"WTA-7e799aa0-7aa1-4e9c-a67d-ccd414e9c2da" = Chuzzle Deluxe
"WTA-8ca96114-c40c-4ee3-9da5-3ab9256f1152" = Bejeweled 3
"WTA-9364f1b8-17d2-46f5-9403-4df651cb85be" = Cradle of Rome 2
"WTA-b4ee6c98-dd60-4abd-9016-935bbed3e6a9" = Bounce Symphony
"WTA-bd7a0404-c602-41d8-a5fb-1d9ef2768c86" = Polar Bowler
"WTA-c442bc8a-055c-49fc-b61e-c3dc25f62043" = Agatha Christie - Peril at End House
"WTA-ccb31123-4e5b-4eac-aa3a-8bc8fbcb13ab" = Chronicles of Albian
"WTA-d505a7b7-d3ac-4293-83d7-4df7e75cc160" = FATE
"WTA-d9956a78-929a-4415-9045-a39429c7e6a8" = Mystery of Mortlake Mansion
"WTA-fda18da0-e7ff-4bd7-bf11-b01aa6b3dbb7" = Namco All-Stars: PAC-MAN

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/02/2013 17:10:48 | Computer Name = XXXXXX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014

Error - 3/02/2013 17:10:48 | Computer Name = xxxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014

Error - 3/02/2013 17:10:49 | Computer Name = xxxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/02/2013 17:10:49 | Computer Name = xxxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2075

Error - 3/02/2013 17:10:49 | Computer Name = xxxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2075

Error - 4/02/2013 6:17:34 | Computer Name = xxxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/02/2013 6:17:34 | Computer Name = xxxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1061

Error - 4/02/2013 6:17:34 | Computer Name = xxxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1061

Error - 4/02/2013 6:17:35 | Computer Name = xxxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/02/2013 6:17:35 | Computer Name = xxxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2075

Error - 4/02/2013 6:17:35 | Computer Name = xxxxxxx | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2075

[ Hewlett-Packard Events ]
Error - 16/10/2012 4:32:10 | Computer Name = xxxxxxx | Source = HPSF.exe | ID = 4000
Description =

[ System Events ]
Error - 7/12/2012 12:34:53 | Computer Name = xxxxxxx | Source = Service Control Manager | ID = 7024
Description = De Windows Search-service is gestopt met de specifieke servicefout
%%-1073473535.

Error - 7/12/2012 12:43:11 | Computer Name = xxxxxxx | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 5:38:36 op ?7/?12/?2012 is
onverwacht gebeurd.

Error - 7/12/2012 12:43:10 | Computer Name = xxxxxxx | Source = Service Control Manager | ID = 7022
Description = De WRSVC-service is bij het starten vastgelopen.

Error - 7/12/2012 12:43:12 | Computer Name = xxxxxxx | Source = Service Control Manager | ID = 7026
Description = De volgende opstartstuurprogramma's zijn niet geladen: aswSnx aswSP
aswTdi
discache
spldr
Wanarpv6

Error - 7/12/2012 12:43:20 | Computer Name = xxxxxxx | Source = DCOM | ID = 10005
Description =

Error - 7/12/2012 12:43:25 | Computer Name = xxxxxxx | Source = DCOM | ID = 10005
Description =

Error - 7/12/2012 12:43:27 | Computer Name = xxxxxxx | Source = DCOM | ID = 10005
Description =

Error - 7/12/2012 12:43:27 | Computer Name = xxxxxxx | Source = DCOM | ID = 10005
Description =

Error - 7/12/2012 12:43:31 | Computer Name = xxxxxxx | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN-uitbreidingsmodule kan niet worden gestart. Pad naar module: C:\Windows\system32\athihvs.dll
Foutcode:
21

Error - 7/12/2012 12:43:49 | Computer Name = xxxxxxx | Source = DCOM | ID = 10005
Description =


< End of report >
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello doddeltje,

Welcome to Geekstogo.

my hotmail account keeps sending out spam messages as a reply to any email I get


We will check for malware on your machine but you should know that spam from a hotmail account will originate for there not usually your computer, further, you probably know that malware can be made to appear to be coming from your email address even though it doesn't.

Having said that I see what looks like some adware on your machine so that may be bringing malware with it and indirectly be a factor. Also you have a whole lot of policies set to allow viewing. That is not the default position so I am setting them to default in the OTL fix below. If you have set them that way for some reason remove them from the fix or tell me before you proceed so that I can.

I have used several malware scanners, and changed my password a few times. It's still happening though.


It would be wise to change your passwords again after we finish and not just for your hotmail account but any accounts and forums you access on the net.

Now

Before we start please disable your security programs including firewalls as they may interfere with the tools we will be using.

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
Next

Please download AdwCleaner from here to your desktop
  • Click on the green downward facing arrow on the right to commence download.
  • Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this.

On reboot a log will be produced please post that back here.

So when you return please post
  • OTL fix log
  • AdwCleaner.txt

  • 0

#5
doddeltje

doddeltje

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks a lot for your help!

here is the first log:

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewOnDrive deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisableLocalMachineRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisableLocalMachineRunOnce deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisableCurrentUserRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisableCurrentUserRunOnce deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewContextMenu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoShellSearchButton deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideClock deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoTrayContextMenu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoTrayItemsDisplay deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetFolders deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDevMgrUpdate deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoClose deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetTaskbar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDeletePrinter deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDFSTab deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeStartMenu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLogoff deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\StartMenuLogoff deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoEncryptOnMove deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRunasInstallPrompt deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoHardwareTab deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuSubFolders deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewOnDrive deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisableLocalMachineRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisableLocalMachineRunOnce deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisableCurrentUserRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisableCurrentUserRunOnce deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewContextMenu deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoShellSearchButton deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFile deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideClock deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoTrayContextMenu deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoTrayItemsDisplay deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetFolders deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDevMgrUpdate deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoClose deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetTaskbar deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDeletePrinter deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDFSTab deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoChangeStartMenu deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLogoff deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\StartMenuLogoff deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoEncryptOnMove deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRunasInstallPrompt deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoHardwareTab deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuSubFolders deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP-configuratie
De DNS-omzettingscache is leeggemaakt.
C:\Users\Thomas\Downloads\cmd.bat deleted successfully.
C:\Users\Thomas\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User

User: Public

User: Thomas
->Temp folder emptied: 741787324 bytes
->Temporary Internet Files folder emptied: 376454118 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 451238326 bytes
->Google Chrome cache emptied: 355489355 bytes
->Flash cache emptied: 96820 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25678501111 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 92679 bytes
RecycleBin emptied: 9357689536 bytes

Total Files Cleaned = 35.249,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03032013_105056

Files\Folders moved on Reboot...
C:\Users\Thomas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#6
doddeltje

doddeltje

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
and the second log:

# AdwCleaner v2.113 - Verslag gemaakt op 03/03/2013 om 11:02:42
# Geactualiseerd op 23/02/2013 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : Thomas - xxxxx
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Thomas\Downloads\adwcleaner.exe
# Optie [Verwijderen]


***** [Diensten] *****


***** [Files / Mappen] *****

Map Verwijdert : C:\ProgramData\InstallMate

***** [Register] *****

Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v19.0 (nl)

File : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\d026bp54.default\prefs.js

Verwijdert : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,isreaditlater%40ideashower[...]

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[S1].txt - [1170 octets] - [03/03/2013 11:02:42]

########## EOF - C:\AdwCleaner[S1].txt - [1230 octets] ##########

Edited by doddeltje, 03 March 2013 - 04:07 AM.

  • 0

#7
doddeltje

doddeltje

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
did all the above, changed my password, and sent an email from another account to my hotmail account

within seconds I got this reply:

http://radiosonfm.co...e.n.php?SID=496

so problem still exists...
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello doddeltje,

did all the above, changed my password, and sent an email from another account to my hotmail account

within seconds I got this reply:

http://radiosonfm.co...e.n.php?SID=496

so problem still exists...


Refer to the statement at my last post. Likely the spam is originating from hotmail.

It's possible someone hacked you machine so that is why we are cleaning it but it's also possible that hotmail was hacked or your e-mail address was obtained from someone elses computer.

Also see the note in that post that passwords should be changed after we have finished cleaning your machine.

Now


Please download zoek.exe and save it to your desktop.

  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  • Double click on zoek.exe to run.
  • Please wait while the tool starts. It will take a some seconds to come up.
  • Copy the text below and paste it into the large window in the zoek tool:

firefoxlook;
chromelook;
emptyclsid;

  • Next click Options button below the large panel and check the boxes:

    Silent Runners
    IE Defaults
  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.
Note: It will also create a log in the C:\ directory named "zoek-results.log"
  • 0

#9
doddeltje

doddeltje

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Zoek.exe Version 4.0.0.2 Updated 02-March-2013
Tool run by Thomas on zo 03/03/2013 at 22:20:43,86.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Firefox Extensions ======================

ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\d026bp54.default
- Belgium eID - %ProfilePath%\extensions\[email protected]
- DivX Web Player - %ProfilePath%\extensions\[email protected]
- Pocket - %ProfilePath%\extensions\[email protected]
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- TrueSuite Website Logon - %AppDir%\extensions\[email protected]
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\d026bp54.default
E64819B6014A93E2503BB52419A0F6F3 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll - Shockwave Flash
7D35CB60201CED2F01AE06F1816231E2 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.100.18
6846D2CA7E1D5937AEE3F99BB7F5464B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll - Shockwave for Director / Shockwave for Director
855B79451ECF62602F20EB4D5C71F99B - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hdhihajbmafmgilcciomnamcjfkdhikl - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[14/04/2011 09:21]
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[21/08/2012 10:10]

YouTube - Thomas - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - Thomas - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Thomas - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Thomas - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Website Logon - Thomas - Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl
avast WebRep - Thomas - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Gmail - Thomas - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bing.com?pc=HPNTDF"
"Default_Page_URL"="http://www.bing.com?pc=HPNTDF"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.bing.com?pc=HPNTDF"
"Start Page"="http://www.bing.com?pc=HPNTDF"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.bing.com?pc=HPNTDF"
"Start Page"="http://www.bing.com?pc=HPNTDF"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft..../?LinkId=69157"
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
"Start Page"="http://go.microsoft..../?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
"Start Page"="http://go.microsoft..../?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/...c=IE-SearchBox"
{b7fca997-d0fb-4fe0-8afd-255e89cf9671} Yahoo Url="http://uk.search.yah...sg&type=HPNTDF"
{d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia Url="http://en.wikipedia....={searchTerms}"
{EF07105E-70FF-4C05-92F6-A2C03B577BC0} Amazon (UK) Search Suggestions Url="http://www.amazon.co...={searchTerms}"

==== Silent Runners ======================

"Silent Runners.vbs", revision 69, http://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
ISUSPM = C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [Acresso Corporation]
msnmsgr = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [MS]
Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [Skype Technologies S.A.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation]
AtherosBtStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [Atheros Communications]
AthBtTray = "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [Atheros Commnucations]
SysTrayApp = C:\Program Files\IDT\WDM\sttray64.exe
Apoint = C:\Program Files\Apoint2K\Apoint.exe [Alps Electric Co., Ltd.]
SetDefault = C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [Hewlett-Packard Development Company, L.P.]
AdobeAAMUpdater-1.0 = "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [Adobe Systems Incorporated]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.]
(Default) = (empty string) [file not found]
HPQuickWebProxy = "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [Hewlett-Packard Company]
HP Quick Launch = C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [Hewlett-Packard Development Company, L.P.]
HPOSD = C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [Hewlett-Packard Development Company, L.P.]
HP CoolSense = C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey [Hewlett-Packard Development Company, L.P.]
avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [AVAST Software]
Acrobat Assistant 8.0 = "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [Adobe Systems Inc.]
IndexSearch = "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe" [Nuance Communications, Inc.]
PaperPort PTD = "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe" [Nuance Communications, Inc.]
PPort12reminder = "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" [Nuance Communications, Inc.]
PDFHook = C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [Nuance Communications, Inc.]
PDF5 Registry Controller = C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [Nuance Communications, Inc.]
ControlCenter4 = C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [Brother Industries, Ltd.]
BrStsMon00 = C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [Brother Industries, Ltd.]
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
IJNetworkScanUtility = C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [CANON INC.]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Sun Microsystems, Inc.]
beid = "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\(Default) = (no title provided)
-> {HKLM.CLSID} = avast! WebRep
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [AVAST Software]

{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}\(Default) = TSBHO Class
-> {HKLM.CLSID} = TrueSuite Website Log On
\InProcServer32\(Default) = C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [HP]
-> {HKLM.Wow.CLSID} = TrueSuite Website Log On
\InProcServer32\(Default) = C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [HP]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM.CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
-> {HKLM.Wow.CLSID} = Aanmeldhulp voor Windows Live ID
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM.CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
-> {HKLM.Wow.CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM.Wow.CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{551A852F-39A6-44A7-9C13-AFBEC9185A9D}\(Default) = (no title provided)
-> {HKLM.Wow.CLSID} = PlusIEEventHelper Class
\InProcServer32\(Default) = C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [Zeon Corporation]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM.Wow.CLSID} = Java™ Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]

{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}\(Default) = TSBHO Class
-> {HKLM.CLSID} = TrueSuite Website Log On
\InProcServer32\(Default) = C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [HP]
-> {HKLM.Wow.CLSID} = TrueSuite Website Log On
\InProcServer32\(Default) = C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [HP]

{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}\(Default) = IESpeakDoc
-> {HKLM.Wow.CLSID} = CIESpeechBHO Class
\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [Atheros Commnucations]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided)
-> {HKLM.Wow.CLSID} = avast! WebRep
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM.CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
-> {HKLM.Wow.CLSID} = Aanmeldhulp voor Windows Live ID
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\(Default) = (no title provided)
-> {HKLM.Wow.CLSID} = Evernote extension
\InProcServer32\(Default) = C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [Evernote Corp., 305 Walnut Street, Redwood City, CA 94063]

{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM.Wow.CLSID} = Adobe PDF Conversion Toolbar Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe Systems Incorporated]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM.CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
-> {HKLM.Wow.CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM.Wow.CLSID} = Java™ Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM.CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]

DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU.Wow.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU.Wow.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU.Wow.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension
-> {HKLM.CLSID} = DisplayCplExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.]

{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
-> {HKLM.CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

{B8952421-0E55-400B-94A6-FA858FC0A39F} = Atheros BT Extension
-> {HKLM.CLSID} = AppShellPage Class
\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [Atheros Commnucations]

{C865E0A2-40BF-4ca7-B3F3-162290A67572} = BtContextMenu
-> {HKLM.CLSID} = ContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtContextMenu.dll [Atheros Commnucations]

{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} = FTShellContext extension
-> {HKLM.CLSID} = FTShellContext Class
\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [Atheros Commnucations]

{F1F6F656-EE9E-40d2-AF5A-A747105228DC} = HP RPGuard
-> {HKLM.CLSID} = HP RPGuard
\InProcServer32\(Default) = c:\system.sav\util\hprpguard.dll [Hewlett-Packard (HP)]

{472083B0-C522-11CF-8763-00608CC02F24} = avast
-> {HKLM.CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM.CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM.CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM.CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM.CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM.CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
-> {HKLM.CLSID} = Enterprise Projects
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
-> {HKLM.CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
-> {HKLM.CLSID} = iTunes
\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

{4F07DA46-8170-4859-9B5F-037EF2970034} = Online Armor diagnostics file
-> {HKLM.CLSID} = Online Armor diagnostics file
\InProcServer32\(Default) = C:\Program Files (x86)\Online Armor\OAevent64.dll [file not found]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM.Wow.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM.Wow.CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM.Wow.CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM.Wow.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{472083B0-C522-11CF-8763-00608CC02F24} = avast
-> {HKLM.Wow.CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = Adobe.Acrobat.ContextMenu
-> {HKLM.Wow.CLSID} = Acrobat Elements Context Menu
\InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM.Wow.CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM.Wow.CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM.Wow.CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler
-> {HKLM.Wow.CLSID} = Microsoft Outlook
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
-> {HKLM.Wow.CLSID} = Outlook File Icon Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\
<<!>> ("msapsspc.dll" [file not found], "schannel.dll" [MS], "digest.dll" [file not found], "msnsspc.dll" [file not found]) SecurityProviders = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
-> {HKLM.CLSID} = Microsoft Office InfoPath XML Mime Filter
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]

HKCU\Software\Classes\*\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]
-> {HKCU.Wow.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
-> {HKLM.Wow.CLSID} = Acrobat Elements Context Menu
\InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.]

Atheros\(Default) = {B8952421-0E55-400B-94A6-FA858FC0A39F}
-> {HKLM.CLSID} = AppShellPage Class
\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [Atheros Commnucations]

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM.CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
-> {HKLM.Wow.CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

SlimShellExt\(Default) = {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF}
-> {HKLM.CLSID} = SlimShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [Slimware Utilities, Inc.]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM.CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
-> {HKLM.Wow.CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

FTShellContext\(Default) = {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1}
-> {HKLM.CLSID} = FTShellContext Class
\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [Atheros Commnucations]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM.CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

SlimShellExt\(Default) = {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF}
-> {HKLM.CLSID} = SlimShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [Slimware Utilities, Inc.]

HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]
-> {HKCU.Wow.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

SlimShellExt\(Default) = {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF}
-> {HKLM.CLSID} = SlimShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [Slimware Utilities, Inc.]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Ath_CopyHook\(Default) = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}
-> {HKLM.CLSID} = Ath_CopyHook
\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\AthCopyHook.dll [Atheros Commnucations]

HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\

DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll [Dropbox, Inc.]
-> {HKCU.Wow.CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll [Dropbox, Inc.]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
-> {HKLM.CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
-> {HKLM.CLSID} = GraphicsShellExt Class
\InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM.Wow.CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
-> {HKLM.Wow.CLSID} = Acrobat Elements Context Menu
\InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.]

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM.CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
-> {HKLM.Wow.CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM.CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]


Default executables:
--------------------

.exe
HKCU\Software\Classes\.exe\(Default) = exefile
HKCU\Software\Classes\exefile\shell\open\command\(Default) = "%1" %*


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\

NoAddingComponents = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoComponents = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoDeletingComponents = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Desktop|Desktop|
Prohibit deleting items}

NoEditingComponents = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Desktop|Desktop|
Prohibit editing items}

NoHTMLWallpaper = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoChangingWallpaper = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Disable changing wallpaper}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoFolderOptions = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Removes the Folder Options menu item from the Tools menu}

NoRun = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Remove Run menu from Start Menu}

ForceActiveDesktopOn = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Enable Active Desktop}

NoActiveDesktopChanges = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Prohibit changes [and freeze position of desktop icons]}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoFolderOptions = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoRun = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoActiveDesktopChanges = (REG_DWORD) dword:0x00000000
{not in GPedit.msc under Computer Configuration|
Prevent enabling or disabling Active Desktop or changing its configuration}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

DisableCMD = (REG_DWORD) dword:0x00000000
{unrecognized setting}

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

DisableTaskMgr = (REG_DWORD) dword:0x00000000
{unrecognized setting}

NoDispSettingsPage = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Hide Settings tab}

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\

donotallowxpsp2 = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

DisableCMD = (REG_DWORD) dword:0x00000000
{unrecognized setting}

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}

DisableTaskMgr = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Bureaubladachtergrond.bmp


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

AdobePhotoshopElements9ShowPicturesOnArrival\
Provider = Adobe Elements Organizer 9.0
InvokeProgID = PhotoshopElements.Application.9
InvokeVerb = launch
HKLM\SOFTWARE\Classes\PhotoshopElements.Application.9\shell\launch\command\(Default) = "C:\Program Files (x86)\Adobe\Elements 9 Organizer\PseProxy.exe" -v "%1" [Adobe Systems Incorporated]

AdobePremiereElements9.0CameraArrival\
Provider = Adobe Premiere Elements
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "C:\Program Files (x86)\Adobe\Adobe Premiere Elements 9\Adobe Premiere Elements.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM.CLSID} = Shell Execute Hardware Event Handler
\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

CanonMPNEX31PictureOnArrival\
Provider = MP Navigator EX Ver3.1
InvokeProgID = MPNavigatorEX31.AutoplayHandler
InvokeVerb = open
HKLM\SOFTWARE\Classes\MPNavigatorEX31.AutoplayHandler\shell\open\command\(Default) = C:\Program Files (x86)\Canon\MP Navigator EX 3.1\mpnex31.exe /AUTOPLAY %1 [CANON INC.]

iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM.CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

PaperPort11AutoPlay\
Provider = PaperPort 12
InvokeProgID = PaperPort.AutoplayHandler
InvokeVerb = open
HKLM\SOFTWARE\Classes\PaperPort.AutoplayHandler\shell\open\command\(Default) = C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe /folder %L [Nuance Communications, Inc.]

VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN]

VLCPlayDVDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN]

VLCPlayMusicFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

VLCPlaySVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.SVCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.VCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]

VLCPlayVideoFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]

WIA_{15EC955B-8386-4AD0-830A-D9D318E62509}\
Provider = ControlCenter4
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /StiDevice:%1 /StiEvent:%2;
-> {HKLM.CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{83CE1D49-F12E-4171-BE25-6AE2FE675F72}\
Provider = PaperPort
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe /StillImage /StiDevice:%1 /StiEvent:%2;
-> {HKLM.CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

WIA_{F4226D6E-C414-496E-8F0B-4DF099CB780F}\
Provider = MP Navigator EX Ver3.1
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\Canon\MP Navigator EX 3.1\mpnex31.exe /StiDevice:%1 /StiEvent:%2;
-> {HKLM.CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]


Startup items in "Thomas" & "All Users" startup folders:
--------------------------------------------------------

C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++}
Dropbox -> shortcut to: C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [Dropbox, Inc.]
EvernoteClipper -> shortcut to: C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe [Evernote Corp., 305 Walnut Street, Redwood City, CA 94063]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++}
Adobe Acrobat Speed Launcher -> shortcut to: C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [null data]
Adobe Acrobat Synchronizer -> shortcut to: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [Adobe Systems Incorporated]
Iomega Storage Manager -> shortcut to: C:\Program Files (x86)\Iomega Storage Manager\IomegaStorageManager.exe -s [EMC]


Windows Sidebar Gadgets: {++}
------------------------

C:\Users\Thomas\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CaswSidebar.gadget"


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
avast! Emergency Update -> (HIDDEN!) launches: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [AVAST Software]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
HPCeeScheduleForThomas -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForThomas (null) [null data]
MirageAgent -> (HIDDEN!) launches: C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [CyberLink]
Registration -> launches: "C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe" Registration ShowMessageTask2D [null data]
SyncBack xxxxx dropbox backup -> launches: C:\Program Files (x86)\2BrightSparks\SyncBack\SyncBack.exe -m "xxxxx dropbox backup" [2BrightSparks]
SyncBack xxxxx Thomas backup -> launches: C:\Program Files (x86)\2BrightSparks\SyncBack\SyncBack.exe -m "xxxxx Thomas backup" [2BrightSparks]
User_Feed_Synchronization-{553084C2-FEB1-4731-BBDE-780546BCC86E} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]
User_Feed_Synchronization-{7D60E71F-9576-456D-9960-72FAC07E2415} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]
{3BDBA80A-5657-4384-BA59-2AFF797F3BE6} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Thomas\Downloads\setup-1.3.4.28700.exe -d c:\progra~2\micros~1\office14 [MS]

C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant
HP Support Assistant Quick Start -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe /taskrestart [null data]
PC Health Analysis -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis [null data]
PC Tuneup -> launches: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L TuneupTimer [null data]
Update Check -> launches: C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe /s /p 1 [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM.CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
-> {HKLM.Wow.CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM.CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM.Wow.CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM.CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM.Wow.CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM.CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM.CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
-> {HKLM.Wow.CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM.CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM.CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
-> {HKLM.Wow.CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM.CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM.CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM.CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
Lpksetup -> launches: C:\Windows\System32\lpksetup.exe -v [MS]
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM.CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM.Wow.CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM.CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
-> {HKLM.Wow.CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM.CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM.CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM.CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM.CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
-> {HKLM.Wow.CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM.CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM.Wow.CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM.CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM.Wow.CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
-> {HKLM.Wow.CLSID} = Windows Live Social Object Extractor Engine Definition Updater
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-16860753-1696022368-920867402-500 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000010\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000010\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} = (no title provided)
-> {HKLM.CLSID} = avast! WebRep
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [AVAST Software]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} = (no title provided)
-> {HKLM.Wow.CLSID} = avast! WebRep
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} = (no title provided)
-> {HKLM.Wow.CLSID} = Adobe PDF
\InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe Systems Incorporated]

Explorer Bars

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM.Wow.CLSID} = Adobe PDF
\InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe Systems Incorporated]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
-> {HKLM.Wow.CLSID} = BlogThisToolbarButton Class
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]

{7815BE26-237D-41A8-A98F-F7BD75F71086}\
MenuText = Send by Bluetooth to
CLSIDExtension = {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
-> {HKLM.Wow.CLSID} = CIESpeechBHO Class
\InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [Atheros Commnucations]

{A95FE080-8F5D-11D2-A20B-00AA003C157A}\
ButtonText = @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101
MenuText = @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101
Script = C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html [null data]


HOSTS file
----------

C:\Windows\System32\drivers\etc\HOSTS

maps: 3 domain names to IP addresses,
2 of the IP addresses are *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
Adobe Active File Monitor V9, AdobeActiveFileMonitor9.0, C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [Adobe Systems Incorporated]
AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD]
Andrea ST Filters Service, AESTFilters, C:\Program Files\IDT\WDM\AESTSr64.exe [Andrea Electronics Corporation]
Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
Atheros Bt&Wlan Coex Agent, Atheros Bt&Wlan Coex Agent, C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [Atheros]
AtherosSvc, AtherosSvc, C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [Atheros Commnucations]
Audio Service, STacSV, C:\Program Files\IDT\WDM\STacSV64.exe [IDT, Inc.]
avast! Antivirus, avast! Antivirus, "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [AVAST Software]
Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
FLEXnet Licensing Service, FLEXnet Licensing Service, "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [Macrovision Europe Ltd.]
HP Client Services, HPClientSvc, "C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe" [Hewlett-Packard Company]
HP Quick Synchronization Service, HPDrvMntSvc.exe, "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe" [Hewlett-Packard Company]
HP Service, hpsrv, C:\Windows\system32\Hpservice.exe [Hewlett-Packard Company]
HP Software Framework Service, hpqwmiex, "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [Hewlett-Packard Company]
HP Support Assistant Service, HP Support Assistant Service, "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [null data]
HPWMISVC, HPWMISVC, C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [Hewlett-Packard Development Company, L.P.]
IconMan_R, IconMan_R, "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe" [Realsil Microelectronics Inc.]
Intel® Identity Protection Technology Host Interface Service, jhi_service, C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [Intel Corporation]
Intel® Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel® Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [Intel Corporation]
Intel® Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
iPod-service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
Office Software Protection Platform, osppsvc, "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [MS]
PCloudd, PCloudd, C:\Program Files (x86)\Iomega Storage Manager\pCloudd.exe [Iomega Corp]
PDFProFiltSrvPP, PDFProFiltSrvPP, C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [Nuance Communications, Inc.]
TrueSuiteService, FPLService, "C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe" [HP]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> WRkrn, Driver
<<!>> WRSVC, Service


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor MX870 series\Driver = CNMLMA7.DLL [CANON INC.]
Canon BJNP Port\Driver = CNMN6PPM.DLL [CANON INC.]
Canon MP FAX Language Monitor MX870 series\Driver = CNCF2Lm.DLL [Canon Inc.]
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello doddeltje,

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

Advertisements


#11
doddeltje

doddeltje

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-04 17:22:36
-----------------------------
17:22:36.233 OS Version: Windows x64 6.1.7601 Service Pack 1
17:22:36.233 Number of processors: 4 586 0x2A07
17:22:36.233 ComputerName: XXXXXX UserName: Thomas
17:22:39.010 Initialize success
17:22:39.072 AVAST engine defs: 13030400
17:22:46.857 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:22:46.872 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
17:22:46.872 Disk 0 MBR read successfully
17:22:46.888 Disk 0 MBR scan
17:22:46.888 Disk 0 Windows 7 default MBR code
17:22:46.903 Disk 0 Partition 1 00 42 SFS 0 MB offset 63
17:22:46.903 Disk 0 Partition 2 80 (A) 42 SFS NTFS 199 MB offset 2048
17:22:46.919 Disk 0 Partition 3 00 42 SFS NTFS 307647 MB offset 409600
17:22:46.935 Disk 0 Partition 4 00 42 SFS 407556 MB offset 630470925
17:22:46.950 Disk 0 scanning C:\Windows\system32\drivers
17:22:46.950 Service scanning
17:23:15.826 Modules scanning
17:23:15.842 Disk 0 trace - called modules:
17:23:16.372 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
17:23:16.388 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008e69060]
17:23:16.403 3 CLASSPNP.SYS[fffff88001d1f43f] -> nt!IofCallDriver -> [0xfffffa8008ce2b10]
17:23:16.419 5 hpdskflt.sys[fffff880018af189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006635050]
17:23:17.230 AVAST engine scan C:\Windows
17:23:17.246 AVAST engine scan C:\Windows\system32
17:23:17.246 AVAST engine scan C:\Windows\system32\drivers
17:23:17.246 AVAST engine scan C:\Users\Thomas
17:23:17.261 AVAST engine scan C:\ProgramData
17:23:17.261 Scan finished successfully
17:25:48.567 Disk 0 MBR has been saved successfully to "C:\Users\Thomas\Downloads\MBR.dat"
17:25:48.567 The log file has been saved successfully to "C:\Users\Thomas\Downloads\aswMBR.txt"
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello doddeltje,

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#13
doddeltje

doddeltje

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Databaseversie: v2013.03.04.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Thomas :: xxxxxx [administrator]

4/03/2013 20:14:36
mbam-log-2013-03-04 (20-14-36).txt

Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 208802
Verstreken tijd: 4 minuut/minuten, 59 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello again doddeltje,

Everything is looking very clean. One last scan to check if we have missed anything and after that, all going well, we can clear away the tools we have been using.

Now

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#15
doddeltje

doddeltje

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
sorry for the late reply

something went wrong with saving the log file, but it said 0 infected files found

I assume my laptop is now malware/virus free. The problem, however, still persists. Is this the time to change ALL my passwords? And do I really need to change all of them, or only those where I use my hotmail account as email account (eg on message boards or for shop logins)?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP