Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need a check [Solved]

Started by Samballen , Apr 28 2013 06:09 AM

  • This topic is locked This topic is locked

#1
Samballen
Posted 28 April 2013 - 06:09 AM

Samballen

    Member

  • Banned
  • PipPip
  • 76 posts
My computer isn't good working, do I got a virus? Pleas help me!

OTL log? Did I do this good? :s
OTL Extras logfile created on: 28-4-2013 13:49:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark de Jager\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

11,86 Gb Total Physical Memory | 9,04 Gb Available Physical Memory | 76,29% Memory free
13,54 Gb Paging File | 10,97 Gb Available in Paging File | 81,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,42 Gb Total Space | 288,17 Gb Free Space | 63,98% Space Free | Partition Type: NTFS
Drive D: | 350,00 Mb Total Space | 308,92 Mb Free Space | 88,26% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark de Jager | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F806FD8-007B-4960-8391-D50EC81F685C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{246742C9-DBC0-4AD4-8D03-5D547CEE8F7A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{289BAE15-4C23-455D-9C23-32637C541A38}" = rport=138 | protocol=17 | dir=out | app=system |
"{2CC840C9-F52C-423D-BFDC-5419DB5EDE18}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{31AAABDA-A475-4F07-8220-5629ABD3574A}" = rport=137 | protocol=17 | dir=out | app=system |
"{46112E49-BB1C-4B0A-9EB8-D161FA7D7D4F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48B29580-CC66-4B62-9210-27A765513B41}" = lport=445 | protocol=6 | dir=in | app=system |
"{550458A3-B5A5-4B38-93BA-A823105B5386}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 |
"{67D76494-73EC-4DD4-A499-BADC9465CA0F}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 |
"{6A472D08-D0CC-476B-8C70-93C78685A9CE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73BAB1A4-AD97-4C37-AF75-5CF2280A2F8D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7A7482BB-F0E7-4F92-963D-041322488D4C}" = lport=138 | protocol=17 | dir=in | app=system |
"{82201FFF-AC68-40C5-A095-6232F2AAD637}" = rport=445 | protocol=6 | dir=out | app=system |
"{830756D5-95E6-4E12-81A8-5084F4E399C1}" = lport=139 | protocol=6 | dir=in | app=system |
"{9B4D1518-B365-4199-BB14-2575CFDB668A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2470D60-32AC-4C24-A294-86B5A8643221}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A62BCDA7-8C00-471E-B93D-93CF18314AD4}" = lport=137 | protocol=17 | dir=in | app=system |
"{A87D3A0D-C362-46D8-A5BC-29E722AD51B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA4385DB-A24A-4B7B-A379-A052EBD21F73}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 |
"{B463F2FB-0715-42F2-8661-6BAF9C0D2EF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CBA336EE-D64D-4D90-840F-9D04E3A88A5C}" = rport=139 | protocol=6 | dir=out | app=system |
"{D30E0A6F-CC10-45E5-931B-DFC2BEEFA9A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D46E3074-E30A-4772-A226-E9559C01E119}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E183B035-6965-4456-89B7-D9DED6D1482F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E6ACA37E-115B-4019-B2DF-E6BBFAC48D42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EBDB0B2A-8D9E-4310-B56A-79C3284FBC6D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F16A769E-0855-4544-B5E5-F39BE2C74014}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7E50DBC-7393-41F3-8DD4-DBC918EBA4F8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{F84A9654-F8A7-4DD1-864C-CD26A504ED05}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0436F7B5-E082-4C02-9F4D-A41764DCD778}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{04E5BC96-0059-4CE7-8167-9CDD4B261C0A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{04F5820A-37AE-4270-A5AC-283E70DAB7E9}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{09915DA3-9451-49E4-8941-6A081B2DE13B}" = dir=in | name=@{microsoft.skypeapp_1.6.0.114_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{0B0272A6-61CB-4A73-852F-5FCE76EE45E7}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{0D2BF84E-4BC8-45E2-A972-D5599D7E77BD}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{118365B8-A6FD-4780-84C8-2E477A096D7A}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{13EAEBE5-4B42-4FC0-AEEA-2D332E36E251}" = protocol=6 | dir=in | app=c:\program files\kmspico\3f1j4yx91ng.exe |
"{180B7923-2D79-4C62-BBDE-0C32283CF705}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{1A773B78-C403-4A6B-8091-F60429BEE04B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{1F4B62FD-03B8-42D9-B20C-065E81F226EA}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{1FA77359-09A1-4390-B56E-E6420D9E0C9B}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{20D31FBD-01DA-46C8-9EB0-504698E46B95}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{22E5B853-4614-44A3-959B-12B094A7BCF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24E351AE-CD66-43F5-809F-9F16E3A7091D}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{295E5D3D-CF34-4592-81EE-2DFCDC7923A0}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{29B178A6-404B-4C66-9BBC-68E1EE7FD887}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2A22526C-DD60-40EB-B179-6397A8675ED1}" = protocol=17 | dir=in | app=c:\users\mark de jager\appdata\roaming\utorrent\utorrent.exe |
"{2D0B6879-4FE9-43A6-B3FC-2A3D14F25B51}" = protocol=17 | dir=in | app=c:\program files\kmspico\f6b2zjjjq1t.exe |
"{2FEC2EBB-8803-4E9E-B5F6-5B089C73707A}" = dir=out | name=@{microsoft.zunevideo_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{30F083DC-FDD9-4AE7-AED1-0EE902644A63}" = protocol=17 | dir=in | app=c:\users\mark de jager\appdata\local\temp\kmsnano\qemu-system-i386.exe |
"{3126A1C1-C64C-4A30-8968-9FB172F7F41F}" = dir=out | name=538 |
"{3236ED8A-43F7-470B-B235-6F9A9B4E6828}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{3436FB71-B686-43D1-8D3C-C782A047909A}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{348610D2-A5AC-4786-9949-A41005D8C0BE}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{3591F6A8-BE5F-4557-AB0E-16D278982EFE}" = protocol=6 | dir=in | app=c:\users\mark de jager\appdata\local\temp\kmsnano\qemu-system-i386.exe |
"{38E29884-BB88-4028-885D-1C2AC6C02A0B}" = dir=out | name=@{30208jdsoft.verjaardagskalender_1.0.0.18_neutral__42pwf7j6aysqa?ms-resource://30208jdsoft.verjaardagskalender/resources/appname} |
"{39803981-D262-4646-9DB0-837526F35400}" = dir=out | name=@{microsoft.zunemusic_1.2.150.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{3A480416-5678-4B85-9E47-8F173E09E526}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3B36CDD8-32A3-4BEF-B475-49FDFBEBB967}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{3C02320D-3BD5-48B6-9F57-C2A4E19B1400}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{3D9DC774-5F46-40A0-9BBC-41DBD30FFBC4}" = dir=out | name=@{microsoft.xboxlivegames_1.2.143.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{41098200-2BFF-46E7-9F78-78C63DFB0BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{41CAE56F-173F-4C9C-8992-34C2304CE096}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{4322FB95-ED5F-47B5-ACDE-EE8DB438B2D0}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{438AAD3A-F526-4AC5-8317-CF3FC8C21999}" = protocol=17 | dir=in | app=c:\program files\kmspico\mooz8ituzi4.exe |
"{453452E3-0FC4-45A6-A9E9-B3E4C0E693D4}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{45524C17-C88C-426B-A3F8-0A0E78171613}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{48D39DA5-2330-4A5F-B4CD-9D67D74048DF}" = protocol=6 | dir=in | app=c:\users\mark de jager\appdata\roaming\utorrent\utorrent.exe |
"{4F1D319C-E2E5-40DA-9654-FD402F14A5B5}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{50CF7B48-E599-4FE7-A553-EA08CCE5B226}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{561B4673-DF0D-48D1-BCF5-8054F82F08F7}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{59D5D85B-8B64-45E3-A588-FC49886E740F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5DD6F310-E0EB-413F-A558-888434604827}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5E60A776-BBA7-4F7C-9E6E-843A3B237DF3}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{5FCB8FCD-6782-454B-B3F5-50B632B90F4F}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{61C5C03D-3F15-451B-9AF7-1ACCA7C132B9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{61D70F6F-A01C-4775-B6CA-5211ED482D7F}" = protocol=6 | dir=in | app=c:\program files (x86)\proxy switcher standard\proxyswitcher.exe |
"{6297B7AC-6AE2-4D45-8D09-1706C5E65144}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{67D64D41-F912-4042-8E09-EFDCBCC30B2D}" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"{680B597A-6AF5-43CD-9360-40921EFA5D5D}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{6AEE973F-35E3-417C-95A6-4261CEC4B171}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
"{6BC7414E-1B1F-4EEB-9C1A-EC781C330DC9}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{6DCD29F8-27A4-4A7E-8101-E7BCD9DC4BEE}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{71690FFD-D2D4-4BF2-9262-FE820211C843}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{72A27658-8A42-492E-B002-08FE0299A7C4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{77ED0AB9-0B20-464E-B3AF-6145A9E04822}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{783154FD-F13A-4282-9112-5F0CA1D25DF9}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7A4B9A52-F9BE-4FD8-A832-D4BB0B2F9553}" = protocol=1 | dir=in | [email protected],-28543 |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8250C416-62E8-4AF1-9712-B6E46F14FC77}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{84CD5201-A95A-4A5A-B54E-9C98738E83A6}" = protocol=17 | dir=in | app=c:\program files (x86)\cracked steam\steam.exe |
"{8806291F-CFBE-4A33-8148-5A493546CBDA}" = protocol=1 | dir=out | [email protected],-28544 |
"{88AD8C01-2896-4DCA-9C22-70FFA07502AE}" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"{88B5E0A1-1F5A-4D4E-BF5D-684BFF728F07}" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"{8920751B-4530-491F-AFF8-601DEFCA8017}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A1F5660-E47B-4A84-945E-D32CFEDB9337}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{8B46F43A-981C-4ACF-A19F-82BB9F561FEC}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{8B7DA07F-2B3E-4D8C-A21C-EB29F8AC040B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8C2A4C82-9D0F-41A6-810D-CF0B4CAA0B0E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8D6DD01E-D792-4DBD-890C-F35E3E1982CC}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{8EBC3653-C926-4F4E-ACE0-5BEB8DF3C93B}" = dir=out | name=google search |
"{93BDA9E7-DC9B-41DF-9A24-7CD4233A017E}" = protocol=58 | dir=in | [email protected],-28545 |
"{99A10118-7407-4098-9529-01DDE9A7F449}" = protocol=6 | dir=in | app=c:\program files\kmspico\f6b2zjjjq1t.exe |
"{9C6CDDF3-2CCF-4937-9925-E1E6902D058C}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{9CD475B8-1731-441E-9DBD-344C1DF77D2A}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{9D952932-AADE-47A0-9D00-00341CBA088C}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{9DD1544B-0CD7-4E6E-A100-DDEF6970EFD3}" = protocol=6 | dir=in | app=c:\program files\kmspico\mooz8ituzi4.exe |
"{A1815644-88B2-464C-9735-BEAF745EDC88}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{A206FD64-F29B-41ED-8043-4FA72F7DC578}" = protocol=17 | dir=in | app=c:\program files\kmspico\52bud86udz3.exe |
"{AD6BD518-0DA6-4DD6-A3CA-F5D90AA36B33}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B1C7FD4A-6E59-4EF9-A7E1-659E1F5975D5}" = protocol=17 | dir=in | app=c:\program files\kmspico\3f1j4yx91ng.exe |
"{B2A194A4-31BA-4C69-A356-42CBB65B1D8E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B59C10B2-6DCF-4DCC-8A89-02FCFDA4E7AB}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{B61405F0-9421-474F-885F-A3E0EB62BFE7}" = protocol=58 | dir=out | [email protected],-28546 |
"{B7E5EA9E-6089-4164-9459-47266E739C1B}" = dir=in | app=c:\users\mark de jager\appdata\local\microsoft\skydrive\skydrive.exe |
"{BAA2C80E-C736-48A5-83C8-11CD1DF8936B}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
"{BDE6D091-F506-4E78-850D-0E499572B3A5}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{C2B5A4BC-B501-4AF9-9AB7-B2463D6CD34E}" = dir=out | name=rtl xl |
"{C4F3161C-D85B-4F08-8414-8B4C74AE5124}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{C5E62935-0713-4D80-ACAC-C867EF5CABCB}" = protocol=6 | dir=out | app=system |
"{C63BE256-30E9-413B-A2E5-F0669CACA452}" = protocol=6 | dir=in | app=c:\program files (x86)\cracked steam\steam.exe |
"{C674F07A-8793-442F-8FCC-D8AD48EF8F66}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{C8A81E72-E9BC-43AC-92F5-1FB18916A5A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBFA3ACE-DDC2-4DAD-BD79-782A73764971}" = protocol=17 | dir=in | app=c:\program files\mw3\iw5sp.exe |
"{CC1898F2-CFCB-40FF-B54C-4875C9B627DC}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{D2F3DAE6-D2D0-48CB-8EFF-E53DEED0B0B7}" = protocol=6 | dir=in | app=c:\program files\kmspico\52bud86udz3.exe |
"{D3CB84F0-697A-4FB6-AEB1-2C1258FC9094}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{DA1DA4AA-3868-4FAE-8E9F-733C0AD3312B}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{DA3B4CDE-945F-4CB3-BA60-6BCF2535500F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{DCCC72BC-B1B2-4D62-8824-D580806D204B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0B17049-7C34-4E1B-A222-002AEF9661A1}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{E13696B1-6C68-49A8-9D96-5B50B67E5FD6}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EA3375A3-3D6E-4335-B568-CBB04A05885A}" = dir=out | name=@{microsoft.skypeapp_1.6.0.114_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{EA39C17F-5785-4DEB-99AF-5366DB6E8473}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EDCBD1D4-07B3-4F9D-AAB6-A21B84F1B3F8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EF19B97C-5C5D-4978-8EEF-4E5F4A89F45C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{F10C4772-2E8B-4B6D-B3A2-18CB4066251B}" = dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{F4801E1A-99BB-4B49-9D66-81692B43389E}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{F7C1C9A9-BCE2-474F-8FAC-F6EA544A0757}" = dir=in | app=c:\program files (x86)\audials\audials 10\audials.exe |
"{F8B79D03-3FD8-4B08-B322-742E8B38C249}" = protocol=6 | dir=in | app=c:\program files\mw3\iw5sp.exe |
"{F92FAFBE-78A6-4AA5-A61F-855A6F0DBFF0}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{F94F3454-B47A-4997-9BDC-1A3A297FAC8C}" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"{F9706545-E962-4EE0-BB65-B6F9CA759E5B}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{FBE66ED2-CCDD-481F-9FEB-4622E969AFE9}" = protocol=17 | dir=in | app=c:\program files (x86)\proxy switcher standard\proxyswitcher.exe |
"{FC585315-BDF1-4C39-B143-4A747C669B95}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{FC59E006-15FC-44E8-A4AD-C6A8643EB2B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{FD0D5795-D958-4974-BBDB-48C67DCCAAD5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{29A38B3D-BE7E-46AF-B009-B0B3E15F5B69}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe |
"TCP Query User{3C9C5B0F-3001-4C8E-8440-D67EBE67D02B}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{3EF7CF54-55C6-4746-829C-CBE023E04DF9}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"TCP Query User{48F74438-22E6-420F-8DF9-745BBEFF1C46}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{653DC1FB-F0F3-4440-BC03-1CB561DFD8FB}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{6AEB15E9-57EA-4083-96D0-84FD48784A3E}C:\users\mark de jager\appdata\local\temp\kmsnano\qemu-system-i386.exe" = protocol=6 | dir=in | app=c:\users\mark de jager\appdata\local\temp\kmsnano\qemu-system-i386.exe |
"TCP Query User{8726F949-EC3D-4395-B460-4959A00B6E73}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{B4C8CA3F-BC51-4AB6-92B2-70D1F00E1616}C:\program files\mw3\iw5sp.exe" = protocol=6 | dir=in | app=c:\program files\mw3\iw5sp.exe |
"TCP Query User{E1346826-B425-4E92-897E-6F2D6C63EB52}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{0CD4650D-D219-4B63-AB21-B230EE7D6C8A}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{57FB6ACC-79B4-45E3-895F-19520D5F3443}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{6C996F61-7854-42A6-AA12-BF60752F309A}C:\users\mark de jager\appdata\local\temp\kmsnano\qemu-system-i386.exe" = protocol=17 | dir=in | app=c:\users\mark de jager\appdata\local\temp\kmsnano\qemu-system-i386.exe |
"UDP Query User{9602B836-48D4-4010-844D-E288BBCE83E2}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{AE88EF32-B5D6-4E83-9F4E-926685138F59}C:\program files\mw3\iw5sp.exe" = protocol=17 | dir=in | app=c:\program files\mw3\iw5sp.exe |
"UDP Query User{B4EBA965-5F18-4C12-B3B5-E48F19DE7F50}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"UDP Query User{D4A19CFF-571F-43A5-989B-26D8F44193A4}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe |
"UDP Query User{D4EDF0DD-CBBC-4A7E-A198-86BFF6FFBC46}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{E078E431-27CA-45F6-8852-1D142FBE2988}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{17CA4178-C345-4B6F-9543-F3C403CB5057}" = SmartFTP Client
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46ACCCF4-A30A-4459-9BDA-F8CA537F21C3}" = SmartFTP Client Dutch (Netherlands) MUI
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7963F870-6575-11E2-A4D9-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{7E708ADE-6575-11E2-8713-F04DA23A5C58}" = MSVCRT Redists
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0413-1000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2010
"{90140000-0015-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0413-1000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2010
"{90140000-0016-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0413-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2010
"{90140000-0018-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0413-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2010
"{90140000-0019-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0413-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2010
"{90140000-001A-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0413-1000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2010
"{90140000-001B-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-1000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-1000-0000000FF1CE}_Office14.PROPLUS_{AA4240DC-855A-477B-8E38-89FBC16056E3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0413-1000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2010
"{90140000-002C-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F6144043-F441-49EE-BC99-ECAAFD3C3A65}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0413-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Dutch) 2010
"{90140000-0043-0413-1000-0000000FF1CE}_Office14.PROPLUS_{ACB44C8D-AA50-44D2-B1DC-408A7F215FA2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0413-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2010
"{90140000-0044-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0413-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2010
"{90140000-006E-0413-1000-0000000FF1CE}_Office14.PROPLUS_{BA6AF386-8886-4907-8CDF-BE7B7071944A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0413-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2010
"{90140000-00A1-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0413-1000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2010
"{90140000-00BA-0413-1000-0000000FF1CE}_Office14.PROPLUS_{F5DBC9E7-1B2B-4AA8-87DE-B586E5ABF7D0}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90150000-0015-0413-1000-0000000FF1CE}" = Microsoft Access MUI (Dutch) 2013
"{90150000-0016-0413-1000-0000000FF1CE}" = Microsoft Excel MUI (Dutch) 2013
"{90150000-0018-0413-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (Dutch) 2013
"{90150000-0019-0413-1000-0000000FF1CE}" = Microsoft Publisher MUI (Dutch) 2013
"{90150000-001A-0413-1000-0000000FF1CE}" = Microsoft Outlook MUI (Dutch) 2013
"{90150000-001B-0413-1000-0000000FF1CE}" = Microsoft Word MUI (Dutch) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0413-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Nederlands
"{90150000-002C-0413-1000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2013
"{90150000-0044-0413-1000-0000000FF1CE}" = Microsoft InfoPath MUI (Dutch) 2013
"{90150000-006E-0413-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2013
"{90150000-0090-0413-1000-0000000FF1CE}" = Microsoft DCF MUI (Dutch) 2013
"{90150000-00A1-0413-1000-0000000FF1CE}" = Microsoft OneNote MUI (Dutch) 2013
"{90150000-00BA-0413-1000-0000000FF1CE}" = Microsoft Groove MUI (Dutch) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0413-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Dutch) 2013
"{90150000-00E1-0413-1000-0000000FF1CE}" = Microsoft Office OSM MUI (Dutch) 2013
"{90150000-00E2-0413-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Dutch) 2013
"{90150000-012B-0413-1000-0000000FF1CE}" = Microsoft Lync MUI (Dutch) 2013
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA-configuratiescherm 307.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafisch stuurprogramma 307.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F691A1F5-2789-46CE-A45A-57763198D384}" = FxVisor
"6F64DF2E-3B8E-41DB-89E4-75BD3F370CDE_is1" = Cracked Steam
"AutoHotkey" = AutoHotkey 1.1.09.03
"CCleaner" = CCleaner
"KMSpico v2.1_is1" = KMSpico 2.1
"KMSpico v4.1_is1" = KMSpico 4.1
"NewBlue Art Effects for PowerDirector" = Newblue Art Effects for PowerDirector
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06BA6321-B6FC-4A36-8571-B642404D22B6}" = Photobucket Backup
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25BB9D52-8471-4C26-BC79-D3B33BB1A4A7}_is1" = Mass Watermark version 1.0.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3908B421-EF03-3489-A38C-DBAF6252E312}_is1" = idoo Video Editor Pro 1.4.0
"{4209F371-7B85-60AD-E5CE-E4409D39E3DE}_is1" = Ashampoo WinOptimizer 2013 v.1.0.0
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{CD9D0827-A6D6-4E2C-B31E-23F01577E27B}" = BlueStacks Notification Center
"{CDA91A28-4350-4885-944F-88908A0E3BBC}" = Audials
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"1-abc.net File Encrypter" = 1-abc.net File Encrypter (Remove only)
"ACPsoft PDF Converter" = ACPsoft PDF Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"AOMEI Dynamic Disk Manager Pro Edition_is1" = AOMEI Dynamic Disk Manager Pro Edition
"BlueStacks App Player" = BlueStacks App Player
"CaptureSaver_is1" = CaptureSaver V4.2.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Easy Drive Data Recovery" = Easy Drive Data Recovery
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.6.0.2
"Genie Timeline" = Genie Timeline
"Google Chrome" = Google Chrome
"HyperCam 3" = HyperCam 3
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Keyboard LEDs" = Keyboard LEDs
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.75.0.1300
"Messenger Plus!" = Messenger Plus!
"Messenger Plus! for Skype" = Messenger Plus! for Skype
"mIRC" = mIRC
"Mozilla Firefox 21.0 (x86 nl)" = Mozilla Firefox 21.0 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MW3v1.4.382" = MW3
"Notepad++" = Notepad++
"Online Games Manager" = Online Games Manager v1.20
"PDF Logo Remover_is1" = PDF Logo Remover 1.0
"PowerISO" = PowerISO
"PremiumSoft Navicat Premium_is1" = PremiumSoft Navicat Premium 9.1
"RealPopup_is1" = RealPopup
"Revo Uninstaller" = Revo Uninstaller 1.94
"RoboImport_is1" = RoboImport 1.2.0.72
"SoftOrbits Photo Retoucher_is1" = SoftOrbits Photo Retoucher 1.3
"Sticky Password_is1" = Sticky Password 6.0.8.437
"TeamViewer 8" = TeamViewer 8
"TrueCrypt" = TrueCrypt
"TSR Watermark Image_is1" = TSR Watermark Image software version 2.3.4.1
"UBCD4Win_is1" = UBCD4Win 3.60
"Ultima Steganography_is1" = Ultima Steganography 1.7
"uTorrent" = µTorrent
"uTorrent Turbo Booster" = uTorrent Turbo Booster
"VMware_Workstation" = VMware Workstation
"WinLiveSuite_Wave3" = Windows Live Essentials
"xampp" = XAMPP 1.8.1
"XUS PC Lock Professional Edition(x32 & x64)_is1" = XUS PC Lock Professional Edition 4.1.68
"Your Software Deals_is1" = Your Software Deals 1.0.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoforFiles" = GoforFiles
"JoinMe" = join.me
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27-4-2013 14:21:12 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: SystemSettings.exe, versie: 6.2.9200.16420,
tijdstempel: 0x505a965d Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel:
0x00000000 Uitzonderingscode: 0xc0000005 Foutmarge: 0x0000080000544980 Id van proces
met fout: 0x1f60 Starttijd van toepassing met fout: 0x01ce4373ff60d23c Pad naar toepassing
met fout: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Pad naar module met
fout: unknown Rapport-id: 3d27985b-af67-11e2-be9b-bbb1c52ff60d Volledige pakketnaam
met fout: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy Relatieve
toepassings-id van pakket met fout: microsoft.windows.immersivecontrolpanel

Error - 27-4-2013 14:21:28 | Computer Name = Mark-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = App windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
is niet gestart binnen de toegewezen tijd.

Error - 28-4-2013 06:49:48 | Computer Name = Mark-PC | Source = Microsoft-Windows-SpellChecker | ID = 33
Description =

Error - 28-4-2013 06:56:17 | Computer Name = Mark-PC | Source = Microsoft-Windows-SpellChecker | ID = 33
Description =

Error - 28-4-2013 07:08:44 | Computer Name = Mark-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = App Microsoft.SkypeApp_kzf8qxf38zg5c!App is niet gestart binnen de
toegewezen tijd.

Error - 28-4-2013 07:12:07 | Computer Name = Mark-PC | Source = Outlook | ID = 34
Description = Kan het bereik van verkennerbeheer niet ophalen. Fout: 0x80070002.

Error - 28-4-2013 07:12:07 | Computer Name = Mark-PC | Source = Outlook | ID = 35
Description = Kan niet vaststellen of het archief zich in het verkenningsbereik
bevindt (fout=0x80070002).

Error - 28-4-2013 07:15:37 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: ESET Nod32 Antivirus (Lifetime License).exe,
versie: 10.3.5.0, tijdstempel: 0x4bbaee73 Naam van module met fout: ieframe.dll_unloaded,
versie: 0.0.0.0, tijdstempel: 0x5125f35b Uitzonderingscode: 0xc0000005 Foutmarge:
0x71c468e5 Id van proces met fout: 0x4878 Starttijd van toepassing met fout: 0x01ce4401b111fefe
Pad
naar toepassing met fout: C:\Users\Mark de Jager\Downloads\ESET Nod32 Antivirus
5.0.95.0 (x32 & x64) Bit Activated Trial 4EVER 2012\Craks 4EVER\ESET Nod32 Antivirus
(Lifetime License).exe Pad naar module met fout: ieframe.dll Rapport-id: f36dd9e4-aff4-11e2-be9b-bbb1c52ff60d
Volledige
pakketnaam met fout: Relatieve toepassings-id van pakket met fout:

Error - 28-4-2013 07:16:07 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: ESET Nod32 Antivirus (Lifetime License).exe,
versie: 10.3.5.0, tijdstempel: 0x4bbaee73 Naam van module met fout: ieframe.dll_unloaded,
versie: 0.0.0.0, tijdstempel: 0x5125f35b Uitzonderingscode: 0xc0000005 Foutmarge:
0x71c468e5 Id van proces met fout: 0x4bd8 Starttijd van toepassing met fout: 0x01ce4401c4d58111
Pad
naar toepassing met fout: C:\Users\Mark de Jager\Downloads\ESET Nod32 Antivirus
5.0.95.0 (x32 & x64) Bit Activated Trial 4EVER 2012\Craks 4EVER\ESET Nod32 Antivirus
(Lifetime License).exe Pad naar module met fout: ieframe.dll Rapport-id: 05331dd6-aff5-11e2-be9b-bbb1c52ff60d
Volledige
pakketnaam met fout: Relatieve toepassings-id van pakket met fout:

Error - 28-4-2013 07:28:52 | Computer Name = Mark-PC | Source = BstHdAndroidSvc | ID = 0
Description = Service kan niet worden gestart. System.ApplicationException: Cannot
start service. Service did not stop gracefully the last time it was run. bij
BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bij System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)

[ System Events ]
Error - 27-4-2013 12:37:14 | Computer Name = Mark-PC | Source = DCOM | ID = 10016
Description =

Error - 27-4-2013 12:37:15 | Computer Name = Mark-PC | Source = DCOM | ID = 10016
Description =

Error - 27-4-2013 12:37:18 | Computer Name = Mark-PC | Source = DCOM | ID = 10016
Description =

Error - 27-4-2013 12:51:32 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7023
Description = De BlueStacks Android Service-service is gestopt met de volgende foutcode:
%%1064.

Error - 28-4-2013 07:28:37 | Computer Name = Mark-PC | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 13:27:22 op ?28-?4-?2013 is
onverwacht gebeurd.

Error - 28-4-2013 07:28:52 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7023
Description = De BlueStacks Android Service-service is gestopt met de volgende foutcode:
%%1064.

Error - 28-4-2013 07:29:48 | Computer Name = Mark-PC | Source = DCOM | ID = 10016
Description =

Error - 28-4-2013 07:30:08 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7011
Description = Time-out (30000 seconden) tijdens het wachten op een reactie op een
transactie van deze service: GenieTimelineService.

Error - 28-4-2013 07:32:55 | Computer Name = Mark-PC | Source = DCOM | ID = 10016
Description =

Error - 28-4-2013 07:41:38 | Computer Name = Mark-PC | Source = DCOM | ID = 10016
Description =


< End of report >
or
OTL logfile created on: 28-4-2013 13:49:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark de Jager\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

11,86 Gb Total Physical Memory | 9,04 Gb Available Physical Memory | 76,29% Memory free
13,54 Gb Paging File | 10,97 Gb Available in Paging File | 81,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,42 Gb Total Space | 288,17 Gb Free Space | 63,98% Space Free | Partition Type: NTFS
Drive D: | 350,00 Mb Total Space | 308,92 Mb Free Space | 88,26% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark de Jager | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-04-28 13:46:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
PRC - [2013-04-28 13:33:46 | 001,344,512 | ---- | M] (Indigo Rose Corporation) -- C:\Users\MARKDE~1\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PRC - [2013-04-27 19:43:48 | 000,256,600 | ---- | M] (Microsoft Corporation) -- C:\Users\Mark de Jager\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013-04-27 18:31:31 | 184,660,274 | R--- | M] () -- C:\Users\Mark de Jager\Downloads\Call of Duty Modern Warfare 3 (MW3) by iMortaluz\Install Call of Duty Modern Warfare 3.exe
PRC - [2013-04-26 19:13:31 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-04-19 16:00:08 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
PRC - [2013-04-13 21:47:36 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013-04-04 11:17:06 | 000,796,672 | ---- | M] (DownloadBoosters LLC) -- C:\Program Files (x86)\uTorrent Turbo Booster\uTorrent Turbo Booster.exe
PRC - [2013-03-21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2013-03-12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe
PRC - [2013-03-07 21:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2013-03-06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013-02-15 16:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2013-02-02 10:40:58 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2013-01-15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012-12-25 17:35:10 | 004,474,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012-12-16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
PRC - [2012-12-11 11:22:38 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-11-01 03:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012-11-01 03:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012-11-01 02:57:50 | 013,234,176 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2012-11-01 01:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012-09-24 20:59:32 | 000,802,304 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012-09-20 07:55:29 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe
PRC - [2012-09-06 02:46:12 | 000,912,896 | ---- | M] (KARPOLAN) -- C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe
PRC - [2012-07-26 05:20:44 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2012-03-08 07:05:06 | 000,432,952 | ---- | M] (QFX Software Corporation) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
PRC - [2012-01-09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe


========== Modules (No Company Name) ==========

MOD - [2013-04-28 13:33:48 | 000,325,960 | ---- | M] () -- C:\Users\MARKDE~1\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
MOD - [2013-04-27 18:31:31 | 184,660,274 | R--- | M] () -- C:\Users\Mark de Jager\Downloads\Call of Duty Modern Warfare 3 (MW3) by iMortaluz\Install Call of Duty Modern Warfare 3.exe
MOD - [2013-04-26 19:13:31 | 003,121,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-04-19 16:00:07 | 016,032,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2013-03-07 21:32:40 | 021,014,960 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013-03-07 21:32:38 | 000,292,272 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013-03-07 21:32:38 | 000,179,632 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013-02-15 18:20:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30fabfc2d4fe632ecf463a0901bba2d3\System.Windows.Forms.ni.dll
MOD - [2013-02-05 12:06:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\253546cd467b0fd7e57623921595182d\System.Configuration.ni.dll
MOD - [2013-02-05 12:01:46 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d981792ebf85627e57c7d95594aa7092\System.Xml.ni.dll
MOD - [2013-02-05 12:01:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\97e24281000ae702b067281f3a01878a\System.Drawing.ni.dll
MOD - [2013-02-05 12:01:37 | 006,656,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\68ec2130ceb6a257762c70bc87ed0129\System.Data.ni.dll
MOD - [2013-02-05 12:01:11 | 007,989,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0b80769ba127fce3221c1fd47e87c4a7\System.ni.dll
MOD - [2013-02-05 12:01:01 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll
MOD - [2012-09-14 00:03:56 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012-07-06 04:01:13 | 002,972,672 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011-08-07 15:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2011-03-17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV:64bit: - [2013-03-21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2013-03-02 23:06:04 | 000,037,888 | -HS- | M] () [Auto | Running] -- C:\Program Files\KMSpico\Service_KMS.exe -- (Service KMSELDI)
SRV:64bit: - [2013-03-02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-03-02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-02-02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-01-29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013-01-10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013-01-10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012-11-27 15:56:28 | 000,118,272 | ---- | M] (DeadPihto) [Auto | Running] -- C:\Windows\SysNative\wsservice_crk.dll -- (WSServiceCrk)
SRV:64bit: - [2012-11-06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012-11-06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012-09-20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012-09-20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012-09-20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012-09-16 10:25:58 | 000,662,104 | ---- | M] (Genie9) [Auto | Running] -- C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
SRV:64bit: - [2012-09-11 23:14:40 | 000,390,672 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2012-07-26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012-07-26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012-07-26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012-07-26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012-07-26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012-07-26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012-07-26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012-07-26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012-07-26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012-07-26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012-07-26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012-07-26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012-07-26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013-04-26 19:13:31 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-04-19 16:00:08 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-03-12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe -- (ogmservice)
SRV - [2013-03-06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013-02-26 15:42:53 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2013-02-15 16:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013-02-15 16:27:52 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013-02-15 14:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-01-15 18:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012-12-16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2012-12-14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-12-11 11:22:38 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-11-06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012-11-01 03:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012-11-01 03:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012-11-01 02:57:50 | 013,234,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012-11-01 01:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012-10-11 18:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012-07-26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012-01-09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013-03-05 15:10:52 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013-03-02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013-03-02 12:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013-03-02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-03-02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-03-02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013-03-02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013-02-14 12:21:06 | 000,058,416 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013-02-14 12:21:04 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013-02-05 19:34:43 | 000,047,240 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2013-02-05 19:34:37 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rrnetcap.sys -- (RRNetCapMP)
DRV:64bit: - [2013-02-05 19:34:37 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rrnetcap.sys -- (RRNetCap)
DRV:64bit: - [2013-02-02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013-02-02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-01-29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013-01-29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013-01-27 15:35:46 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013-01-10 09:25:22 | 000,190,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013-01-10 09:25:22 | 000,059,440 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013-01-10 09:25:20 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2013-01-10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012-12-21 14:53:58 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2012-12-21 14:53:58 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2012-12-19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012-12-14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-12-11 11:22:46 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012-11-27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012-11-20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012-11-06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012-11-01 03:34:54 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012-11-01 03:34:32 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012-11-01 03:34:10 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012-11-01 03:34:08 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012-11-01 03:34:04 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012-10-24 15:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012-10-24 15:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012-10-12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-10-11 18:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012-10-11 18:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012-10-11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012-10-11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012-09-20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012-09-20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012-09-20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012-09-20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012-07-26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-07-26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012-07-26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012-07-26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012-07-26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012-07-26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012-07-26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012-07-26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012-07-26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012-07-26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012-07-26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012-07-26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012-07-26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012-07-26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012-07-26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012-07-26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-07-26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012-07-26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012-07-26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012-07-26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012-07-26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012-07-26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012-07-26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012-07-26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012-07-26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012-07-26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012-07-26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012-07-26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012-07-26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012-07-26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012-07-26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012-07-26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012-07-26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012-07-26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012-07-26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-07-26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012-07-26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012-07-26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-07-26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012-07-26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012-07-26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012-07-26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012-07-26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012-07-26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012-07-26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012-07-26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012-06-02 16:31:37 | 000,425,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2012-06-02 16:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr)
DRV:64bit: - [2011-12-26 16:27:24 | 000,015,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ampa.sys -- (ampa)
DRV:64bit: - [2011-12-15 02:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011-06-15 22:10:58 | 000,015,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ddmdrv.sys -- (ddmdrv)
DRV:64bit: - [2010-10-20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV - [2013-02-15 16:28:06 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2012-12-21 14:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2012-12-21 14:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2012-07-05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012-07-05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012-01-05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2011-12-26 16:27:22 | 000,012,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ampa.sys -- (ampa)
DRV - [2011-06-15 22:09:42 | 000,012,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ddmdrv.sys -- (ddmdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.nl.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 41 45 52 3E 02 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {E5072886-3E11-4752-95DE-297EB47A2390}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{E5072886-3E11-4752-95DE-297EB47A2390}: "URL" = http://search.condui...7841336686&UM=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.nl/"
FF - prefs.js..extensions.enabledAddons: %7B27c60876-b5c9-4335-b4f3-52b26782220c%7D:0.9.4
FF - prefs.js..extensions.enabledAddons: %7B563e4790-7e70-11da-a72b-0800200c9a66%7D:0.9f
FF - prefs.js..extensions.enabledAddons: %7Ba5312b79-bf0d-4825-a25f-b33d67d4a58a%7D:13.15.63
FF - prefs.js..extensions.enabledAddons: rssicon%40jasnapaka.com:1.4
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: coralietab%40mozdev.org:2.04.20110724
FF - prefs.js..extensions.enabledAddons: %7Bac2cfa60-bc96-11e0-962b-0800200c9a66%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mark de Jager\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2013-04-27 17:29:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-04-06 13:04:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-04-27 18:03:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-04-27 17:29:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\CaptureSaver\Firefox [2013-03-19 10:57:39 | 000,000,000 | ---D | M]

[2013-02-03 20:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Extensions
[2013-04-27 18:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions
[2013-03-01 16:23:09 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013-04-20 17:27:22 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\[email protected]
[2013-04-22 09:51:21 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\[email protected]
[2013-03-06 14:25:15 | 000,207,249 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-06 21:15:48 | 000,015,618 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-08 21:59:50 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-05 11:34:49 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2013-02-06 18:51:54 | 000,010,707 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}.xpi
[2013-02-06 21:01:15 | 000,045,996 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{a5312b79-bf0d-4825-a25f-b33d67d4a58a}.xpi
[2013-04-27 18:56:04 | 000,052,139 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi
[2013-02-14 11:09:20 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-04-05 19:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013-04-05 19:06:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013-04-26 19:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\distribution\extensions
[2013-01-11 03:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Mark de Jager\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Documenten = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Documenten = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Zoeken = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Zoeken = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-07-26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (CaptureSaver) - {5148AB7D-8868-4490-B6DA-F98368488582} - C:\Program Files (x86)\CaptureSaver\CaptureSaverIE.dll (www.capturesaver.com)
O3 - HKLM\..\Toolbar: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [Photobucket Backup] C:\Program Files (x86)\Photobucket Backup\Photobucket.App.exe (Photobucket)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [KeyboardLeds.exe] C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe (KARPOLAN)
O4 - HKCU..\Run: [SkyDrive] C:\Users\Mark de Jager\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Windows Update] C:\Users\Mark de Jager\AppData\winini.exe File not found
O4 - Startup: C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
F3:64bit: - HKCU WinNT: Load - (C:\Users\MARKDE~1\LOCALS~1\Temp\msawidayo.exe) - File not found
F3 - HKCU WinNT: Load - (C:\Users\MARKDE~1\LOCALS~1\Temp\msawidayo.exe) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O8:64bit: - Extra context menu item: Add to CaptureSaver - C:\Program Files (x86)\CaptureSaver\\AddFromIE.htm ()
O8:64bit: - Extra context menu item: Sticky Password - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O8 - Extra context menu item: Add to CaptureSaver - C:\Program Files (x86)\CaptureSaver\\AddFromIE.htm ()
O8 - Extra context menu item: Sticky Password - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - C:\Program Files (x86)\CaptureSaver\CaptureSaverIE.dll (www.capturesaver.com)
O9 - Extra 'Tools' menuitem : CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mediapluspro.com ([www] https in Vertrouwde websites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{404E2125-F77B-4A20-89E5-7CE2767B2BAF}: DhcpNameServer = 192.168.2.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-04-28 13:51:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013-04-28 13:46:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
[2013-04-28 13:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MW3
[2013-04-28 13:14:46 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MW3
[2013-04-28 13:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\MW3
[2013-04-27 20:39:35 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\RealPopup
[2013-04-27 20:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealPopup
[2013-04-27 20:23:56 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Computerspeeltuin.{ED7BA470-8E54-465E-825C-99712043E01C}
[2013-04-27 20:14:21 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\HTML Executable
[2013-04-27 19:44:46 | 000,000,000 | R--D | C] -- C:\Users\Mark de Jager\Desktop\SkyDrive
[2013-04-27 19:43:54 | 000,000,000 | R--D | C] -- C:\Users\Mark de Jager\SkyDrive
[2013-04-27 19:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013-04-27 19:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013-04-27 17:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSR Soft
[2013-04-27 17:28:04 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\TSR Software
[2013-04-27 17:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TSR Soft
[2013-04-27 16:04:58 | 000,000,000 | ---D | C] -- C:\gql
[2013-04-27 16:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deluge
[2013-04-27 15:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013-04-27 15:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013-04-27 15:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013-04-27 15:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
[2013-04-27 15:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\KMSpico
[2013-04-27 15:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013-04-27 15:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Toolkit
[2013-04-26 18:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2013-04-26 18:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2013-04-23 08:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013-04-20 18:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013-04-20 18:17:16 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Anti-Malware
[2013-04-20 17:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013-04-19 20:38:06 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Navicat
[2013-04-19 17:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013-04-19 17:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013-04-19 17:42:51 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\IObit
[2013-04-19 17:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013-04-17 11:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
[2013-04-17 11:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PremiumSoft
[2013-04-16 08:58:23 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Enplase
[2013-04-16 08:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima Steganography
[2013-04-16 08:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ultima Steganography
[2013-04-15 19:28:20 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Keygens en activators
[2013-04-15 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Host Hotel
[2013-04-14 10:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013-04-14 10:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013-04-14 09:51:03 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\QFX Software
[2013-04-14 09:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2013-04-14 09:51:01 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2013-04-14 09:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2013-04-14 09:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2013-04-13 21:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uTorrent Turbo Booster
[2013-04-13 21:47:25 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent Turbo Booster
[2013-04-13 21:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent Turbo Booster
[2013-04-13 21:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WNR
[2013-04-13 21:20:38 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\WNR
[2013-04-13 21:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxy Switcher Standard
[2013-04-13 19:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013-04-13 19:38:35 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\GoforFiles
[2013-04-13 19:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
[2013-04-13 19:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013-04-12 19:58:00 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2013-04-11 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\PicaJet.Com
[2013-04-11 16:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicaJet.Com
[2013-04-11 16:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicaJet.Com
[2013-04-08 10:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Logo Remover
[2013-04-08 10:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Logo Remover
[2013-04-06 13:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013-04-06 13:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013-04-04 08:30:09 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Apple Computer
[2013-04-03 14:57:21 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\CyberLink
[2013-04-03 14:56:52 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\CyberLink
[2013-04-03 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013-04-03 14:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2013-04-03 14:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software
[2013-04-03 14:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2013-04-03 14:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013-04-03 14:51:53 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\Apple
[2013-04-03 14:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013-04-03 14:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013-04-03 14:51:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 11
[2013-04-03 14:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013-04-03 14:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2013-04-03 14:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013-04-03 14:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2013-04-03 13:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013-04-03 13:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013-04-03 13:25:47 | 000,034,304 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\SysNative\DfSdkBt.exe
[2013-04-03 13:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2013-04-02 19:00:09 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2013-04-02 19:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2013-04-02 10:09:49 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Opdrachten Nederlands, Dennis
[2013-04-01 16:16:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013-03-31 20:07:59 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2013-03-31 20:07:46 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\Facebook
[2013-03-31 15:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2013-03-31 15:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2013-03-31 15:05:55 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013-03-31 15:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013-03-30 16:24:07 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\GTA San Andreas User Files
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-04-28 13:46:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
[2013-04-28 13:41:47 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-04-28 13:41:17 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-04-28 13:34:40 | 000,001,635 | ---- | M] () -- C:\Users\Public\Desktop\MW3 Launcher - TeknoMW3.lnk
[2013-04-28 13:30:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-04-28 13:28:43 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013-04-28 13:28:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013-04-28 13:21:30 | 000,001,122 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk
[2013-04-28 13:14:46 | 000,001,683 | ---- | M] () -- C:\Users\Mark de Jager\Desktop\MW3 Multiplayer.lnk
[2013-04-28 13:06:26 | 000,002,190 | -H-- | M] () -- C:\Users\Mark de Jager\Documents\Default.rdp
[2013-04-28 13:01:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-04-28 11:12:01 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001UA.job
[2013-04-27 20:12:00 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001Core.job
[2013-04-27 18:26:31 | 000,001,105 | ---- | M] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013-04-27 16:06:38 | 004,874,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-04-14 10:53:17 | 001,808,720 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-04-14 10:53:17 | 000,802,560 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013-04-14 10:53:17 | 000,715,832 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-04-14 10:53:17 | 000,161,432 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013-04-14 10:53:17 | 000,134,668 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-04-14 10:29:21 | 000,000,024 | ---- | M] () -- C:\Users\Mark de Jager\random.dat
[2013-04-14 10:28:59 | 000,000,052 | ---- | M] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE.dat
[2013-04-13 21:47:26 | 000,001,163 | ---- | M] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent Turbo Booster.lnk
[2013-04-13 19:35:47 | 000,000,271 | RH-- | M] () -- C:\Windows\Stop.cmd
[2013-04-10 13:32:59 | 000,000,024 | ---- | M] () -- C:\Users\Mark de Jager\jagexappletviewer.preferences
[2013-04-06 18:08:22 | 000,005,632 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013-04-03 13:32:23 | 000,000,000 | ---- | M] () -- C:\Windows\tasks\Optimizer van C
[2013-03-31 20:08:02 | 000,001,327 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-04-28 13:34:40 | 000,001,635 | ---- | C] () -- C:\Users\Public\Desktop\MW3 Launcher - TeknoMW3.lnk
[2013-04-28 13:21:30 | 000,001,122 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk
[2013-04-28 13:14:46 | 000,001,683 | ---- | C] () -- C:\Users\Mark de Jager\Desktop\MW3 Multiplayer.lnk
[2013-04-27 20:39:32 | 000,000,929 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealPopup.lnk
[2013-04-27 19:43:53 | 000,002,304 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2013-04-27 16:21:11 | 000,001,105 | ---- | C] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013-04-17 11:45:52 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2013-04-13 21:47:26 | 000,001,163 | ---- | C] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent Turbo Booster.lnk
[2013-04-13 20:32:35 | 004,874,416 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-04-13 19:34:23 | 000,001,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013-04-13 19:32:55 | 000,000,271 | RH-- | C] () -- C:\Windows\Stop.cmd
[2013-04-13 16:10:00 | 000,002,190 | -H-- | C] () -- C:\Users\Mark de Jager\Documents\Default.rdp
[2013-04-12 19:58:00 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2013-04-10 20:12:49 | 000,001,494 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2013-04-10 14:25:02 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013-04-03 14:51:51 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013-04-03 13:32:23 | 000,000,000 | ---- | C] () -- C:\Windows\tasks\Optimizer van C
[2013-04-03 13:25:58 | 000,001,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk
[2013-03-31 20:07:59 | 000,001,327 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013-03-31 20:07:49 | 000,000,976 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001UA.job
[2013-03-31 20:07:47 | 000,000,954 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001Core.job
[2013-03-23 15:12:54 | 000,000,054 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_speccollect_LIVE.dat
[2013-03-19 21:10:59 | 000,230,206 | ---- | C] () -- C:\ProgramData\1363720194.bdinstall.bin
[2013-03-19 20:49:39 | 000,579,637 | ---- | C] () -- C:\ProgramData\1363718718.bdinstall.bin
[2013-03-18 14:12:08 | 000,000,038 | ---- | C] () -- C:\Program Files (x86)\cfg.ini
[2013-03-18 14:10:48 | 001,645,496 | ---- | C] () -- C:\Windows\ampa.exe
[2013-03-18 14:10:48 | 000,012,728 | ---- | C] () -- C:\Windows\SysWow64\ampa.sys
[2013-03-18 14:10:42 | 000,012,728 | ---- | C] () -- C:\Windows\SysWow64\ddmdrv.sys
[2013-03-18 14:10:41 | 001,293,240 | ---- | C] () -- C:\Windows\ddmmain.exe
[2013-03-17 12:49:46 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013-03-12 15:41:44 | 000,000,416 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013-03-09 12:18:07 | 000,005,632 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-03-02 17:07:06 | 000,000,104 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013-02-28 10:04:32 | 000,000,053 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE1.dat
[2013-02-26 15:43:40 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2013-02-25 17:16:37 | 000,000,052 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_oldschool_LIVE.dat
[2013-02-22 19:41:39 | 000,000,054 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_loginapplet_LIVE.dat
[2013-02-11 13:17:40 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2013-02-11 13:17:40 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2013-02-11 13:17:40 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2013-02-11 13:17:40 | 000,014,920 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2013-02-11 13:17:40 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2013-02-08 19:49:28 | 000,004,096 | -H-- | C] () -- C:\Users\Mark de Jager\AppData\Local\keyfile3.drm
[2013-02-07 16:19:56 | 000,211,665 | ---- | C] () -- C:\ProgramData\1360246678.bdinstall.bin
[2013-02-07 16:09:23 | 000,371,893 | ---- | C] () -- C:\ProgramData\1360245933.bdinstall.bin
[2013-02-07 10:17:14 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013-02-06 13:02:47 | 001,821,998 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-02-05 09:12:38 | 000,088,362 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Roaming\spritesa
[2013-02-04 13:30:59 | 000,000,052 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE.dat
[2013-02-04 13:30:59 | 000,000,024 | ---- | C] () -- C:\Users\Mark de Jager\random.dat
[2013-02-04 13:30:55 | 000,000,024 | ---- | C] () -- C:\Users\Mark de Jager\jagexappletviewer.preferences
[2013-02-04 11:27:40 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012-12-14 03:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012-12-14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-12-14 03:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012-07-26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012-07-26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012-07-26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012-07-26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012-07-25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012-07-25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012-06-02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013-04-01 16:18:47 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-03-02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-03-02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013-03-14 17:57:53 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\1-abc
[2013-02-08 12:51:39 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Acronis
[2013-02-05 18:30:56 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\ActiveX
[2013-04-27 20:30:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Atari
[2013-03-19 10:53:58 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\CaptureSaver
[2013-03-03 11:47:03 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013-04-16 08:58:23 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Enplase
[2013-02-06 15:31:33 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\ESET
[2013-04-14 10:43:37 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\FileZilla
[2013-02-27 16:30:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Firetrust
[2013-03-21 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Genie9
[2013-04-13 19:38:35 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\GoforFiles
[2013-04-27 20:14:21 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\HTML Executable
[2013-03-09 11:47:50 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\idoo
[2013-04-20 17:29:01 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\IObit
[2013-02-25 11:44:33 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Lamantine
[2013-02-11 17:57:06 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Notepad++
[2013-03-02 17:07:40 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Photobucket
[2013-04-11 16:12:10 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\PicaJet.Com
[2013-02-05 20:03:24 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\PowerISO
[2013-03-13 15:53:24 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Publish Providers
[2013-04-14 09:51:03 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\QFX Software
[2013-02-07 16:06:02 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\QuickScan
[2013-02-05 20:16:55 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Returnil
[2013-02-05 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Soft4Boost
[2013-03-09 12:18:07 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Solveig Multimedia
[2013-03-10 17:02:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Sony
[2013-03-02 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TeamViewer
[2013-03-01 13:17:48 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TechSmith
[2013-03-05 15:11:58 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TrueCrypt
[2013-02-09 17:01:16 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Unity
[2013-04-28 14:06:30 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent
[2013-04-13 21:47:25 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent Turbo Booster
[2013-04-13 21:20:38 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\WNR
[2013-02-13 11:42:54 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\X-Chat 2
[2013-03-03 13:11:32 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\XUSSoft

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BFNVJLG4H5L64RGPT0RGN05P6GTGFSVF7JBCVP4GF
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BF1WJKF1EV0KY6VS6YKVNKT0K46FFSVF7JBCVPJGF
@Alternate Data Stream - 138 bytes -> C:\Windows\tasks\Optimizer van C:.job

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 28 April 2013 - 08:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi what problems are you experiencing ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE - HKCU\..\SearchScopes,DefaultScope = {E5072886-3E11-4752-95DE-297EB47A2390}
IE - HKCU\..\SearchScopes\{E5072886-3E11-4752-95DE-297EB47A2390}: "URL" = http://search.condui...7841336686&UM=1
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O4 - HKCU..\Run: [Windows Update] C:\Users\Mark de Jager\AppData\winini.exe File not found
F3:64bit: - HKCU WinNT: Load - (C:\Users\MARKDE~1\LOCALS~1\Temp\msawidayo.exe) - File not found
F3 - HKCU WinNT: Load - (C:\Users\MARKDE~1\LOCALS~1\Temp\msawidayo.exe) - File not found
[2013-04-03 13:32:23 | 000,000,000 | ---- | C] () -- C:\Windows\tasks\Optimizer van C
[2013-04-03 13:25:58 | 000,001,861 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BFNVJLG4H5L64RGPT0RGN05P6GTGFSVF7JBCVP4GF
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BF1WJKF1EV0KY6VS6YKVNKT0K46FFSVF7JBCVPJGF
@Alternate Data Stream - 138 bytes -> C:\Windows\tasks\Optimizer van C:.job

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 1

#3
Samballen
Posted 28 April 2013 - 09:18 AM

Samballen

    Member

  • Topic Starter
  • Banned
  • PipPip
  • 76 posts
Explorer.exe isn't good working.

No responding after :commands, I try again.
  • 0

#4
Essexboy
Posted 28 April 2013 - 09:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a fresh OTL scan so that I can see what remains

  • Run OTL.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows.

  • 0

#5
Samballen
Posted 28 April 2013 - 09:55 AM

Samballen

    Member

  • Topic Starter
  • Banned
  • PipPip
  • 76 posts
I will try this, the first option, again a scan didn't help, my PC gets a freeze and I must restart it.

Comming soon.
  • 0

#6
Samballen
Posted 28 April 2013 - 10:32 AM

Samballen

    Member

  • Topic Starter
  • Banned
  • PipPip
  • 76 posts
OTL logfile created on: 28-4-2013 17:48:12 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark de Jager\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

11,86 Gb Total Physical Memory | 9,60 Gb Available Physical Memory | 80,99% Memory free
13,54 Gb Paging File | 11,18 Gb Available in Paging File | 82,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,42 Gb Total Space | 313,71 Gb Free Space | 69,65% Space Free | Partition Type: NTFS
Drive D: | 350,00 Mb Total Space | 308,92 Mb Free Space | 88,26% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark de Jager | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-04-28 13:46:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
PRC - [2013-04-27 19:43:48 | 000,256,600 | ---- | M] (Microsoft Corporation) -- C:\Users\Mark de Jager\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013-04-26 19:13:31 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013-03-12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe
PRC - [2013-03-07 21:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2013-03-07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-03-07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-03-06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013-02-15 16:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2013-02-02 10:40:58 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2013-01-15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012-12-25 17:35:10 | 004,474,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012-12-16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
PRC - [2012-12-11 11:22:38 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-11-01 03:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012-11-01 03:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012-11-01 02:57:50 | 013,234,176 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2012-11-01 01:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012-09-24 20:59:32 | 000,802,304 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012-09-06 02:46:12 | 000,912,896 | ---- | M] (KARPOLAN) -- C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe
PRC - [2012-03-08 07:05:06 | 000,432,952 | ---- | M] (QFX Software Corporation) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
PRC - [2012-01-09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe


========== Modules (No Company Name) ==========

MOD - [2013-04-26 19:13:31 | 003,121,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-03-07 21:32:40 | 021,014,960 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013-03-07 21:32:38 | 000,292,272 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013-03-07 21:32:38 | 000,179,632 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013-02-15 18:20:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30fabfc2d4fe632ecf463a0901bba2d3\System.Windows.Forms.ni.dll
MOD - [2013-02-05 12:06:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\253546cd467b0fd7e57623921595182d\System.Configuration.ni.dll
MOD - [2013-02-05 12:01:46 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d981792ebf85627e57c7d95594aa7092\System.Xml.ni.dll
MOD - [2013-02-05 12:01:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\97e24281000ae702b067281f3a01878a\System.Drawing.ni.dll
MOD - [2013-02-05 12:01:37 | 006,656,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\68ec2130ceb6a257762c70bc87ed0129\System.Data.ni.dll
MOD - [2013-02-05 12:01:11 | 007,989,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0b80769ba127fce3221c1fd47e87c4a7\System.ni.dll
MOD - [2013-02-05 12:01:01 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll
MOD - [2012-09-14 00:03:56 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012-07-06 04:01:13 | 002,972,672 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011-08-07 15:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detour32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013-03-07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013-03-02 23:06:04 | 000,037,888 | -HS- | M] () [Auto | Running] -- C:\Program Files\KMSpico\Service_KMS.exe -- (Service KMSELDI)
SRV:64bit: - [2013-03-02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-03-02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-02-02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-01-29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013-01-10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013-01-10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012-11-27 15:56:28 | 000,118,272 | ---- | M] (DeadPihto) [Auto | Running] -- C:\Windows\SysNative\wsservice_crk.dll -- (WSServiceCrk)
SRV:64bit: - [2012-11-06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012-11-06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012-09-20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012-09-20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012-09-20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012-09-16 10:25:58 | 000,662,104 | ---- | M] (Genie9) [Auto | Running] -- C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
SRV:64bit: - [2012-09-11 23:14:40 | 000,390,672 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2012-07-26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012-07-26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012-07-26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012-07-26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012-07-26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012-07-26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012-07-26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012-07-26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012-07-26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012-07-26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012-07-26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012-07-26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012-07-26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013-04-26 19:13:31 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-04-19 16:00:08 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-03-12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe -- (ogmservice)
SRV - [2013-03-06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013-02-26 15:42:53 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2013-02-15 16:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013-02-15 16:27:52 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013-02-15 14:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-01-15 18:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012-12-16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2012-12-14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-12-11 11:22:38 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-11-06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012-11-01 03:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012-11-01 03:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012-11-01 02:57:50 | 013,234,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012-11-01 01:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012-10-11 18:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012-07-26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012-01-09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013-03-07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013-03-07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013-03-07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013-03-07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013-03-07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013-03-07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013-03-07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013-03-07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013-03-05 15:10:52 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013-03-02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013-03-02 12:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013-03-02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-03-02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-03-02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013-03-02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013-02-05 19:34:43 | 000,047,240 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2013-02-05 19:34:37 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rrnetcap.sys -- (RRNetCapMP)
DRV:64bit: - [2013-02-05 19:34:37 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rrnetcap.sys -- (RRNetCap)
DRV:64bit: - [2013-02-02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013-02-02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-01-29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013-01-29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013-01-27 15:35:46 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013-01-10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012-12-21 14:53:58 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2012-12-21 14:53:58 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2012-12-19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012-12-14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-12-11 11:22:46 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012-11-27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012-11-20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012-11-06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012-11-01 03:34:54 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012-11-01 03:34:32 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012-11-01 03:34:10 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012-11-01 03:34:08 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012-11-01 03:34:04 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012-10-24 15:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012-10-24 15:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012-10-12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-10-11 18:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012-10-11 18:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012-10-11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012-10-11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012-09-20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012-09-20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012-09-20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012-09-20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012-07-26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-07-26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012-07-26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012-07-26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012-07-26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012-07-26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012-07-26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012-07-26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012-07-26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012-07-26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012-07-26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012-07-26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012-07-26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012-07-26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012-07-26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012-07-26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-07-26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012-07-26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012-07-26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012-07-26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012-07-26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012-07-26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012-07-26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012-07-26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012-07-26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012-07-26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012-07-26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012-07-26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012-07-26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012-07-26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012-07-26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012-07-26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012-07-26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012-07-26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012-07-26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-07-26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012-07-26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012-07-26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-07-26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012-07-26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012-07-26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012-07-26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012-07-26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012-07-26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012-07-26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012-07-26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012-06-02 16:31:37 | 000,425,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2012-06-02 16:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr)
DRV:64bit: - [2011-12-26 16:27:24 | 000,015,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ampa.sys -- (ampa)
DRV:64bit: - [2011-12-15 02:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011-06-15 22:10:58 | 000,015,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ddmdrv.sys -- (ddmdrv)
DRV:64bit: - [2010-10-20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV - [2013-02-15 16:28:06 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2012-12-21 14:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2012-12-21 14:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2012-07-05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012-07-05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012-01-05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2011-12-26 16:27:22 | 000,012,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ampa.sys -- (ampa)
DRV - [2011-06-15 22:09:42 | 000,012,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ddmdrv.sys -- (ddmdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2189671484-2947882400-2928688451-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2189671484-2947882400-2928688451-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.nl.msn.com/
IE - HKU\S-1-5-21-2189671484-2947882400-2928688451-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKU\S-1-5-21-2189671484-2947882400-2928688451-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 41 45 52 3E 02 CE 01 [binary data]
IE - HKU\S-1-5-21-2189671484-2947882400-2928688451-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2189671484-2947882400-2928688451-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-2189671484-2947882400-2928688451-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2189671484-2947882400-2928688451-1004\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.nl/"
FF - prefs.js..extensions.enabledAddons: %7B27c60876-b5c9-4335-b4f3-52b26782220c%7D:0.9.4
FF - prefs.js..extensions.enabledAddons: %7B563e4790-7e70-11da-a72b-0800200c9a66%7D:0.9f
FF - prefs.js..extensions.enabledAddons: %7Ba5312b79-bf0d-4825-a25f-b33d67d4a58a%7D:13.15.63
FF - prefs.js..extensions.enabledAddons: rssicon%40jasnapaka.com:1.4
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: coralietab%40mozdev.org:2.04.20110724
FF - prefs.js..extensions.enabledAddons: %7Bac2cfa60-bc96-11e0-962b-0800200c9a66%7D:2.0
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mark de Jager\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-28 17:31:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-04-06 13:04:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-04-27 18:03:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\CaptureSaver\Firefox [2013-03-19 10:57:39 | 000,000,000 | ---D | M]

[2013-02-03 20:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Extensions
[2013-04-27 18:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions
[2013-03-01 16:23:09 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013-04-20 17:27:22 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\[email protected]
[2013-04-22 09:51:21 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\[email protected]
[2013-03-06 14:25:15 | 000,207,249 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-06 21:15:48 | 000,015,618 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-08 21:59:50 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-05 11:34:49 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2013-02-06 18:51:54 | 000,010,707 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}.xpi
[2013-02-06 21:01:15 | 000,045,996 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{a5312b79-bf0d-4825-a25f-b33d67d4a58a}.xpi
[2013-04-27 18:56:04 | 000,052,139 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi
[2013-02-14 11:09:20 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-04-05 19:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013-04-05 19:06:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013-04-26 19:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\distribution\extensions
[2013-04-28 17:31:00 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013-01-11 03:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Mark de Jager\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Documenten = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Documenten = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Zoeken = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Zoeken = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013-04-28 17:19:44 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (CaptureSaver) - {5148AB7D-8868-4490-B6DA-F98368488582} - C:\Program Files (x86)\CaptureSaver\CaptureSaverIE.dll (www.capturesaver.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [Photobucket Backup] C:\Program Files (x86)\Photobucket Backup\Photobucket.App.exe (Photobucket)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-2189671484-2947882400-2928688451-1001..\Run: [KeyboardLeds.exe] C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe (KARPOLAN)
O4 - HKU\S-1-5-21-2189671484-2947882400-2928688451-1001..\Run: [pdiface] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow File not found
O4 - HKU\S-1-5-21-2189671484-2947882400-2928688451-1001..\Run: [SkyDrive] C:\Users\Mark de Jager\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2189671484-2947882400-2928688451-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-2189671484-2947882400-2928688451-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O8:64bit: - Extra context menu item: Add to CaptureSaver - C:\Program Files (x86)\CaptureSaver\\AddFromIE.htm ()
O8:64bit: - Extra context menu item: Sticky Password - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O8 - Extra context menu item: Add to CaptureSaver - C:\Program Files (x86)\CaptureSaver\\AddFromIE.htm ()
O8 - Extra context menu item: Sticky Password - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - C:\Program Files (x86)\CaptureSaver\CaptureSaverIE.dll (www.capturesaver.com)
O9 - Extra 'Tools' menuitem : CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2189671484-2947882400-2928688451-1001\..Trusted Domains: mediapluspro.com ([www] https in Vertrouwde websites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{404E2125-F77B-4A20-89E5-7CE2767B2BAF}: DhcpNameServer = 192.168.2.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013-04-28 17:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013-04-28 17:33:14 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013-04-28 17:33:14 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013-04-28 17:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013-04-28 17:33:08 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013-04-28 17:33:08 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013-04-28 17:32:11 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013-04-28 17:32:10 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013-04-28 17:30:17 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013-04-28 17:16:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-04-28 17:12:12 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013-04-28 16:01:39 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013-04-28 16:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013-04-28 15:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013-04-28 15:40:23 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Leawo
[2013-04-28 15:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo
[2013-04-28 15:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
[2013-04-28 15:38:23 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll
[2013-04-28 15:38:23 | 000,438,272 | ---- | C] (Gabest) -- C:\Windows\SysWow64\Mpeg2DecFilter.ax
[2013-04-28 15:38:23 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2013-04-28 15:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo
[2013-04-28 14:31:27 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\liQeNSoft
[2013-04-28 14:05:40 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\TeknoGods
[2013-04-28 13:46:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
[2013-04-28 13:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MW3
[2013-04-28 13:14:46 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MW3
[2013-04-28 13:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\MW3
[2013-04-27 20:39:35 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\RealPopup
[2013-04-27 20:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealPopup
[2013-04-27 20:23:56 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Computerspeeltuin.{ED7BA470-8E54-465E-825C-99712043E01C}
[2013-04-27 20:14:21 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\HTML Executable
[2013-04-27 19:44:46 | 000,000,000 | R--D | C] -- C:\Users\Mark de Jager\Desktop\SkyDrive
[2013-04-27 19:43:54 | 000,000,000 | R--D | C] -- C:\Users\Mark de Jager\SkyDrive
[2013-04-27 19:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013-04-27 19:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013-04-27 17:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSR Soft
[2013-04-27 17:28:04 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\TSR Software
[2013-04-27 17:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TSR Soft
[2013-04-27 16:04:58 | 000,000,000 | ---D | C] -- C:\gql
[2013-04-27 16:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deluge
[2013-04-27 15:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013-04-27 15:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013-04-27 15:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013-04-27 15:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
[2013-04-27 15:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\KMSpico
[2013-04-27 15:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013-04-27 15:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Toolkit
[2013-04-26 18:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2013-04-26 18:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2013-04-23 08:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013-04-23 08:39:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013-04-23 08:39:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013-04-23 08:39:32 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013-04-20 18:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013-04-20 18:17:16 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Anti-Malware
[2013-04-20 17:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013-04-19 20:38:06 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Navicat
[2013-04-19 17:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013-04-19 17:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013-04-19 17:42:51 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\IObit
[2013-04-19 17:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013-04-17 11:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
[2013-04-17 11:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PremiumSoft
[2013-04-16 08:58:23 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Enplase
[2013-04-16 08:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima Steganography
[2013-04-16 08:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ultima Steganography
[2013-04-15 19:28:20 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Keygens en activators
[2013-04-15 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Host Hotel
[2013-04-14 10:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013-04-14 10:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013-04-14 09:51:03 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\QFX Software
[2013-04-14 09:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2013-04-14 09:51:01 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2013-04-14 09:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2013-04-14 09:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2013-04-13 21:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uTorrent Turbo Booster
[2013-04-13 21:47:25 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent Turbo Booster
[2013-04-13 21:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent Turbo Booster
[2013-04-13 21:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WNR
[2013-04-13 21:20:38 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\WNR
[2013-04-13 21:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxy Switcher Standard
[2013-04-13 19:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013-04-13 19:38:35 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\GoforFiles
[2013-04-13 19:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
[2013-04-13 19:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013-04-12 19:58:00 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2013-04-11 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\PicaJet.Com
[2013-04-11 16:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicaJet.Com
[2013-04-11 16:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicaJet.Com
[2013-04-10 14:50:59 | 000,692,576 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-04-10 14:50:59 | 000,078,176 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-04-10 14:25:17 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2013-04-10 14:25:15 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013-04-10 14:25:14 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013-04-10 14:25:13 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013-04-10 14:25:12 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2013-04-10 14:25:11 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013-04-10 14:25:11 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2013-04-10 14:25:10 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2013-04-10 14:25:10 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2013-04-10 14:25:10 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll
[2013-04-10 14:25:10 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2013-04-10 14:25:10 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2013-04-10 14:25:09 | 001,151,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2013-04-10 14:25:09 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2013-04-10 14:25:09 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll
[2013-04-10 14:25:09 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013-04-10 14:25:09 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013-04-10 14:25:09 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2013-04-10 14:25:09 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll
[2013-04-10 14:25:08 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013-04-10 14:25:08 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013-04-10 14:25:08 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013-04-10 14:25:08 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013-04-10 14:25:08 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2013-04-10 14:25:08 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2013-04-10 14:25:07 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2013-04-10 14:25:07 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll
[2013-04-10 14:25:07 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2013-04-10 14:25:07 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2013-04-10 14:25:07 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2013-04-10 14:25:06 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013-04-10 14:25:06 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013-04-10 14:25:06 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2013-04-10 14:25:06 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013-04-10 14:25:06 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2013-04-10 14:25:06 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013-04-10 14:25:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013-04-10 14:25:05 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013-04-10 14:25:05 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2013-04-10 14:25:05 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2013-04-10 14:25:05 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013-04-10 14:25:05 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013-04-10 14:25:05 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll
[2013-04-10 14:25:05 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2013-04-10 14:25:05 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013-04-10 14:25:05 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll
[2013-04-10 14:25:05 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013-04-10 14:25:05 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys
[2013-04-10 14:25:05 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013-04-10 14:25:04 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013-04-10 14:25:04 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2013-04-10 14:25:04 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2013-04-10 14:25:04 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013-04-10 14:25:03 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013-04-10 14:25:03 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013-04-10 14:25:03 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll
[2013-04-10 14:25:03 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013-04-10 14:25:03 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll
[2013-04-10 14:25:03 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe
[2013-04-10 14:25:03 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL
[2013-04-10 14:25:03 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll
[2013-04-10 14:25:02 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013-04-10 14:25:02 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013-04-10 14:25:02 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013-04-10 14:25:02 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll
[2013-04-10 14:25:02 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013-04-10 12:59:33 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013-04-10 12:59:29 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013-04-10 12:59:28 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013-04-10 12:59:28 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013-04-10 12:59:27 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013-04-10 12:59:26 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013-04-10 12:59:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013-04-10 12:59:26 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013-04-10 12:59:25 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013-04-10 12:59:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013-04-10 12:59:22 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013-04-10 12:59:20 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013-04-10 12:59:20 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013-04-08 10:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Logo Remover
[2013-04-08 10:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Logo Remover
[2013-04-06 13:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013-04-06 13:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013-04-04 08:30:09 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Apple Computer
[2013-04-03 14:57:21 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\CyberLink
[2013-04-03 14:56:52 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\CyberLink
[2013-04-03 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013-04-03 14:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2013-04-03 14:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software
[2013-04-03 14:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2013-04-03 14:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013-04-03 14:51:53 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\Apple
[2013-04-03 14:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013-04-03 14:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013-04-03 14:51:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 11
[2013-04-03 14:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013-04-03 14:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2013-04-03 14:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013-04-03 14:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2013-04-03 13:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013-04-03 13:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013-04-03 13:25:47 | 000,034,304 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\SysNative\DfSdkBt.exe
[2013-04-03 13:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2013-04-02 19:00:09 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2013-04-02 19:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2013-04-02 10:09:49 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Opdrachten Nederlands, Dennis
[2013-04-01 16:19:46 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013-04-01 16:19:46 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013-04-01 16:19:46 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2013-04-01 16:19:46 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2013-04-01 16:19:46 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013-04-01 16:19:46 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013-04-01 16:19:45 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013-04-01 16:19:45 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013-04-01 16:19:45 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2013-04-01 16:19:45 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2013-04-01 16:19:45 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2013-04-01 16:19:45 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2013-04-01 16:19:45 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013-04-01 16:19:45 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013-04-01 16:19:44 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2013-04-01 16:19:44 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2013-04-01 16:19:44 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2013-04-01 16:19:44 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2013-04-01 16:19:44 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2013-04-01 16:19:44 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2013-04-01 16:19:43 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2013-04-01 16:19:43 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2013-04-01 16:19:43 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2013-04-01 16:19:43 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2013-04-01 16:19:42 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2013-04-01 16:19:42 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2013-04-01 16:19:42 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2013-04-01 16:19:42 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2013-04-01 16:19:41 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2013-04-01 16:19:41 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2013-04-01 16:19:41 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2013-04-01 16:19:41 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2013-04-01 16:19:41 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2013-04-01 16:19:41 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2013-04-01 16:19:40 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2013-04-01 16:19:40 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2013-04-01 16:19:40 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2013-04-01 16:19:40 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2013-04-01 16:19:39 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2013-04-01 16:19:39 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2013-04-01 16:19:39 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2013-04-01 16:19:39 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2013-04-01 16:19:39 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2013-04-01 16:19:39 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2013-04-01 16:19:37 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2013-04-01 16:19:37 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2013-04-01 16:19:37 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2013-04-01 16:19:37 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2013-04-01 16:19:36 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2013-04-01 16:19:36 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2013-04-01 16:19:36 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2013-04-01 16:19:36 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2013-04-01 16:19:34 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2013-04-01 16:19:34 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2013-04-01 16:19:34 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2013-04-01 16:19:34 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2013-04-01 16:19:34 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2013-04-01 16:19:34 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2013-04-01 16:19:33 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2013-04-01 16:19:33 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2013-04-01 16:19:33 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2013-04-01 16:19:33 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2013-04-01 16:19:31 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2013-04-01 16:19:31 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2013-04-01 16:19:31 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2013-04-01 16:19:31 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2013-04-01 16:19:30 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2013-04-01 16:19:30 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2013-04-01 16:19:30 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2013-04-01 16:19:30 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2013-04-01 16:19:30 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2013-04-01 16:19:30 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2013-04-01 16:19:29 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2013-04-01 16:19:29 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013-04-01 16:19:29 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2013-04-01 16:19:29 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013-04-01 16:19:29 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2013-04-01 16:19:29 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013-04-01 16:19:27 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2013-04-01 16:19:27 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2013-04-01 16:19:27 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2013-04-01 16:19:27 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2013-04-01 16:19:26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2013-04-01 16:19:26 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2013-04-01 16:19:26 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2013-04-01 16:19:26 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2013-04-01 16:19:25 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2013-04-01 16:19:25 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2013-04-01 16:19:25 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2013-04-01 16:19:25 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2013-04-01 16:19:24 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2013-04-01 16:19:24 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2013-04-01 16:19:23 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2013-04-01 16:19:23 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2013-04-01 16:19:23 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2013-04-01 16:19:23 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2013-04-01 16:19:22 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2013-04-01 16:19:22 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2013-04-01 16:19:22 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2013-04-01 16:19:22 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2013-04-01 16:19:22 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2013-04-01 16:19:22 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2013-04-01 16:19:21 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2013-04-01 16:19:21 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2013-04-01 16:19:21 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2013-04-01 16:19:21 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2013-04-01 16:19:19 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2013-04-01 16:19:19 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2013-04-01 16:19:19 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2013-04-01 16:19:19 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2013-04-01 16:19:18 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2013-04-01 16:19:18 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2013-04-01 16:19:17 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2013-04-01 16:19:17 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2013-04-01 16:19:16 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2013-04-01 16:19:16 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2013-04-01 16:19:16 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2013-04-01 16:19:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2013-04-01 16:19:15 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2013-04-01 16:19:15 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2013-04-01 16:19:14 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2013-04-01 16:19:14 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2013-04-01 16:19:14 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2013-04-01 16:19:14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2013-04-01 16:19:14 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2013-04-01 16:19:14 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2013-04-01 16:19:14 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2013-04-01 16:19:14 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2013-04-01 16:19:13 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2013-04-01 16:19:13 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2013-04-01 16:19:13 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2013-04-01 16:19:13 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2013-04-01 16:19:12 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2013-04-01 16:19:12 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2013-04-01 16:19:12 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2013-04-01 16:19:12 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2013-04-01 16:19:12 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2013-04-01 16:19:12 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2013-04-01 16:19:11 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2013-04-01 16:19:11 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2013-04-01 16:19:10 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2013-04-01 16:19:10 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2013-04-01 16:19:10 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2013-04-01 16:19:10 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2013-04-01 16:19:09 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2013-04-01 16:19:09 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2013-04-01 16:19:09 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2013-04-01 16:19:09 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2013-04-01 16:19:09 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2013-04-01 16:19:09 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2013-04-01 16:19:08 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2013-04-01 16:19:08 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013-04-01 16:19:07 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2013-04-01 16:19:07 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2013-04-01 16:19:07 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2013-04-01 16:19:07 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2013-04-01 16:19:07 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2013-04-01 16:19:07 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2013-04-01 16:19:07 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2013-04-01 16:19:07 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2013-04-01 16:19:06 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2013-04-01 16:19:06 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2013-04-01 16:19:04 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2013-04-01 16:19:04 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013-04-01 16:19:03 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2013-04-01 16:19:03 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2013-04-01 16:19:03 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2013-04-01 16:19:03 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2013-04-01 16:19:02 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2013-04-01 16:19:02 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2013-04-01 16:19:01 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2013-04-01 16:19:01 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2013-04-01 16:19:00 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2013-04-01 16:19:00 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2013-04-01 16:18:59 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2013-04-01 16:18:59 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2013-04-01 16:18:59 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2013-04-01 16:18:57 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2013-04-01 16:18:57 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2013-04-01 16:16:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013-04-01 16:16:09 | 069,796,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2013-03-31 20:07:59 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2013-03-31 20:07:46 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\Facebook
[2013-03-31 15:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2013-03-31 15:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2013-03-31 15:05:55 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013-03-31 15:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013-03-30 16:24:07 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\GTA San Andreas User Files

========== Files - Modified Within 30 Days ==========

[2013-04-28 17:45:15 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-04-28 17:44:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-04-28 17:43:02 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013-04-28 17:42:42 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013-04-28 17:41:16 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-04-28 17:36:39 | 000,017,551 | ---- | M] () -- C:\ProgramData\1367162850.1948.bin
[2013-04-28 17:36:24 | 000,000,000 | ---- | M] () -- C:\ProgramData\1367162850.bdinstall.bin
[2013-04-28 17:33:32 | 000,009,986 | ---- | M] () -- C:\ProgramData\1367162850.5136.bin
[2013-04-28 17:33:32 | 000,001,235 | ---- | M] () -- C:\ProgramData\1367162850.5608.bin
[2013-04-28 17:33:14 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-04-28 17:32:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013-04-28 17:19:44 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013-04-28 17:12:04 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001UA.job
[2013-04-28 17:01:17 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-04-28 15:11:43 | 000,257,596 | ---- | M] () -- C:\ProgramData\1367154598.bdinstall.bin
[2013-04-28 15:11:37 | 000,046,817 | ---- | M] () -- C:\ProgramData\1367154692.bdinstall.bin
[2013-04-28 14:52:47 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2013-04-28 14:48:14 | 000,494,432 | ---- | M] () -- C:\ProgramData\1367152409.bdinstall.bin
[2013-04-28 13:46:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
[2013-04-28 13:21:30 | 000,001,122 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk
[2013-04-28 13:06:26 | 000,002,190 | -H-- | M] () -- C:\Users\Mark de Jager\Documents\Default.rdp
[2013-04-27 20:12:00 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001Core.job
[2013-04-27 18:26:31 | 000,001,105 | ---- | M] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013-04-27 16:06:38 | 004,874,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-04-14 10:53:17 | 001,808,720 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-04-14 10:53:17 | 000,802,560 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013-04-14 10:53:17 | 000,715,832 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-04-14 10:53:17 | 000,161,432 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013-04-14 10:53:17 | 000,134,668 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-04-14 10:29:21 | 000,000,024 | ---- | M] () -- C:\Users\Mark de Jager\random.dat
[2013-04-14 10:28:59 | 000,000,052 | ---- | M] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE.dat
[2013-04-13 21:47:26 | 000,001,163 | ---- | M] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent Turbo Booster.lnk
[2013-04-13 19:35:47 | 000,000,271 | RH-- | M] () -- C:\Windows\Stop.cmd
[2013-04-10 13:32:59 | 000,000,024 | ---- | M] () -- C:\Users\Mark de Jager\jagexappletviewer.preferences
[2013-04-06 18:08:22 | 000,005,632 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013-04-04 05:35:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013-04-04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013-04-04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013-04-03 00:08:01 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013-04-03 00:08:01 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013-03-31 20:08:02 | 000,001,327 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk

========== Files Created - No Company Name ==========

[2013-04-28 17:36:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\1367162850.bdinstall.bin
[2013-04-28 17:33:14 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-04-28 17:32:10 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013-04-28 17:32:10 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013-04-28 17:27:52 | 000,009,986 | ---- | C] () -- C:\ProgramData\1367162850.5136.bin
[2013-04-28 17:27:52 | 000,001,235 | ---- | C] () -- C:\ProgramData\1367162850.5608.bin
[2013-04-28 17:27:30 | 000,017,551 | ---- | C] () -- C:\ProgramData\1367162850.1948.bin
[2013-04-28 16:01:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013-04-28 15:11:43 | 000,257,596 | ---- | C] () -- C:\ProgramData\1367154598.bdinstall.bin
[2013-04-28 15:11:37 | 000,046,817 | ---- | C] () -- C:\ProgramData\1367154692.bdinstall.bin
[2013-04-28 14:52:47 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2013-04-28 14:48:14 | 000,494,432 | ---- | C] () -- C:\ProgramData\1367152409.bdinstall.bin
[2013-04-28 13:21:30 | 000,001,122 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk
[2013-04-27 20:39:32 | 000,000,929 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealPopup.lnk
[2013-04-27 19:43:53 | 000,002,304 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2013-04-27 16:21:11 | 000,001,105 | ---- | C] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013-04-17 11:45:52 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2013-04-13 21:47:26 | 000,001,163 | ---- | C] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent Turbo Booster.lnk
[2013-04-13 20:32:35 | 004,874,416 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-04-13 19:34:23 | 000,001,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013-04-13 19:32:55 | 000,000,271 | RH-- | C] () -- C:\Windows\Stop.cmd
[2013-04-13 16:10:00 | 000,002,190 | -H-- | C] () -- C:\Users\Mark de Jager\Documents\Default.rdp
[2013-04-12 19:58:00 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2013-04-10 20:12:49 | 000,001,494 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2013-04-10 14:25:02 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013-04-03 14:51:51 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013-03-31 20:07:59 | 000,001,327 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013-03-31 20:07:49 | 000,000,976 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001UA.job
[2013-03-31 20:07:47 | 000,000,954 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001Core.job
[2013-03-23 15:12:54 | 000,000,054 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_speccollect_LIVE.dat
[2013-03-19 21:10:59 | 000,230,206 | ---- | C] () -- C:\ProgramData\1363720194.bdinstall.bin
[2013-03-19 20:49:39 | 000,579,637 | ---- | C] () -- C:\ProgramData\1363718718.bdinstall.bin
[2013-03-18 14:12:08 | 000,000,038 | ---- | C] () -- C:\Program Files (x86)\cfg.ini
[2013-03-18 14:10:48 | 001,645,496 | ---- | C] () -- C:\Windows\ampa.exe
[2013-03-18 14:10:48 | 000,012,728 | ---- | C] () -- C:\Windows\SysWow64\ampa.sys
[2013-03-18 14:10:42 | 000,012,728 | ---- | C] () -- C:\Windows\SysWow64\ddmdrv.sys
[2013-03-18 14:10:41 | 001,293,240 | ---- | C] () -- C:\Windows\ddmmain.exe
[2013-03-17 12:49:46 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013-03-12 15:41:44 | 000,000,416 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013-03-09 12:18:07 | 000,005,632 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-03-02 17:07:06 | 000,000,104 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013-02-28 10:04:32 | 000,000,053 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE1.dat
[2013-02-26 15:43:40 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2013-02-25 17:16:37 | 000,000,052 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_oldschool_LIVE.dat
[2013-02-22 19:41:39 | 000,000,054 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_loginapplet_LIVE.dat
[2013-02-11 13:17:40 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2013-02-11 13:17:40 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2013-02-11 13:17:40 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2013-02-11 13:17:40 | 000,014,920 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2013-02-11 13:17:40 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2013-02-08 19:49:28 | 000,004,096 | -H-- | C] () -- C:\Users\Mark de Jager\AppData\Local\keyfile3.drm
[2013-02-07 16:19:56 | 000,211,665 | ---- | C] () -- C:\ProgramData\1360246678.bdinstall.bin
[2013-02-07 16:09:23 | 000,371,893 | ---- | C] () -- C:\ProgramData\1360245933.bdinstall.bin
[2013-02-07 10:17:14 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013-02-06 13:02:47 | 001,821,998 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-02-05 09:12:38 | 000,088,362 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Roaming\spritesa
[2013-02-04 13:30:59 | 000,000,052 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE.dat
[2013-02-04 13:30:59 | 000,000,024 | ---- | C] () -- C:\Users\Mark de Jager\random.dat
[2013-02-04 13:30:55 | 000,000,024 | ---- | C] () -- C:\Users\Mark de Jager\jagexappletviewer.preferences
[2013-02-04 11:27:40 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012-12-14 03:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012-12-14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-12-14 03:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012-07-26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012-07-26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012-07-26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012-07-26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012-07-25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012-07-25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012-06-02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013-04-01 16:18:47 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-03-02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-03-02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013-03-22 13:15:29 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Genie9
[2013-03-22 13:15:29 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Genie9
[2013-03-14 17:57:53 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\1-abc
[2013-02-08 12:51:39 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Acronis
[2013-02-05 18:30:56 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\ActiveX
[2013-04-27 20:30:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Atari
[2013-03-19 10:53:58 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\CaptureSaver
[2013-03-03 11:47:03 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013-04-16 08:58:23 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Enplase
[2013-02-06 15:31:33 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\ESET
[2013-04-14 10:43:37 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\FileZilla
[2013-02-27 16:30:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Firetrust
[2013-03-21 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Genie9
[2013-04-13 19:38:35 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\GoforFiles
[2013-04-27 20:14:21 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\HTML Executable
[2013-03-09 11:47:50 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\idoo
[2013-04-20 17:29:01 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\IObit
[2013-02-25 11:44:33 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Lamantine
[2013-02-11 17:57:06 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Notepad++
[2013-03-02 17:07:40 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Photobucket
[2013-04-11 16:12:10 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\PicaJet.Com
[2013-02-05 20:03:24 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\PowerISO
[2013-03-13 15:53:24 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Publish Providers
[2013-04-14 09:51:03 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\QFX Software
[2013-02-07 16:06:02 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\QuickScan
[2013-02-05 20:16:55 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Returnil
[2013-02-05 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Soft4Boost
[2013-03-09 12:18:07 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Solveig Multimedia
[2013-03-10 17:02:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Sony
[2013-03-02 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TeamViewer
[2013-03-01 13:17:48 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TechSmith
[2013-03-05 15:11:58 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TrueCrypt
[2013-02-09 17:01:16 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Unity
[2013-04-28 17:33:47 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent
[2013-04-13 21:47:25 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent Turbo Booster
[2013-04-13 21:20:38 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\WNR
[2013-02-13 11:42:54 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\X-Chat 2
[2013-03-03 13:11:32 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\XUSSoft

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2012-09-20 08:30:35 | 000,190,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2012-07-26 05:05:04 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2012-07-26 05:08:16 | 000,094,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2012-07-26 05:07:01 | 000,826,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2012-11-27 06:17:32 | 000,718,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2012-07-26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2012-07-26 05:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012-07-26 05:05:36 | 000,507,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2012-07-26 05:18:26 | 000,394,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012-07-26 05:05:12 | 000,134,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012-07-26 05:05:21 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2012-07-26 05:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2012-10-11 07:43:40 | 000,331,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2012-10-11 07:06:02 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012-09-20 08:31:07 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2012-07-26 05:05:34 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:64bit: - [2012-07-26 05:05:46 | 000,036,352 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2012-07-26 05:18:34 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2012-07-26 05:05:51 | 000,438,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2012-07-26 05:05:51 | 000,474,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2012-07-26 05:07:25 | 000,502,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2012-09-20 08:31:57 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2012-07-26 05:06:34 | 000,255,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2013-02-02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012-09-20 08:32:17 | 000,356,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2012-07-26 07:26:47 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012-09-20 08:33:04 | 000,107,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012-07-26 05:08:47 | 000,769,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:64bit: - [2012-07-26 05:07:03 | 000,099,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2012-07-26 05:07:03 | 000,358,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2012-07-26 05:07:06 | 000,817,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2012-07-26 05:07:09 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2012-09-20 08:33:39 | 000,035,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2012-07-26 05:08:12 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2012-07-26 05:07:23 | 000,309,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2012-07-26 05:07:16 | 000,565,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2012-07-26 05:19:59 | 000,506,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2012-07-26 05:07:08 | 001,282,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2012-07-26 05:07:28 | 000,305,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2012-07-26 05:20:06 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2012-07-26 05:07:30 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012-07-26 05:07:00 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2012-07-26 05:08:49 | 001,482,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2012-11-06 06:17:42 | 000,785,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:64bit: - [2012-11-06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012-07-26 05:07:08 | 000,148,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013-01-29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012-07-26 05:07:47 | 001,731,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:64bit: - [2012-10-11 07:44:35 | 000,904,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2012-07-26 05:07:47 | 000,570,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2012-07-26 05:08:34 | 000,124,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2012-07-26 05:20:50 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2012-07-26 05:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2013-03-02 04:45:19 | 003,240,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2012-07-26 05:05:31 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2012-11-06 06:19:59 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:64bit: - [2012-07-26 05:08:02 | 000,191,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2012-10-11 07:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2012-10-11 07:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
[2012-10-11 10:09:58 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2012-10-11 10:09:58 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
[2012-07-26 05:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2012-07-26 05:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
[2012-07-26 06:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2012-07-26 06:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
[2012-10-11 07:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows.old\Windows\SysWOW64\explorer.exe
[2012-10-11 07:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2012-10-11 07:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\SysWOW64\explorer.exe
[2012-10-11 07:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
[2012-10-11 09:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows.old\Windows\explorer.exe
[2012-10-11 09:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
[2012-10-11 09:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\explorer.exe
[2012-10-11 09:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe

< MD5 for: SERVICES >
[2012-07-26 07:26:49 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\System32\Drivers\etc\services
[2012-07-26 07:26:47 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services
[2012-07-26 07:26:47 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..ucture-other-minwin_31bf3856ad364e35_6.2.9200.16384_none_8e0944daeed62829\services

< MD5 for: SERVICES.ASFX >
[2012-09-23 21:43:48 | 000,002,628 | ---- | M] () MD5=8A84C89E1D2A0916D4464D5AD46FB8AC -- C:\Windows.old\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\nl_NL\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2012-09-23 21:43:36 | 000,603,848 | ---- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows.old\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DAT >
[2011-11-08 04:18:22 | 000,016,795 | ---- | M] () MD5=F3FF835C3C6263AB484B7D417FAB76F8 -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2013\data\services.dat

< MD5 for: SERVICES.DLL >
[2010-10-21 11:11:14 | 004,465,432 | ---- | M] (SmartSound Software Inc.) MD5=09CFB48DF9A22C5B02A249778546422C -- C:\Program Files (x86)\SmartSound Software\Quicktracks 5\Services.dll

< MD5 for: SERVICES.EXE >
[2012-09-20 08:33:11 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=581190907DA1CF8CB7B87B35FFE64A07 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2012-09-20 08:33:11 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=581190907DA1CF8CB7B87B35FFE64A07 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_98a9ea2e9f571eb2\services.exe
[2012-07-26 07:26:45 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=754A2CC1F32107EA87CBD305ABE3E618 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2012-07-26 07:26:45 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=754A2CC1F32107EA87CBD305ABE3E618 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_97e26cd38667756c\services.exe
[2012-09-20 08:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows.old\Windows\System32\services.exe
[2012-09-20 08:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe
[2012-09-20 08:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\SysNative\services.exe
[2012-09-20 08:33:46 | 000,410,624 | ---- | M] (Microsoft Corporation) MD5=8F226143046435C75C033B0C52E90FFE -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_981f4d19863a6591\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2012-07-26 11:49:08 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=66953EC2CD8E0D23434AAF943BA60219 -- C:\Windows.old\Windows\System32\nl-NL\services.exe.mui
[2012-07-26 11:49:08 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=66953EC2CD8E0D23434AAF943BA60219 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_nl-nl_7bd2dfda38c15fbf\services.exe.mui
[2012-07-26 11:49:08 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=66953EC2CD8E0D23434AAF943BA60219 -- C:\Windows\SysNative\nl-NL\services.exe.mui
[2012-07-26 11:49:08 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=66953EC2CD8E0D23434AAF943BA60219 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.2.9200.16384_nl-nl_7bd2dfda38c15fbf\services.exe.mui

< MD5 for: SERVICES.H >
[2012-07-20 19:38:02 | 000,001,043 | ---- | M] () MD5=EFA6260E75D8055649F88462E3E9E929 -- C:\xampp\mysql\include\mysql\services.h

< MD5 for: SERVICES.JS >
[2013-04-15 12:02:20 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_2.0.0.275_x64__8wekyb3d8bbwe\common\js\services.js
[2013-04-15 12:01:18 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingNews_2.0.0.273_x64__8wekyb3d8bbwe\common\js\services.js
[2013-04-15 12:01:54 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingSports_2.0.0.273_x64__8wekyb3d8bbwe\common\js\services.js
[2013-04-15 11:56:39 | 000,052,388 | ---- | M] () MD5=170AC4B9F3DC60E0D38D7CC307CEFD12 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_2.0.0.274_x64__8wekyb3d8bbwe\common\js\services.js
[2012-07-26 11:54:56 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 11:54:48 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 11:54:45 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 11:55:25 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 11:54:51 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 11:54:56 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 11:54:48 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 11:54:45 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 11:55:25 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\platform\js\services.js
[2012-07-26 11:54:51 | 000,056,775 | ---- | M] () MD5=33C1E65B760A9589F6DE37F64941E449 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\platform\js\services.js
[2013-02-04 21:19:22 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingFinance_1.7.0.38_x64__8wekyb3d8bbwe\common\js\services.js
[2013-02-04 21:22:06 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingNews_1.7.0.38_x64__8wekyb3d8bbwe\common\js\services.js
[2013-02-04 21:24:50 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingTravel_1.7.0.26_x64__8wekyb3d8bbwe\Common\js\services.js
[2013-02-04 21:17:21 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Program Files\WindowsApps\Microsoft.BingWeather_1.7.0.26_x64__8wekyb3d8bbwe\common\js\services.js
[2013-01-31 13:00:55 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingFinance_1.7.0.29_x64__8wekyb3d8bbwe\common\js\services.js
[2013-01-31 13:00:55 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingFinance_1.7.0.38_x64__8wekyb3d8bbwe\common\js\services.js
[2013-01-31 13:01:46 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingNews_1.7.0.31_x64__8wekyb3d8bbwe\common\js\services.js
[2013-01-31 13:01:46 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingNews_1.7.0.38_x64__8wekyb3d8bbwe\common\js\services.js
[2013-01-31 13:05:32 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingTravel_1.7.0.26_x64__8wekyb3d8bbwe\Common\js\services.js
[2013-01-31 13:02:22 | 000,069,359 | ---- | M] () MD5=6AA9F10CF05F9848EFAA91062BBEB586 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingWeather_1.7.0.26_x64__8wekyb3d8bbwe\common\js\services.js
[2013-02-04 21:23:15 | 000,069,359 | ---- | M] () MD5=80CE8A6918A7BDB5328F93F4A3BB26B0 -- C:\Program Files\WindowsApps\Microsoft.BingSports_1.8.0.51_x64__8wekyb3d8bbwe\common\js\services.js
[2013-01-31 13:03:35 | 000,069,359 | ---- | M] () MD5=80CE8A6918A7BDB5328F93F4A3BB26B0 -- C:\Windows.old\Program Files\WindowsApps\Microsoft.BingSports_1.8.0.51_x64__8wekyb3d8bbwe\common\js\services.js

< MD5 for: SERVICES.LNK >
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Menu Start\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Menu Start\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Start Menu\Programma's\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Users\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk
[2012-07-25 22:19:37 | 000,001,158 | ---- | M] () MD5=5C11B0E362D426FD6E99B07705BA4A48 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.lnk

< MD5 for: SERVICES.MOF >
[2012-06-02 16:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\System32\wbem\services.mof
[2012-06-02 16:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof
[2012-06-02 16:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2012-06-02 16:35:05 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\services.mof

< MD5 for: SERVICES.MSC >
[2012-06-02 16:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\System32\services.msc
[2012-06-02 16:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\SysWOW64\services.msc
[2012-06-02 16:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012-06-02 16:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012-06-02 16:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysNative\services.msc
[2012-06-02 16:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\SysWOW64\services.msc
[2012-06-02 16:31:20 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_282d8a08cf7f1ada\services.msc
[2012-06-02 16:31:13 | 000,092,746 | ---- | M] () MD5=2D8D95469EC26AAA986AAD1CE424E631 -- C:\Windows\WinSxS\wow64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.2.9200.16384_none_3282345b03dfdcd5\services.msc
[2012-07-26 11:49:28 | 000,092,748 | ---- | M] () MD5=4A8894A9D4FA8D63394DA32B3ECD3148 -- C:\Windows.old\Windows\System32\nl-NL\services.msc
[2012-07-26 11:49:28 | 000,092,748 | ---- | M] () MD5=4A8894A9D4FA8D63394DA32B3ECD3148 -- C:\Windows.old\Windows\SysWOW64\nl-NL\services.msc
[2012-07-26 11:49:28 | 000,092,748 | ---- | M] () MD5=4A8894A9D4FA8D63394DA32B3ECD3148 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_nl-nl_b614afc60f2af9b2\services.msc
[2012-07-26 11:49:28 | 000,092,748 | ---- | M] () MD5=4A8894A9D4FA8D63394DA32B3ECD3148 -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_nl-nl_59f6144256cd887c\services.msc
[2012-07-26 11:49:28 | 000,092,748 | ---- | M] () MD5=4A8894A9D4FA8D63394DA32B3ECD3148 -- C:\Windows\SysNative\nl-NL\services.msc
[2012-07-26 11:49:28 | 000,092,748 | ---- | M] () MD5=4A8894A9D4FA8D63394DA32B3ECD3148 -- C:\Windows\SysWOW64\nl-NL\services.msc
[2012-07-26 11:49:28 | 000,092,748 | ---- | M] () MD5=4A8894A9D4FA8D63394DA32B3ECD3148 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_nl-nl_b614afc60f2af9b2\services.msc
[2012-07-26 11:49:28 | 000,092,748 | ---- | M] () MD5=4A8894A9D4FA8D63394DA32B3ECD3148 -- C:\Windows\WinSxS\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.2.9200.16384_nl-nl_59f6144256cd887c\services.msc

< MD5 for: SERVICES.PTXML >
[2012-07-25 22:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\System32\wdi\perftrack\Services.ptxml
[2012-07-25 22:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml
[2012-07-25 22:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2012-07-25 22:30:54 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.2.9200.16384_none_282967cc570d3701\Services.ptxml

< MD5 for: SERVICES.SBS >
[2010-04-19 18:25:26 | 000,033,457 | ---- | M] () MD5=3171D886B2782CE1B51E0210BCD4E50C -- C:\UBCD4Win\plugin\AntiSpyware\Spybot\files\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2012-07-26 05:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2012-07-26 05:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
[2012-12-14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Windows.old\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2012-07-26 05:08:47 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
[2012-07-26 05:08:47 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
[2012-09-20 08:33:14 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=607F7CB143783A8F9BA058D2FC4F2D36 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
[2012-09-20 08:33:14 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=607F7CB143783A8F9BA058D2FC4F2D36 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
[2012-09-20 07:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows.old\Windows\SysWOW64\svchost.exe
[2012-09-20 07:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
[2012-09-20 07:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
[2012-09-20 07:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
[2013-04-04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2012-09-20 08:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows.old\Windows\System32\svchost.exe
[2012-09-20 08:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe
[2012-09-20 08:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\SysNative\svchost.exe
[2012-09-20 08:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe
[2012-09-20 07:56:27 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=EEF5E64822C3E21B186EA53463BE92DA -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe
[2012-09-20 07:56:27 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=EEF5E64822C3E21B186EA53463BE92DA -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe

< MD5 for: USERINIT.EXE >
[2012-07-26 05:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows.old\Windows\System32\userinit.exe
[2012-07-26 05:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012-07-26 05:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
[2012-07-26 05:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
[2012-07-26 05:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows.old\Windows\SysWOW64\userinit.exe
[2012-07-26 05:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe
[2012-07-26 05:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
[2012-07-26 05:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012-09-20 08:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2012-09-20 08:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
[2012-12-14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Windows.old\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012-09-20 08:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2012-09-20 08:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
[2012-07-26 05:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2012-07-26 05:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
[2013-04-04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012-10-11 07:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows.old\Windows\System32\winlogon.exe
[2012-10-11 07:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2012-10-11 07:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
[2012-10-11 07:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
[2012-10-11 07:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
[2012-10-11 07:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe

< End of report >
  • 0

#7
Essexboy
Posted 28 April 2013 - 10:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You appear to be running both Bitedefender and Avast which one do you want to keep ?
  • 0

#8
Samballen
Posted 28 April 2013 - 11:18 AM

Samballen

    Member

  • Topic Starter
  • Banned
  • PipPip
  • 76 posts

You appear to be running both Bitedefender and Avast which one do you want to keep ?

Avast, deleted bitdefende.r
  • 0

#9
Essexboy
Posted 28 April 2013 - 12:35 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run the Bitdefender removal tool as per this page

Once done run a fresh OTL scan and let me know how the system is behaving
  • 0

#10
Samballen
Posted 29 April 2013 - 03:13 AM

Samballen

    Member

  • Topic Starter
  • Banned
  • PipPip
  • 76 posts
OTL logfile created on: 29-4-2013 11:04:49 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark de Jager\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

11,86 Gb Total Physical Memory | 8,78 Gb Available Physical Memory | 74,06% Memory free
13,54 Gb Paging File | 10,36 Gb Available in Paging File | 76,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,42 Gb Total Space | 315,39 Gb Free Space | 70,02% Space Free | Partition Type: NTFS
Drive D: | 350,00 Mb Total Space | 308,92 Mb Free Space | 88,26% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark de Jager | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-04-28 13:46:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
PRC - [2013-04-27 19:43:48 | 000,256,600 | ---- | M] (Microsoft Corporation) -- C:\Users\Mark de Jager\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013-04-26 19:13:31 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-04-19 16:00:08 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013-03-12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe
PRC - [2013-03-07 21:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2013-03-07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-03-07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-03-06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013-02-15 16:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2013-01-15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012-12-25 17:35:10 | 004,474,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012-12-11 11:22:38 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-11-01 03:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012-11-01 03:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012-11-01 02:57:50 | 013,234,176 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2012-11-01 01:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012-09-24 20:59:32 | 000,802,304 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012-09-06 02:46:12 | 000,912,896 | ---- | M] (KARPOLAN) -- C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe
PRC - [2012-03-08 07:05:06 | 000,432,952 | ---- | M] (QFX Software Corporation) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
PRC - [2012-01-09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe


========== Modules (No Company Name) ==========

MOD - [2013-04-26 19:13:31 | 003,121,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-04-19 16:00:07 | 016,032,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2013-03-07 21:32:40 | 021,014,960 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013-03-07 21:32:38 | 000,292,272 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013-03-07 21:32:38 | 000,179,632 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013-02-15 18:20:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30fabfc2d4fe632ecf463a0901bba2d3\System.Windows.Forms.ni.dll
MOD - [2013-02-05 12:06:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\253546cd467b0fd7e57623921595182d\System.Configuration.ni.dll
MOD - [2013-02-05 12:01:46 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d981792ebf85627e57c7d95594aa7092\System.Xml.ni.dll
MOD - [2013-02-05 12:01:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\97e24281000ae702b067281f3a01878a\System.Drawing.ni.dll
MOD - [2013-02-05 12:01:37 | 006,656,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\68ec2130ceb6a257762c70bc87ed0129\System.Data.ni.dll
MOD - [2013-02-05 12:01:11 | 007,989,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0b80769ba127fce3221c1fd47e87c4a7\System.ni.dll
MOD - [2013-02-05 12:01:01 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll
MOD - [2012-09-14 00:03:56 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012-09-14 00:03:56 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_nl_b77a5c561934e089\System.resources.dll
MOD - [2012-07-06 04:01:13 | 002,972,672 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011-08-07 15:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detour32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013-03-07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013-03-02 23:06:04 | 000,037,888 | -HS- | M] () [Auto | Running] -- C:\Program Files\KMSpico\Service_KMS.exe -- (Service KMSELDI)
SRV:64bit: - [2013-03-02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-03-02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-02-02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-01-29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013-01-10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013-01-10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012-11-27 15:56:28 | 000,118,272 | ---- | M] (DeadPihto) [Auto | Running] -- C:\Windows\SysNative\wsservice_crk.dll -- (WSServiceCrk)
SRV:64bit: - [2012-11-06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012-11-06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012-09-20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012-09-20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012-09-20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012-09-16 10:25:58 | 000,662,104 | ---- | M] (Genie9) [Auto | Running] -- C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
SRV:64bit: - [2012-09-11 23:14:40 | 000,390,672 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2012-07-26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012-07-26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012-07-26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012-07-26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012-07-26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012-07-26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012-07-26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012-07-26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012-07-26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012-07-26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012-07-26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012-07-26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012-07-26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013-04-26 19:13:31 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-04-19 16:00:08 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-03-12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe -- (ogmservice)
SRV - [2013-03-06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013-02-26 15:42:53 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2013-02-15 16:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013-02-15 16:27:52 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013-02-15 14:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-01-15 18:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012-12-16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) [Auto | Stopped] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2012-12-14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-12-11 11:22:38 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-11-06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012-11-01 03:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012-11-01 03:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012-11-01 02:57:50 | 013,234,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012-11-01 01:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012-10-11 18:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012-07-26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012-01-09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013-03-07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013-03-07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013-03-07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013-03-07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013-03-07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013-03-07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013-03-07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013-03-07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013-03-05 15:10:52 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013-03-02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013-03-02 12:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013-03-02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-03-02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-03-02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013-03-02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013-02-05 19:34:43 | 000,047,240 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2013-02-05 19:34:37 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rrnetcap.sys -- (RRNetCapMP)
DRV:64bit: - [2013-02-05 19:34:37 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rrnetcap.sys -- (RRNetCap)
DRV:64bit: - [2013-02-02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013-02-02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-01-29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013-01-29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013-01-27 15:35:46 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013-01-10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012-12-21 14:53:58 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2012-12-21 14:53:58 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2012-12-19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012-12-14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-12-11 11:22:46 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012-11-27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012-11-20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012-11-06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012-11-01 03:34:54 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012-11-01 03:34:32 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012-11-01 03:34:10 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012-11-01 03:34:08 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012-11-01 03:34:04 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012-10-24 15:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012-10-24 15:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012-10-12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-10-11 18:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012-10-11 18:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012-10-11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012-10-11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012-09-20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012-09-20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012-09-20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012-09-20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012-07-26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-07-26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012-07-26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012-07-26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012-07-26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012-07-26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012-07-26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012-07-26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012-07-26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012-07-26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012-07-26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012-07-26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012-07-26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012-07-26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012-07-26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012-07-26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-07-26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012-07-26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012-07-26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012-07-26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012-07-26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012-07-26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012-07-26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012-07-26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012-07-26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012-07-26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012-07-26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012-07-26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012-07-26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012-07-26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012-07-26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012-07-26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012-07-26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012-07-26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012-07-26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-07-26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012-07-26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012-07-26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-07-26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012-07-26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012-07-26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012-07-26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012-07-26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012-07-26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012-07-26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012-07-26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012-06-02 16:31:37 | 000,425,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2012-06-02 16:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr)
DRV:64bit: - [2011-12-26 16:27:24 | 000,015,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ampa.sys -- (ampa)
DRV:64bit: - [2011-12-15 02:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011-06-15 22:10:58 | 000,015,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ddmdrv.sys -- (ddmdrv)
DRV:64bit: - [2010-10-20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV - [2013-02-15 16:28:06 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2012-12-21 14:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2012-12-21 14:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2012-07-05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012-07-05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012-01-05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2011-12-26 16:27:22 | 000,012,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ampa.sys -- (ampa)
DRV - [2011-06-15 22:09:42 | 000,012,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ddmdrv.sys -- (ddmdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.nl.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 41 45 52 3E 02 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.nl/"
FF - prefs.js..extensions.enabledAddons: %7B27c60876-b5c9-4335-b4f3-52b26782220c%7D:0.9.4
FF - prefs.js..extensions.enabledAddons: %7B563e4790-7e70-11da-a72b-0800200c9a66%7D:0.9f
FF - prefs.js..extensions.enabledAddons: %7Ba5312b79-bf0d-4825-a25f-b33d67d4a58a%7D:13.15.63
FF - prefs.js..extensions.enabledAddons: rssicon%40jasnapaka.com:1.4
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: coralietab%40mozdev.org:2.04.20110724
FF - prefs.js..extensions.enabledAddons: %7Bac2cfa60-bc96-11e0-962b-0800200c9a66%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mark de Jager\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-28 17:31:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-04-06 13:04:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-04-27 18:03:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\CaptureSaver\Firefox [2013-03-19 10:57:39 | 000,000,000 | ---D | M]

[2013-02-03 20:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Extensions
[2013-04-27 18:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions
[2013-03-01 16:23:09 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013-04-20 17:27:22 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\[email protected]
[2013-04-22 09:51:21 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\[email protected]
[2013-03-06 14:25:15 | 000,207,249 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-06 21:15:48 | 000,015,618 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-08 21:59:50 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-05 11:34:49 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2013-02-06 18:51:54 | 000,010,707 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}.xpi
[2013-02-06 21:01:15 | 000,045,996 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{a5312b79-bf0d-4825-a25f-b33d67d4a58a}.xpi
[2013-04-27 18:56:04 | 000,052,139 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi
[2013-02-14 11:09:20 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-04-05 19:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013-04-05 19:06:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013-04-26 19:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\distribution\extensions
[2013-01-11 03:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Mark de Jager\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Documenten = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Documenten = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Zoeken = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Zoeken = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013-04-28 17:19:44 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (CaptureSaver) - {5148AB7D-8868-4490-B6DA-F98368488582} - C:\Program Files (x86)\CaptureSaver\CaptureSaverIE.dll (www.capturesaver.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [Photobucket Backup] C:\Program Files (x86)\Photobucket Backup\Photobucket.App.exe (Photobucket)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [KeyboardLeds.exe] C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe (KARPOLAN)
O4 - HKCU..\Run: [pdiface] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow File not found
O4 - HKCU..\Run: [SkyDrive] C:\Users\Mark de Jager\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O8:64bit: - Extra context menu item: Add to CaptureSaver - C:\Program Files (x86)\CaptureSaver\\AddFromIE.htm ()
O8:64bit: - Extra context menu item: Sticky Password - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O8 - Extra context menu item: Add to CaptureSaver - C:\Program Files (x86)\CaptureSaver\\AddFromIE.htm ()
O8 - Extra context menu item: Sticky Password - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - C:\Program Files (x86)\CaptureSaver\CaptureSaverIE.dll (www.capturesaver.com)
O9 - Extra 'Tools' menuitem : CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mediapluspro.com ([www] https in Vertrouwde websites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{404E2125-F77B-4A20-89E5-7CE2767B2BAF}: DhcpNameServer = 192.168.2.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-04-28 17:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013-04-28 17:33:14 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013-04-28 17:33:14 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013-04-28 17:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013-04-28 17:33:08 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013-04-28 17:33:08 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013-04-28 17:32:11 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013-04-28 17:32:10 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013-04-28 17:30:17 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013-04-28 17:16:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-04-28 17:12:12 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013-04-28 16:01:39 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013-04-28 16:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013-04-28 15:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013-04-28 15:40:23 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Leawo
[2013-04-28 15:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo
[2013-04-28 15:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
[2013-04-28 15:38:23 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll
[2013-04-28 15:38:23 | 000,438,272 | ---- | C] (Gabest) -- C:\Windows\SysWow64\Mpeg2DecFilter.ax
[2013-04-28 15:38:23 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2013-04-28 15:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo
[2013-04-28 14:31:27 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\liQeNSoft
[2013-04-28 14:05:40 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\TeknoGods
[2013-04-28 13:46:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
[2013-04-28 13:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MW3
[2013-04-28 13:14:46 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MW3
[2013-04-28 13:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\MW3
[2013-04-27 20:39:35 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\RealPopup
[2013-04-27 20:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealPopup
[2013-04-27 20:23:56 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Computerspeeltuin.{ED7BA470-8E54-465E-825C-99712043E01C}
[2013-04-27 20:14:21 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\HTML Executable
[2013-04-27 19:44:46 | 000,000,000 | R--D | C] -- C:\Users\Mark de Jager\Desktop\SkyDrive
[2013-04-27 19:43:54 | 000,000,000 | R--D | C] -- C:\Users\Mark de Jager\SkyDrive
[2013-04-27 19:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013-04-27 19:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013-04-27 17:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSR Soft
[2013-04-27 17:28:04 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\TSR Software
[2013-04-27 17:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TSR Soft
[2013-04-27 16:04:58 | 000,000,000 | ---D | C] -- C:\gql
[2013-04-27 16:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deluge
[2013-04-27 15:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013-04-27 15:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013-04-27 15:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013-04-27 15:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
[2013-04-27 15:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\KMSpico
[2013-04-27 15:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013-04-27 15:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Toolkit
[2013-04-26 18:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2013-04-26 18:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2013-04-23 08:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013-04-20 18:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013-04-20 18:17:16 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Anti-Malware
[2013-04-20 17:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013-04-19 20:38:06 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Navicat
[2013-04-19 17:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013-04-19 17:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013-04-19 17:42:51 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\IObit
[2013-04-19 17:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013-04-17 11:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
[2013-04-17 11:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PremiumSoft
[2013-04-16 08:58:23 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Enplase
[2013-04-16 08:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima Steganography
[2013-04-16 08:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ultima Steganography
[2013-04-15 19:28:20 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Keygens en activators
[2013-04-15 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Host Hotel
[2013-04-14 10:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013-04-14 10:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013-04-14 09:51:03 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\QFX Software
[2013-04-14 09:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2013-04-14 09:51:01 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2013-04-14 09:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2013-04-14 09:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2013-04-13 21:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uTorrent Turbo Booster
[2013-04-13 21:47:25 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent Turbo Booster
[2013-04-13 21:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent Turbo Booster
[2013-04-13 21:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WNR
[2013-04-13 21:20:38 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\WNR
[2013-04-13 21:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxy Switcher Standard
[2013-04-13 19:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013-04-13 19:38:35 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\GoforFiles
[2013-04-13 19:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
[2013-04-13 19:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013-04-12 19:58:00 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2013-04-11 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\PicaJet.Com
[2013-04-11 16:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicaJet.Com
[2013-04-11 16:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicaJet.Com
[2013-04-08 10:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Logo Remover
[2013-04-08 10:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Logo Remover
[2013-04-06 13:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013-04-06 13:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013-04-04 08:30:09 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Apple Computer
[2013-04-03 14:57:21 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\CyberLink
[2013-04-03 14:56:52 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\CyberLink
[2013-04-03 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013-04-03 14:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2013-04-03 14:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software
[2013-04-03 14:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2013-04-03 14:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013-04-03 14:51:53 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\Apple
[2013-04-03 14:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013-04-03 14:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013-04-03 14:51:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 11
[2013-04-03 14:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013-04-03 14:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2013-04-03 14:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013-04-03 14:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2013-04-03 13:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013-04-03 13:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013-04-03 13:25:47 | 000,034,304 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\SysNative\DfSdkBt.exe
[2013-04-03 13:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2013-04-02 19:00:09 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2013-04-02 19:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2013-04-02 10:09:49 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Opdrachten Nederlands, Dennis
[2013-04-01 16:16:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013-03-31 20:07:59 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2013-03-31 20:07:46 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\Facebook
[2013-03-31 15:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2013-03-31 15:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2013-03-31 15:05:55 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013-03-31 15:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013-03-30 16:24:07 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\GTA San Andreas User Files

========== Files - Modified Within 30 Days ==========

[2013-04-29 11:01:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-04-29 10:48:00 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013-04-29 10:41:01 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-04-29 10:18:05 | 003,643,096 | ---- | M] () -- C:\Users\Mark de Jager\Desktop\BD2013_Uninstall_Tool.exe
[2013-04-29 08:12:01 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001UA.job
[2013-04-28 21:04:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-04-28 21:01:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-04-28 20:12:01 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001Core.job
[2013-04-28 18:32:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013-04-28 17:42:42 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013-04-28 17:36:39 | 000,017,551 | ---- | M] () -- C:\ProgramData\1367162850.1948.bin
[2013-04-28 17:36:24 | 000,000,000 | ---- | M] () -- C:\ProgramData\1367162850.bdinstall.bin
[2013-04-28 17:33:32 | 000,009,986 | ---- | M] () -- C:\ProgramData\1367162850.5136.bin
[2013-04-28 17:33:32 | 000,001,235 | ---- | M] () -- C:\ProgramData\1367162850.5608.bin
[2013-04-28 17:33:14 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-04-28 17:19:44 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013-04-28 15:11:43 | 000,257,596 | ---- | M] () -- C:\ProgramData\1367154598.bdinstall.bin
[2013-04-28 15:11:37 | 000,046,817 | ---- | M] () -- C:\ProgramData\1367154692.bdinstall.bin
[2013-04-28 14:48:14 | 000,494,432 | ---- | M] () -- C:\ProgramData\1367152409.bdinstall.bin
[2013-04-28 13:46:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
[2013-04-28 13:06:26 | 000,002,190 | -H-- | M] () -- C:\Users\Mark de Jager\Documents\Default.rdp
[2013-04-27 18:26:31 | 000,001,105 | ---- | M] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013-04-27 16:06:38 | 004,874,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-04-14 10:53:17 | 001,808,720 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-04-14 10:53:17 | 000,802,560 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013-04-14 10:53:17 | 000,715,832 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-04-14 10:53:17 | 000,161,432 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013-04-14 10:53:17 | 000,134,668 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-04-14 10:29:21 | 000,000,024 | ---- | M] () -- C:\Users\Mark de Jager\random.dat
[2013-04-14 10:28:59 | 000,000,052 | ---- | M] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE.dat
[2013-04-13 21:47:26 | 000,001,163 | ---- | M] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent Turbo Booster.lnk
[2013-04-13 19:35:47 | 000,000,271 | RH-- | M] () -- C:\Windows\Stop.cmd
[2013-04-10 13:32:59 | 000,000,024 | ---- | M] () -- C:\Users\Mark de Jager\jagexappletviewer.preferences
[2013-04-06 18:08:22 | 000,005,632 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013-03-31 20:08:02 | 000,001,327 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk

========== Files Created - No Company Name ==========

[2013-04-29 10:18:05 | 003,643,096 | ---- | C] () -- C:\Users\Mark de Jager\Desktop\BD2013_Uninstall_Tool.exe
[2013-04-28 17:36:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\1367162850.bdinstall.bin
[2013-04-28 17:33:14 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-04-28 17:32:10 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013-04-28 17:32:10 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013-04-28 17:27:52 | 000,009,986 | ---- | C] () -- C:\ProgramData\1367162850.5136.bin
[2013-04-28 17:27:52 | 000,001,235 | ---- | C] () -- C:\ProgramData\1367162850.5608.bin
[2013-04-28 17:27:30 | 000,017,551 | ---- | C] () -- C:\ProgramData\1367162850.1948.bin
[2013-04-28 16:01:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013-04-28 15:11:43 | 000,257,596 | ---- | C] () -- C:\ProgramData\1367154598.bdinstall.bin
[2013-04-28 15:11:37 | 000,046,817 | ---- | C] () -- C:\ProgramData\1367154692.bdinstall.bin
[2013-04-28 14:48:14 | 000,494,432 | ---- | C] () -- C:\ProgramData\1367152409.bdinstall.bin
[2013-04-27 20:39:32 | 000,000,929 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealPopup.lnk
[2013-04-27 19:43:53 | 000,002,304 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2013-04-27 16:21:11 | 000,001,105 | ---- | C] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013-04-17 11:45:52 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2013-04-13 21:47:26 | 000,001,163 | ---- | C] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent Turbo Booster.lnk
[2013-04-13 20:32:35 | 004,874,416 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-04-13 19:34:23 | 000,001,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013-04-13 19:32:55 | 000,000,271 | RH-- | C] () -- C:\Windows\Stop.cmd
[2013-04-13 16:10:00 | 000,002,190 | -H-- | C] () -- C:\Users\Mark de Jager\Documents\Default.rdp
[2013-04-12 19:58:00 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2013-04-10 20:12:49 | 000,001,494 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2013-04-10 14:25:02 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013-04-03 14:51:51 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013-03-31 20:07:59 | 000,001,327 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013-03-31 20:07:49 | 000,000,976 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001UA.job
[2013-03-31 20:07:47 | 000,000,954 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001Core.job
[2013-03-23 15:12:54 | 000,000,054 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_speccollect_LIVE.dat
[2013-03-19 21:10:59 | 000,230,206 | ---- | C] () -- C:\ProgramData\1363720194.bdinstall.bin
[2013-03-19 20:49:39 | 000,579,637 | ---- | C] () -- C:\ProgramData\1363718718.bdinstall.bin
[2013-03-18 14:12:08 | 000,000,038 | ---- | C] () -- C:\Program Files (x86)\cfg.ini
[2013-03-18 14:10:48 | 001,645,496 | ---- | C] () -- C:\Windows\ampa.exe
[2013-03-18 14:10:48 | 000,012,728 | ---- | C] () -- C:\Windows\SysWow64\ampa.sys
[2013-03-18 14:10:42 | 000,012,728 | ---- | C] () -- C:\Windows\SysWow64\ddmdrv.sys
[2013-03-18 14:10:41 | 001,293,240 | ---- | C] () -- C:\Windows\ddmmain.exe
[2013-03-17 12:49:46 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013-03-12 15:41:44 | 000,000,416 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013-03-09 12:18:07 | 000,005,632 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-03-02 17:07:06 | 000,000,104 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013-02-28 10:04:32 | 000,000,053 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE1.dat
[2013-02-26 15:43:40 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2013-02-25 17:16:37 | 000,000,052 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_oldschool_LIVE.dat
[2013-02-22 19:41:39 | 000,000,054 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_loginapplet_LIVE.dat
[2013-02-11 13:17:40 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2013-02-11 13:17:40 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2013-02-11 13:17:40 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2013-02-11 13:17:40 | 000,014,920 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2013-02-11 13:17:40 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2013-02-08 19:49:28 | 000,004,096 | -H-- | C] () -- C:\Users\Mark de Jager\AppData\Local\keyfile3.drm
[2013-02-07 16:19:56 | 000,211,665 | ---- | C] () -- C:\ProgramData\1360246678.bdinstall.bin
[2013-02-07 16:09:23 | 000,371,893 | ---- | C] () -- C:\ProgramData\1360245933.bdinstall.bin
[2013-02-07 10:17:14 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013-02-06 13:02:47 | 001,821,998 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-02-05 09:12:38 | 000,088,362 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Roaming\spritesa
[2013-02-04 13:30:59 | 000,000,052 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE.dat
[2013-02-04 13:30:59 | 000,000,024 | ---- | C] () -- C:\Users\Mark de Jager\random.dat
[2013-02-04 13:30:55 | 000,000,024 | ---- | C] () -- C:\Users\Mark de Jager\jagexappletviewer.preferences
[2013-02-04 11:27:40 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012-12-14 03:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012-12-14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-12-14 03:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012-07-26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012-07-26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012-07-26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012-07-26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012-07-25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012-07-25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012-06-02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013-04-01 16:18:47 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-03-02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-03-02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013-03-14 17:57:53 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\1-abc
[2013-02-08 12:51:39 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Acronis
[2013-02-05 18:30:56 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\ActiveX
[2013-04-27 20:30:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Atari
[2013-03-19 10:53:58 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\CaptureSaver
[2013-03-03 11:47:03 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013-04-16 08:58:23 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Enplase
[2013-02-06 15:31:33 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\ESET
[2013-04-14 10:43:37 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\FileZilla
[2013-02-27 16:30:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Firetrust
[2013-03-21 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Genie9
[2013-04-13 19:38:35 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\GoforFiles
[2013-04-27 20:14:21 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\HTML Executable
[2013-03-09 11:47:50 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\idoo
[2013-04-20 17:29:01 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\IObit
[2013-02-25 11:44:33 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Lamantine
[2013-02-11 17:57:06 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Notepad++
[2013-03-02 17:07:40 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Photobucket
[2013-04-11 16:12:10 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\PicaJet.Com
[2013-02-05 20:03:24 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\PowerISO
[2013-03-13 15:53:24 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Publish Providers
[2013-04-14 09:51:03 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\QFX Software
[2013-02-07 16:06:02 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\QuickScan
[2013-02-05 20:16:55 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Returnil
[2013-02-05 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Soft4Boost
[2013-03-09 12:18:07 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Solveig Multimedia
[2013-03-10 17:02:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Sony
[2013-03-02 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TeamViewer
[2013-03-01 13:17:48 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TechSmith
[2013-03-05 15:11:58 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TrueCrypt
[2013-02-09 17:01:16 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Unity
[2013-04-28 17:33:47 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent
[2013-04-13 21:47:25 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent Turbo Booster
[2013-04-13 21:20:38 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\WNR
[2013-02-13 11:42:54 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\X-Chat 2
[2013-03-03 13:11:32 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\XUSSoft

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#11
Essexboy
Posted 29 April 2013 - 06:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still getting the explorer errors ?

Could you temporarily uninstall MBAM please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
[2013-04-28 17:36:39 | 000,017,551 | ---- | M] () -- C:\ProgramData\1367162850.1948.bin
[2013-04-28 17:36:24 | 000,000,000 | ---- | M] () -- C:\ProgramData\1367162850.bdinstall.bin
[2013-04-28 17:33:32 | 000,009,986 | ---- | M] () -- C:\ProgramData\1367162850.5136.bin
[2013-04-28 17:33:32 | 000,001,235 | ---- | M] () -- C:\ProgramData\1367162850.5608.bin
[2013-04-28 15:11:43 | 000,257,596 | ---- | M] () -- C:\ProgramData\1367154598.bdinstall.bin
[2013-04-28 15:11:37 | 000,046,817 | ---- | M] () -- C:\ProgramData\1367154692.bdinstall.bin
[2013-04-28 14:48:14 | 000,494,432 | ---- | M] () -- C:\ProgramData\1367152409.bdinstall.bin

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#12
Samballen
Posted 29 April 2013 - 09:12 AM

Samballen

    Member

  • Topic Starter
  • Banned
  • PipPip
  • 76 posts
All processes killed
========== OTL ==========
C:\ProgramData\1367162850.1948.bin moved successfully.
C:\ProgramData\1367162850.bdinstall.bin moved successfully.
C:\ProgramData\1367162850.5136.bin moved successfully.
C:\ProgramData\1367162850.5608.bin moved successfully.
C:\ProgramData\1367154598.bdinstall.bin moved successfully.
C:\ProgramData\1367154692.bdinstall.bin moved successfully.
C:\ProgramData\1367152409.bdinstall.bin moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Bilir Ailesi

User: Cobi

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mark de Jager
->Temp folder emptied: 13873820 bytes
->Temporary Internet Files folder emptied: 851328 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 148183859 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 763 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40156 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 115055020 bytes

Total Files Cleaned = 265,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 04292013_165739

Files\Folders moved on Reboot...
File\Folder C:\Users\Mark de Jager\AppData\Local\Temp\JET8BCA.tmp not found!
C:\Users\Mark de Jager\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-2984.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

There is a program that starts automatic, KMSpico, but it is hatefull.
OTL logfile created on: 29-4-2013 17:04:03 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark de Jager\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

11,86 Gb Total Physical Memory | 9,69 Gb Available Physical Memory | 81,74% Memory free
13,54 Gb Paging File | 11,31 Gb Available in Paging File | 83,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,42 Gb Total Space | 315,60 Gb Free Space | 70,07% Space Free | Partition Type: NTFS
Drive D: | 350,00 Mb Total Space | 308,92 Mb Free Space | 88,26% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark de Jager | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-04-28 13:46:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
PRC - [2013-04-27 19:43:48 | 000,256,600 | ---- | M] (Microsoft Corporation) -- C:\Users\Mark de Jager\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013-04-26 19:13:31 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013-03-12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe
PRC - [2013-03-07 21:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2013-03-07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013-03-07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013-03-06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013-02-15 16:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2013-02-02 10:40:58 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2013-01-15 18:47:28 | 000,703,808 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2013-01-15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012-12-25 17:35:10 | 004,474,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012-12-16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
PRC - [2012-12-11 11:22:38 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-11-01 03:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012-11-01 03:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012-11-01 02:57:50 | 013,234,176 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2012-11-01 01:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012-09-24 20:59:32 | 000,802,304 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012-09-06 02:46:12 | 000,912,896 | ---- | M] (KARPOLAN) -- C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe
PRC - [2012-03-08 07:05:06 | 000,432,952 | ---- | M] (QFX Software Corporation) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
PRC - [2012-01-09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe


========== Modules (No Company Name) ==========

MOD - [2013-04-26 19:13:31 | 003,121,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013-03-07 21:32:40 | 021,014,960 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013-03-07 21:32:38 | 000,292,272 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013-03-07 21:32:38 | 000,179,632 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013-02-15 18:20:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30fabfc2d4fe632ecf463a0901bba2d3\System.Windows.Forms.ni.dll
MOD - [2013-02-05 12:06:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\253546cd467b0fd7e57623921595182d\System.Configuration.ni.dll
MOD - [2013-02-05 12:01:46 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d981792ebf85627e57c7d95594aa7092\System.Xml.ni.dll
MOD - [2013-02-05 12:01:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\97e24281000ae702b067281f3a01878a\System.Drawing.ni.dll
MOD - [2013-02-05 12:01:37 | 006,656,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\68ec2130ceb6a257762c70bc87ed0129\System.Data.ni.dll
MOD - [2013-02-05 12:01:11 | 007,989,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\0b80769ba127fce3221c1fd47e87c4a7\System.ni.dll
MOD - [2013-02-05 12:01:01 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll
MOD - [2012-09-14 00:03:56 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012-07-06 04:01:13 | 002,972,672 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013-03-07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013-03-02 23:06:04 | 000,037,888 | -HS- | M] () [Auto | Running] -- C:\Program Files\KMSpico\Service_KMS.exe -- (Service KMSELDI)
SRV:64bit: - [2013-03-02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-03-02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-02-02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-01-29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013-01-10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013-01-10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012-11-27 15:56:28 | 000,118,272 | ---- | M] (DeadPihto) [Auto | Running] -- C:\Windows\SysNative\wsservice_crk.dll -- (WSServiceCrk)
SRV:64bit: - [2012-11-06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012-11-06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012-09-20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012-09-20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012-09-20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012-09-16 10:25:58 | 000,662,104 | ---- | M] (Genie9) [Auto | Running] -- C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
SRV:64bit: - [2012-09-11 23:14:40 | 000,390,672 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2012-07-26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012-07-26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012-07-26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012-07-26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012-07-26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012-07-26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012-07-26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012-07-26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012-07-26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012-07-26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012-07-26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012-07-26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012-07-26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012-07-26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013-04-26 19:13:31 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-04-19 16:00:08 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-03-12 15:01:38 | 000,559,168 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Online Games Manager\ogmservice.exe -- (ogmservice)
SRV - [2013-03-06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013-02-26 15:42:53 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2013-02-15 16:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013-02-15 16:27:52 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2013-02-15 14:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-01-15 18:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012-12-16 15:37:47 | 000,125,952 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2012-12-14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012-12-11 11:22:38 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-11-06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012-11-01 03:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012-11-01 03:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012-11-01 02:57:50 | 013,234,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012-11-01 01:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012-10-11 18:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012-07-26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012-01-09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013-03-07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013-03-07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013-03-07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013-03-07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013-03-07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013-03-07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013-03-07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013-03-07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013-03-05 15:10:52 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013-03-02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013-03-02 12:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013-03-02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013-03-02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-03-02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013-03-02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013-02-05 19:34:43 | 000,047,240 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2013-02-05 19:34:37 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rrnetcap.sys -- (RRNetCapMP)
DRV:64bit: - [2013-02-05 19:34:37 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rrnetcap.sys -- (RRNetCap)
DRV:64bit: - [2013-02-02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013-02-02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-01-29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013-01-29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013-01-27 15:35:46 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013-01-10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012-12-21 14:53:58 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2012-12-21 14:53:58 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2012-12-19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012-12-14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012-12-11 11:22:46 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012-11-27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012-11-20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012-11-06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012-11-01 03:34:54 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012-11-01 03:34:32 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012-11-01 03:34:10 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012-11-01 03:34:08 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012-11-01 03:34:04 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012-10-24 15:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012-10-24 15:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012-10-12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012-10-11 18:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012-10-11 18:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012-10-11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012-10-11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012-09-20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012-09-20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012-09-20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012-09-20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012-07-26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-07-26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012-07-26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012-07-26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012-07-26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012-07-26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012-07-26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012-07-26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012-07-26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012-07-26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012-07-26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012-07-26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012-07-26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012-07-26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012-07-26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012-07-26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-07-26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012-07-26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012-07-26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012-07-26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012-07-26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012-07-26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012-07-26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012-07-26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012-07-26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012-07-26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012-07-26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012-07-26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012-07-26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012-07-26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012-07-26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012-07-26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012-07-26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012-07-26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012-07-26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-07-26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012-07-26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012-07-26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-07-26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012-07-26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012-07-26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012-07-26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012-07-26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012-07-26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012-07-26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012-07-26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012-06-02 16:31:37 | 000,425,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2012-06-02 16:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr)
DRV:64bit: - [2011-12-26 16:27:24 | 000,015,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ampa.sys -- (ampa)
DRV:64bit: - [2011-12-15 02:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011-06-15 22:10:58 | 000,015,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ddmdrv.sys -- (ddmdrv)
DRV:64bit: - [2010-10-20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV - [2013-02-15 16:28:06 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2012-12-21 14:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2012-12-21 14:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2012-07-05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012-07-05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012-01-05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2011-12-26 16:27:22 | 000,012,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ampa.sys -- (ampa)
DRV - [2011-06-15 22:09:42 | 000,012,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ddmdrv.sys -- (ddmdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.nl.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 41 45 52 3E 02 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.nl/"
FF - prefs.js..extensions.enabledAddons: %7B27c60876-b5c9-4335-b4f3-52b26782220c%7D:0.9.4
FF - prefs.js..extensions.enabledAddons: %7B563e4790-7e70-11da-a72b-0800200c9a66%7D:0.9f
FF - prefs.js..extensions.enabledAddons: %7Ba5312b79-bf0d-4825-a25f-b33d67d4a58a%7D:13.15.63
FF - prefs.js..extensions.enabledAddons: rssicon%40jasnapaka.com:1.4
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: coralietab%40mozdev.org:2.04.20110724
FF - prefs.js..extensions.enabledAddons: %7Bac2cfa60-bc96-11e0-962b-0800200c9a66%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mark de Jager\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-28 17:31:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-04-06 13:04:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-04-27 18:03:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\CaptureSaver\Firefox [2013-03-19 10:57:39 | 000,000,000 | ---D | M]

[2013-02-03 20:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Extensions
[2013-04-27 18:56:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions
[2013-03-01 16:23:09 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013-04-20 17:27:22 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\[email protected]
[2013-04-22 09:51:21 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\Firefox\Profiles\8a8rp9hz.default\extensions\[email protected]
[2013-03-06 14:25:15 | 000,207,249 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-06 21:15:48 | 000,015,618 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-08 21:59:50 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\[email protected]
[2013-02-05 11:34:49 | 000,007,532 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
[2013-02-06 18:51:54 | 000,010,707 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}.xpi
[2013-02-06 21:01:15 | 000,045,996 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{a5312b79-bf0d-4825-a25f-b33d67d4a58a}.xpi
[2013-04-27 18:56:04 | 000,052,139 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{ac2cfa60-bc96-11e0-962b-0800200c9a66}.xpi
[2013-02-14 11:09:20 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Mark de Jager\AppData\Roaming\mozilla\firefox\profiles\8a8rp9hz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013-04-05 19:06:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013-04-05 19:06:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013-04-26 19:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\distribution\extensions
[2013-01-11 03:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Mark de Jager\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Documenten = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Documenten = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Zoeken = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Zoeken = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Mark de Jager\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013-04-29 16:57:40 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (CaptureSaver) - {5148AB7D-8868-4490-B6DA-F98368488582} - C:\Program Files (x86)\CaptureSaver\CaptureSaverIE.dll (www.capturesaver.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [Photobucket Backup] C:\Program Files (x86)\Photobucket Backup\Photobucket.App.exe (Photobucket)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [KeyboardLeds.exe] C:\Program Files (x86)\Keyboard LEDs\KeyboardLeds.exe (KARPOLAN)
O4 - HKCU..\Run: [pdiface] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow File not found
O4 - HKCU..\Run: [SkyDrive] C:\Users\Mark de Jager\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Mark de Jager\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O8:64bit: - Extra context menu item: Add to CaptureSaver - C:\Program Files (x86)\CaptureSaver\\AddFromIE.htm ()
O8:64bit: - Extra context menu item: Sticky Password - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O8 - Extra context menu item: Add to CaptureSaver - C:\Program Files (x86)\CaptureSaver\\AddFromIE.htm ()
O8 - Extra context menu item: Sticky Password - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - C:\Program Files (x86)\CaptureSaver\CaptureSaverIE.dll (www.capturesaver.com)
O9 - Extra 'Tools' menuitem : CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mediapluspro.com ([www] https in Vertrouwde websites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{404E2125-F77B-4A20-89E5-7CE2767B2BAF}: DhcpNameServer = 192.168.2.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-04-29 16:48:14 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Pokeball Badges
[2013-04-29 16:41:42 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Old School Habbo Badges
[2013-04-28 17:33:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013-04-28 17:33:14 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013-04-28 17:33:14 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013-04-28 17:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013-04-28 17:33:08 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013-04-28 17:33:08 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013-04-28 17:32:11 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013-04-28 17:32:10 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013-04-28 17:30:17 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013-04-28 17:16:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-04-28 17:12:12 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013-04-28 16:01:39 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013-04-28 16:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013-04-28 15:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013-04-28 15:40:23 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Leawo
[2013-04-28 15:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo
[2013-04-28 15:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
[2013-04-28 15:38:23 | 000,606,208 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvidcore.dll
[2013-04-28 15:38:23 | 000,438,272 | ---- | C] (Gabest) -- C:\Windows\SysWow64\Mpeg2DecFilter.ax
[2013-04-28 15:38:23 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2013-04-28 15:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo
[2013-04-28 14:31:27 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\liQeNSoft
[2013-04-28 14:05:40 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\TeknoGods
[2013-04-28 13:46:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
[2013-04-28 13:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MW3
[2013-04-28 13:14:46 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MW3
[2013-04-28 13:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\MW3
[2013-04-27 20:39:35 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\RealPopup
[2013-04-27 20:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealPopup
[2013-04-27 20:23:56 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Computerspeeltuin.{ED7BA470-8E54-465E-825C-99712043E01C}
[2013-04-27 20:14:21 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\HTML Executable
[2013-04-27 19:44:46 | 000,000,000 | R--D | C] -- C:\Users\Mark de Jager\Desktop\SkyDrive
[2013-04-27 19:43:54 | 000,000,000 | R--D | C] -- C:\Users\Mark de Jager\SkyDrive
[2013-04-27 19:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013-04-27 19:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013-04-27 17:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSR Soft
[2013-04-27 17:28:04 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\TSR Software
[2013-04-27 17:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TSR Soft
[2013-04-27 16:04:58 | 000,000,000 | ---D | C] -- C:\gql
[2013-04-27 16:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deluge
[2013-04-27 15:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013-04-27 15:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013-04-27 15:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013-04-27 15:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
[2013-04-27 15:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\KMSpico
[2013-04-27 15:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013-04-27 15:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Toolkit
[2013-04-26 18:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2013-04-26 18:35:58 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2013-04-23 08:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013-04-20 18:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013-04-20 18:17:16 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Anti-Malware
[2013-04-20 17:29:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013-04-19 20:38:06 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\Navicat
[2013-04-19 17:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013-04-19 17:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013-04-19 17:42:51 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\IObit
[2013-04-19 17:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013-04-17 11:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
[2013-04-17 11:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PremiumSoft
[2013-04-16 08:58:23 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Enplase
[2013-04-16 08:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultima Steganography
[2013-04-16 08:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ultima Steganography
[2013-04-15 19:28:20 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Keygens en activators
[2013-04-15 19:28:02 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Host Hotel
[2013-04-14 10:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013-04-14 10:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013-04-14 09:51:03 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\QFX Software
[2013-04-14 09:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2013-04-14 09:51:01 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2013-04-14 09:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2013-04-14 09:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2013-04-13 21:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uTorrent Turbo Booster
[2013-04-13 21:47:25 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent Turbo Booster
[2013-04-13 21:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent Turbo Booster
[2013-04-13 21:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WNR
[2013-04-13 21:20:38 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\WNR
[2013-04-13 21:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxy Switcher Standard
[2013-04-13 19:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013-04-13 19:38:35 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\GoforFiles
[2013-04-13 19:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
[2013-04-13 19:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013-04-12 19:58:00 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2013-04-11 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\PicaJet.Com
[2013-04-11 16:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PicaJet.Com
[2013-04-11 16:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicaJet.Com
[2013-04-08 10:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Logo Remover
[2013-04-08 10:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Logo Remover
[2013-04-06 13:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013-04-06 13:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013-04-04 08:30:09 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Apple Computer
[2013-04-03 14:57:21 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Documents\CyberLink
[2013-04-03 14:56:52 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\CyberLink
[2013-04-03 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013-04-03 14:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2013-04-03 14:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SmartSound Software
[2013-04-03 14:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2013-04-03 14:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013-04-03 14:51:53 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\Apple
[2013-04-03 14:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013-04-03 14:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013-04-03 14:51:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 11
[2013-04-03 14:51:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013-04-03 14:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2013-04-03 14:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013-04-03 14:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2013-04-03 13:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2013-04-03 13:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
[2013-04-03 13:25:47 | 000,034,304 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\SysNative\DfSdkBt.exe
[2013-04-03 13:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2013-04-02 19:00:09 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2013-04-02 19:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2013-04-02 10:09:49 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\Desktop\Opdrachten Nederlands, Dennis
[2013-04-01 16:16:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013-03-31 20:07:59 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2013-03-31 20:07:46 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Local\Facebook
[2013-03-31 15:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2013-03-31 15:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2013-03-31 15:05:55 | 000,000,000 | ---D | C] -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013-03-31 15:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

========== Files - Modified Within 30 Days ==========

[2013-04-29 17:02:26 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-04-29 17:02:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-04-29 17:01:05 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-04-29 17:00:19 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013-04-29 17:00:01 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013-04-29 16:57:40 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013-04-29 16:44:27 | 000,009,090 | ---- | M] () -- C:\Users\Mark de Jager\Desktop\Pokeball Badges.rar
[2013-04-29 16:41:01 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-04-29 16:40:49 | 000,009,970 | ---- | M] () -- C:\Users\Mark de Jager\Desktop\Old School Habbo Badges.rar
[2013-04-29 14:12:01 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001UA.job
[2013-04-29 10:18:05 | 003,643,096 | ---- | M] () -- C:\Users\Mark de Jager\Desktop\BD2013_Uninstall_Tool.exe
[2013-04-28 20:12:01 | 000,000,954 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001Core.job
[2013-04-28 18:32:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013-04-28 17:33:14 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-04-28 13:46:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark de Jager\Desktop\OTL.exe
[2013-04-28 13:06:26 | 000,002,190 | -H-- | M] () -- C:\Users\Mark de Jager\Documents\Default.rdp
[2013-04-27 18:26:31 | 000,001,105 | ---- | M] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013-04-27 16:06:38 | 004,874,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-04-14 10:53:17 | 001,808,720 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-04-14 10:53:17 | 000,802,560 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013-04-14 10:53:17 | 000,715,832 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-04-14 10:53:17 | 000,161,432 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013-04-14 10:53:17 | 000,134,668 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-04-14 10:29:21 | 000,000,024 | ---- | M] () -- C:\Users\Mark de Jager\random.dat
[2013-04-14 10:28:59 | 000,000,052 | ---- | M] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE.dat
[2013-04-13 21:47:26 | 000,001,163 | ---- | M] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent Turbo Booster.lnk
[2013-04-13 19:35:47 | 000,000,271 | RH-- | M] () -- C:\Windows\Stop.cmd
[2013-04-10 13:32:59 | 000,000,024 | ---- | M] () -- C:\Users\Mark de Jager\jagexappletviewer.preferences
[2013-04-06 18:08:22 | 000,005,632 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013-03-31 20:08:02 | 000,001,327 | ---- | M] () -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk

========== Files Created - No Company Name ==========

[2013-04-29 16:44:29 | 000,009,090 | ---- | C] () -- C:\Users\Mark de Jager\Desktop\Pokeball Badges.rar
[2013-04-29 16:40:50 | 000,009,970 | ---- | C] () -- C:\Users\Mark de Jager\Desktop\Old School Habbo Badges.rar
[2013-04-29 10:18:05 | 003,643,096 | ---- | C] () -- C:\Users\Mark de Jager\Desktop\BD2013_Uninstall_Tool.exe
[2013-04-28 17:33:14 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013-04-28 17:32:10 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013-04-28 17:32:10 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013-04-28 16:01:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013-04-27 20:39:32 | 000,000,929 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealPopup.lnk
[2013-04-27 19:43:53 | 000,002,304 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2013-04-27 16:21:11 | 000,001,105 | ---- | C] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013-04-17 11:45:52 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2013-04-13 21:47:26 | 000,001,163 | ---- | C] () -- C:\Users\Mark de Jager\Application Data\Microsoft\Internet Explorer\Quick Launch\uTorrent Turbo Booster.lnk
[2013-04-13 20:32:35 | 004,874,416 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-04-13 19:34:23 | 000,001,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013-04-13 19:32:55 | 000,000,271 | RH-- | C] () -- C:\Windows\Stop.cmd
[2013-04-13 16:10:00 | 000,002,190 | -H-- | C] () -- C:\Users\Mark de Jager\Documents\Default.rdp
[2013-04-12 19:58:00 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2013-04-10 20:12:49 | 000,001,494 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
[2013-04-10 14:25:02 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013-04-03 14:51:51 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013-03-31 20:07:59 | 000,001,327 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013-03-31 20:07:49 | 000,000,976 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001UA.job
[2013-03-31 20:07:47 | 000,000,954 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189671484-2947882400-2928688451-1001Core.job
[2013-03-23 15:12:54 | 000,000,054 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_speccollect_LIVE.dat
[2013-03-19 21:10:59 | 000,230,206 | ---- | C] () -- C:\ProgramData\1363720194.bdinstall.bin
[2013-03-19 20:49:39 | 000,579,637 | ---- | C] () -- C:\ProgramData\1363718718.bdinstall.bin
[2013-03-18 14:12:08 | 000,000,038 | ---- | C] () -- C:\Program Files (x86)\cfg.ini
[2013-03-18 14:10:48 | 001,645,496 | ---- | C] () -- C:\Windows\ampa.exe
[2013-03-18 14:10:48 | 000,012,728 | ---- | C] () -- C:\Windows\SysWow64\ampa.sys
[2013-03-18 14:10:42 | 000,012,728 | ---- | C] () -- C:\Windows\SysWow64\ddmdrv.sys
[2013-03-18 14:10:41 | 001,293,240 | ---- | C] () -- C:\Windows\ddmmain.exe
[2013-03-17 12:49:46 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013-03-12 15:41:44 | 000,000,416 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013-03-09 12:18:07 | 000,005,632 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-03-02 17:07:06 | 000,000,104 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013-02-28 10:04:32 | 000,000,053 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE1.dat
[2013-02-26 15:43:40 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2013-02-25 17:16:37 | 000,000,052 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_oldschool_LIVE.dat
[2013-02-22 19:41:39 | 000,000,054 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_loginapplet_LIVE.dat
[2013-02-11 13:17:40 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2013-02-11 13:17:40 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2013-02-11 13:17:40 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2013-02-11 13:17:40 | 000,014,920 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2013-02-11 13:17:40 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2013-02-08 19:49:28 | 000,004,096 | -H-- | C] () -- C:\Users\Mark de Jager\AppData\Local\keyfile3.drm
[2013-02-07 16:19:56 | 000,211,665 | ---- | C] () -- C:\ProgramData\1360246678.bdinstall.bin
[2013-02-07 16:09:23 | 000,371,893 | ---- | C] () -- C:\ProgramData\1360245933.bdinstall.bin
[2013-02-07 10:17:14 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013-02-06 13:02:47 | 001,821,998 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-02-05 09:12:38 | 000,088,362 | ---- | C] () -- C:\Users\Mark de Jager\AppData\Roaming\spritesa
[2013-02-04 13:30:59 | 000,000,052 | ---- | C] () -- C:\Users\Mark de Jager\jagex_cl_runescape_LIVE.dat
[2013-02-04 13:30:59 | 000,000,024 | ---- | C] () -- C:\Users\Mark de Jager\random.dat
[2013-02-04 13:30:55 | 000,000,024 | ---- | C] () -- C:\Users\Mark de Jager\jagexappletviewer.preferences
[2013-02-04 11:27:40 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012-12-14 03:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012-12-14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012-12-14 03:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012-07-26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012-07-26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012-07-26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012-07-26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012-07-25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012-07-25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012-06-02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013-04-01 16:18:47 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-03-02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-03-02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013-03-14 17:57:53 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\1-abc
[2013-02-08 12:51:39 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Acronis
[2013-02-05 18:30:56 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\ActiveX
[2013-04-27 20:30:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Atari
[2013-03-19 10:53:58 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\CaptureSaver
[2013-03-03 11:47:03 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013-04-16 08:58:23 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Enplase
[2013-02-06 15:31:33 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\ESET
[2013-04-14 10:43:37 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\FileZilla
[2013-02-27 16:30:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Firetrust
[2013-03-21 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Genie9
[2013-04-13 19:38:35 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\GoforFiles
[2013-04-27 20:14:21 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\HTML Executable
[2013-03-09 11:47:50 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\idoo
[2013-04-20 17:29:01 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\IObit
[2013-02-25 11:44:33 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Lamantine
[2013-02-11 17:57:06 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Notepad++
[2013-03-02 17:07:40 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Photobucket
[2013-04-11 16:12:10 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\PicaJet.Com
[2013-02-05 20:03:24 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\PowerISO
[2013-03-13 15:53:24 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Publish Providers
[2013-04-14 09:51:03 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\QFX Software
[2013-02-07 16:06:02 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\QuickScan
[2013-02-05 20:16:55 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Returnil
[2013-02-05 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Soft4Boost
[2013-03-09 12:18:07 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Solveig Multimedia
[2013-03-10 17:02:18 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Sony
[2013-03-02 20:14:07 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TeamViewer
[2013-03-01 13:17:48 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TechSmith
[2013-03-05 15:11:58 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\TrueCrypt
[2013-02-09 17:01:16 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\Unity
[2013-04-28 17:33:47 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent
[2013-04-13 21:47:25 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\uTorrent Turbo Booster
[2013-04-13 21:20:38 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\WNR
[2013-02-13 11:42:54 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\X-Chat 2
[2013-03-03 13:11:32 | 000,000,000 | ---D | M] -- C:\Users\Mark de Jager\AppData\Roaming\XUSSoft

========== Purity Check ==========



< End of report >
  • 0

#13
Essexboy
Posted 29 April 2013 - 11:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets check out the system files

Start an elevated command prompt :

Go Start > All Programs > Accessories
Right click command prompt and select "Run as Administrator"
In the black box that opens type the following command and press enter :

sfc \scannow

Reboot on completion and let me know how the computer is behaving
  • 0

#14
Samballen
Posted 30 April 2013 - 02:10 AM

Samballen

    Member

  • Topic Starter
  • Banned
  • PipPip
  • 76 posts

OK lets check out the system files

Start an elevated command prompt :

Go Start > All Programs > Accessories
Right click command prompt and select "Run as Administrator"
In the black box that opens type the following command and press enter :

sfc \scannow

Reboot on completion and let me know how the computer is behaving

No probs, but only that stupid program!
  • 0

#15
Essexboy
Posted 30 April 2013 - 06:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you temporarily disable IObit Malware Fighter then see if the explorer errors still occur
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP