Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cannot download files in FF, IE or Chrome [Solved]


  • This topic is locked This topic is locked

#1
Ashholt

Ashholt

    New Member

  • Member
  • Pip
  • 8 posts
Hi there.

As of a month or so I have nog been able to download files in firefox (they do not end up in the designated folder) and files that I dl through IE or Chrome are reported as containing a virus and deleted. Needless to say this does get rather annoying after a while. I tried reinstalling ff, scanned for viruses and what not, but it was to no avail

It seems there are numerous similar topics on this forum, but if I could gather from them what I should be doing, well, I wouldn't be here. I have a laptop with which to download and a clean usb-stick to use.

Any help you might be able to provide will be much appreciated.

Sincerely,

Ash.
  • 0

Advertisements


#2
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hello and welcome to the Geeks to Go Virus, Spyware & Malware Removal forum. My name is Josh and I will be helping you remove your infection. I am only human not superman - I can make errors but will do my best to help you as best I can so we can solve your problems. If you have since resolved the original problem you were having, I would appreciate you letting me know. Please include a clear description of the problems you're having along with any steps you may have performed so far if you haven't already.

Some of the following instructions to begin the malware removal process can be hard to follow - let me know if you have any questions. Please read all of my responses through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. Also please do not attempt any disinfection procedures without my instruction as things can go wrong that way or lengthen the time it takes to disinfect your computer. Also please follow your topic to conclusion or your system may not be completely clean, and it will be more vulnerable to future infections.

Throughout our interactions I will be using canned speeches. These are premade speeches for different scenarios we will encounter. If you find errors like bad links in my canned speeches please let me know so I can fix them.

Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.

One more thing - please refrain from using your computer until it is disinfected unless you absolutely have to (unless you are following my disinfection procedures) - if you do have to use your computer please disconnect it from the Internet - that way the current malware cannot propagate further infections.

Expect no more than 36 hours between your post and my response unless World War 3 breaks out and I will need at most 48 hours for initial analysis of your OTL log. Good luck! After 4 days if a topic is not replied to we assume it has been abandoned and it is closed.

If you can't download to your infected computer for any of the following steps please download from another computer and put on your infected computer with a flash drive or external hard drive.

Step 1

The first step is to get an OTL log by doing the following. Then we can begin disinfection. Please do the following:

  • Download OTL from here
  • Double click OTL Posted Image to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Select the Scan All Users box in the middle on the top of the window
  • Under the Custom Scans/Fixes box paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    WSHELPER.*
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. If you have already run OTL it won't open Extras.txt but Extras.txt will be in the same place as the new OTL.txt so simply open it manually.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 2

  • Download aswMBR.exe ( 1870KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • It will ask you if you want to download the latest Avast! virus definitions, answer yes

    Posted Image
  • Click the Scan button to start scan

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply

Step 3

Please take a screenshot of your download virus detection with IE/Chrome. To do this press the PrtScn button when the virus detection message is on your screen. Then open MS Paint from Start menu-->programs --> accessories --> paint. Paste the screenshot by pressing Ctrl-V or select Paste from the edit menu. Then in your next post click the Insert Image button in the post toolbar two icons to the right of the smiley face and post the screenshot.

Things to see in your next post:
OTL.txt
Extras.txt
aswMBR log
virus detection screenshot

  • 0

#3
Ashholt

Ashholt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi there Josh, thank you ever so much for helping me out; it is really appreciated. Please find the logs below this text. I had some trouble saving the aswMBR logfile as it saved as a .dat file on the dekstop of the infected computer. Somehow managed to get something on the usb-stick I have been using, hopefully it is what you need.

Had some trouble uploading the screenshot, will try and do that in the next reply.

OTL logfile created on: 17-5-2013 12:22:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wiebe\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,44% Memory free
4,23 Gb Paging File | 2,48 Gb Available in Paging File | 58,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 1,73 Gb Free Space | 1,77% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 15,48 Gb Free Space | 10,57% Space Free | Partition Type: NTFS
Drive I: | 7,26 Gb Total Space | 7,26 Gb Free Space | 99,98% Space Free | Partition Type: FAT32
Drive J: | 352,03 Gb Total Space | 11,08 Gb Free Space | 3,15% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Wiebe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-05-16 14:02:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wiebe\Desktop\OTL.exe
PRC - [2013-04-22 12:26:30 | 000,812,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe
PRC - [2012-12-11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012-11-16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012-10-22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2009-12-28 16:40:40 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009-01-07 19:11:10 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2008-11-09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007-05-21 15:53:42 | 000,049,152 | ---- | M] (Sonic Focus, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012-11-16 22:44:58 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008-01-21 04:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007-06-07 01:41:54 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2013-04-19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-11-16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012-10-22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-01-05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-12-28 16:40:40 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009-03-30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-01-07 19:11:10 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2008-11-09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-11-25 19:22:12 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012-11-16 23:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012-11-16 23:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-11-16 21:39:12 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012-11-16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2012-10-22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012-10-15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012-10-02 04:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2012-09-21 04:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2012-09-21 04:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012-07-17 13:57:51 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2012-02-29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-03-01 21:53:58 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010-11-09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2009-10-10 20:55:24 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009-10-10 20:55:22 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009-10-01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009-09-30 16:32:44 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009-07-27 04:54:30 | 000,090,544 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009-04-11 07:42:21 | 000,140,288 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RMCAST.sys -- (RMCAST)
DRV:64bit: - [2009-04-08 15:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2008-03-20 11:34:12 | 000,028,672 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\aabed2.sys -- (e.dentifier2)
DRV:64bit: - [2007-12-06 09:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007-07-18 22:15:12 | 000,432,640 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2006-10-31 17:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2001-01-22 14:23:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\zntport.sys -- (zntport)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1087465187-3853098166-3709601896-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.purple.com/purple.html
IE - HKU\S-1-5-21-1087465187-3853098166-3709601896-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1087465187-3853098166-3709601896-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1087465187-3853098166-3709601896-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1087465187-3853098166-3709601896-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@ABNAMRO/BECON,version=1.00: C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll (ABN AMRO)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Wiebe\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)


[2010-02-12 21:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wiebe\AppData\Roaming\mozilla\Extensions
[2010-02-12 21:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wiebe\AppData\Roaming\mozilla\Extensions\[email protected]
[2013-05-05 15:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013-04-12 16:57:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013-04-12 16:57:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013-04-12 16:57:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013-04-12 16:57:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Enabled) = E:\Adobe\Reader\Browser\nppdf32.dll
CHR - plugin: ABN AMRO e.dentifier2 Plug-in (Enabled) = C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Wiebe\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Google Documenten = C:\Users\Wiebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Wiebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Wiebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Zoeken = C:\Users\Wiebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Wiebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-10-12 21:47:33 | 000,343,691 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11784 more lines...
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-1087465187-3853098166-3709601896-1000\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] E:\Adobe\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundTray] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
O4 - HKLM..\Run: [StartCCC] E:\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1087465187-3853098166-3709601896-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1087465187-3853098166-3709601896-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-1087465187-3853098166-3709601896-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1087465187-3853098166-3709601896-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1087465187-3853098166-3709601896-1000..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" File not found
O4 - HKU\S-1-5-21-1087465187-3853098166-3709601896-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.104.196 213.46.228.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AA51869-6FE1-4201-A5C9-BCB8B91CACFC}: DhcpNameServer = 62.179.104.196 213.46.228.196
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Wiebe\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Wiebe\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-05-16 14:13:10 | 000,000,016 | -H-- | M] () - I:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{7088c3cf-23af-11df-ba9f-001fc644ae83}\Shell\AutoRun\command - "" = I:\Launcher.exe
O33 - MountPoints2\{c2a64528-180a-11df-a9c0-001fc644ae83}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe
O33 - MountPoints2\{eeff0eb3-108c-11de-add1-001fc644ae83}\Shell - "" = AutoRun
O33 - MountPoints2\{eeff0eb3-108c-11de-add1-001fc644ae83}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\OblivionLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013-05-17 12:20:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wiebe\Desktop\OTL.exe
[2013-05-05 15:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013-05-05 15:32:25 | 000,000,000 | ---D | C] -- C:\Users\Wiebe\AppData\Local\Apps
[2013-05-05 15:32:24 | 000,000,000 | ---D | C] -- C:\Users\Wiebe\AppData\Local\Deployment
[2013-05-05 15:07:45 | 000,000,000 | ---D | C] -- C:\Users\Wiebe\Desktop\Oude Firefox-gegevens
[2011-03-01 21:53:58 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Wiebe\AppData\Roaming\pcouffin.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-05-17 12:21:59 | 001,713,774 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-05-17 12:21:59 | 000,756,178 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013-05-17 12:21:59 | 000,664,076 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-05-17 12:21:59 | 000,166,594 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013-05-17 12:21:59 | 000,131,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-05-17 12:06:47 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-05-17 11:59:28 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013-05-17 11:59:28 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013-05-17 11:59:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-05-17 11:38:06 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-05-16 22:31:45 | 004,824,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-05-16 14:02:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wiebe\Desktop\OTL.exe
[2013-05-09 17:08:49 | 000,000,498 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Wiebe.job
[2013-05-09 02:56:07 | 003,898,374 | ---- | M] () -- C:\Users\Wiebe\Desktop\Audio.wma
[2013-05-09 02:50:33 | 004,876,585 | ---- | M] () -- C:\Users\Wiebe\Desktop\jcm.wma
[2013-05-06 15:47:16 | 000,002,049 | ---- | M] () -- C:\Users\Wiebe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013-05-05 15:34:51 | 000,041,744 | ---- | M] () -- C:\Users\Wiebe\Desktop\bookmarks-2013-05-05.json
[2013-05-05 15:34:24 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013-04-24 22:19:26 | 000,252,841 | ---- | M] () -- C:\Users\Wiebe\Desktop\1366824719850.png
[2013-04-23 18:45:15 | 000,001,489 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-05-09 02:56:01 | 003,898,374 | ---- | C] () -- C:\Users\Wiebe\Desktop\Audio.wma
[2013-05-09 02:50:26 | 004,876,585 | ---- | C] () -- C:\Users\Wiebe\Desktop\jcm.wma
[2013-05-05 15:34:48 | 000,041,744 | ---- | C] () -- C:\Users\Wiebe\Desktop\bookmarks-2013-05-05.json
[2013-05-05 15:34:24 | 000,002,049 | ---- | C] () -- C:\Users\Wiebe\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013-05-05 15:34:24 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013-05-05 15:33:18 | 000,001,054 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-05-05 15:33:15 | 000,001,050 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-04-24 23:39:10 | 000,252,841 | ---- | C] () -- C:\Users\Wiebe\Desktop\1366824719850.png
[2013-02-19 23:18:03 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2013-02-19 23:18:03 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2013-02-19 23:17:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012-07-17 13:56:23 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011-06-27 21:25:32 | 000,001,024 | ---- | C] () -- C:\ProgramData\imgpdf2.dll
[2011-03-01 21:53:58 | 000,099,384 | ---- | C] () -- C:\Users\Wiebe\AppData\Roaming\inst.exe
[2011-03-01 21:53:58 | 000,007,859 | ---- | C] () -- C:\Users\Wiebe\AppData\Roaming\pcouffin.cat
[2011-03-01 21:53:58 | 000,001,167 | ---- | C] () -- C:\Users\Wiebe\AppData\Roaming\pcouffin.inf
[2011-02-10 00:52:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-03-29 20:07:49 | 000,000,680 | ---- | C] () -- C:\Users\Wiebe\AppData\Local\d3d9caps.dat
[2009-10-24 19:09:14 | 000,000,262 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009-01-08 00:51:32 | 000,205,312 | ---- | C] () -- C:\Users\Wiebe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-01-07 19:43:28 | 000,000,093 | ---- | C] () -- C:\Users\Wiebe\AppData\Local\fusioncache.dat
[2009-01-07 17:05:21 | 000,000,732 | ---- | C] () -- C:\Users\Wiebe\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006-11-02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-04-11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008-01-21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013-03-28 20:09:01 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013-03-28 20:09:01 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2009-07-22 23:24:48 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\Ableton
[2013-05-15 00:43:56 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\Audacity
[2013-03-28 20:01:46 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\AVG2013
[2009-04-15 21:54:37 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\Belastingdienst
[2009-04-17 22:11:22 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\Canon
[2011-01-16 22:27:41 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009-11-06 22:20:16 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\COWON
[2009-07-16 21:50:06 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\DAZ 3D
[2011-06-27 21:28:24 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\GetRightToGo
[2009-05-08 11:32:45 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\ImgBurn
[2012-02-12 12:20:13 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\Juniper Networks
[2009-03-16 00:30:21 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\Leadertech
[2009-01-13 01:32:30 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\My Games
[2012-03-07 20:45:57 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\ooVoo Details
[2010-08-19 19:23:28 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\OxelonMC
[2009-07-23 00:01:46 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\Publish Providers
[2013-01-21 13:24:59 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\Rovio
[2012-07-24 20:20:45 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\Six-Updater
[2009-07-22 23:50:12 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\Sony
[2009-08-15 00:04:02 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\Stop_Motion_Pro_Projects
[2011-02-20 16:50:09 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\TMP
[2010-02-12 21:21:39 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\TomTom
[2009-10-25 15:58:57 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\Tropico 3
[2013-03-28 19:59:58 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\TuneUp Software
[2010-03-22 16:47:43 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\Ubisoft
[2013-05-15 22:55:37 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\uTorrent
[2011-03-01 21:54:31 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\Vso
[2013-01-16 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\XBMC
[2010-02-28 19:38:53 | 000,000,000 | ---D | M] -- C:\Users\Wiebe\AppData\Roaming\XRay Engine

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008-10-29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008-10-29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008-10-29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008-10-30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009-04-11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009-04-11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008-10-28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008-10-29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008-10-30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008-10-28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008-01-21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008-01-21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SERVICES >
[2006-09-18 23:37:24 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\services

< MD5 for: SERVICES.EXE >
[2008-01-21 04:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009-04-11 09:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009-04-11 09:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008-01-21 04:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2008-01-21 09:55:45 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=428F511BDE3B3C034FCA7830C1BD0676 -- C:\Windows\SysWOW64\nl-NL\services.exe.mui
[2008-01-21 09:55:45 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=428F511BDE3B3C034FCA7830C1BD0676 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_20d27679b21218f4\services.exe.mui
[2008-01-21 09:53:57 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=8A486AAD6E82D05B661719D42A5789EA -- C:\Windows\SysNative\nl-NL\services.exe.mui
[2008-01-21 09:53:57 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=8A486AAD6E82D05B661719D42A5789EA -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_7cf111fd6a6f8a2a\services.exe.mui

< MD5 for: SERVICES.EXE-2260497F.PF >
[2013-05-16 22:32:35 | 000,014,124 | ---- | M] () MD5=90E7FD3925E2424E6F8F079852FAB58B -- C:\Windows\Prefetch\SERVICES.EXE-2260497F.pf

< MD5 for: SERVICES.HEARSTMAGS[1].XML >
[2013-05-12 17:33:26 | 000,000,113 | ---- | M] () MD5=6290D1E5BDC69FCC877310826723E40A -- C:\Users\Wiebe\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\XY22KN97\services.hearstmags[1].xml

< MD5 for: SERVICES.LNK >
[2008-01-21 05:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008-01-21 05:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2009-12-25 12:44:14 | 000,000,183 | ---- | M] () MD5=AF09DE206D6211D245592E567524ED2D -- C:\Users\Wiebe\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7FNCJ7TV\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2006-09-18 23:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2006-09-18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysWOW64\wbem\services.mof
[2006-09-18 23:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.mof
[2006-09-18 23:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.mof
[2006-09-18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006-09-18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006-09-18 23:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2006-09-18 23:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2006-09-18 23:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_2b827e27fe185619\services.msc
[2006-09-18 23:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
[2008-01-21 09:53:10 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\SysNative\nl-NL\services.msc
[2008-01-21 09:54:24 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\SysWOW64\nl-NL\services.msc
[2008-01-21 09:53:10 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_b732e1e940d9241d\services.msc
[2008-01-21 09:54:24 | 000,092,747 | ---- | M] () MD5=E4FE4D28A62170560B388B241E5F2D6B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_5b144665887bb2e7\services.msc

< MD5 for: SERVICES.SBS >
[2009-10-20 09:28:22 | 000,032,152 | ---- | M] () MD5=89968C07120984242D36C1112CB1457E -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008-01-21 04:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008-01-21 04:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008-01-21 04:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008-01-21 04:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008-01-21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008-01-21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008-01-21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008-01-21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009-04-11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009-04-11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008-01-21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008-01-21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2006-11-02 11:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\SysWOW64\wshelper.dll
[2006-11-02 11:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_6af84843e4192e9a\wshelper.dll
[2006-11-02 13:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\SysNative\wshelper.dll
[2006-11-02 13:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\wshelper.dll

< MD5 for: WSHELPER.DLL.MUI >
[2008-01-21 09:56:49 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=37D68CC2326135743F2E0CDE81420FEF -- C:\Windows\SysNative\nl-NL\wshelper.dll.mui
[2008-01-21 09:56:49 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=37D68CC2326135743F2E0CDE81420FEF -- C:\Windows\winsxs\amd64_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_c0d1369cdd3f4cff\wshelper.dll.mui
[2008-01-21 09:52:41 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=ADB13196D63B32B58661437A839501CA -- C:\Windows\SysWOW64\nl-NL\wshelper.dll.mui
[2008-01-21 09:52:41 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=ADB13196D63B32B58661437A839501CA -- C:\Windows\winsxs\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_64b29b1924e1dbc9\wshelper.dll.mui

< C:\Windows\assembly\tmp\U\*.* /s >
[2006-11-02 17:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006-11-02 17:42:03 | 000,032,544 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010-05-18 20:46:10 | 000,000,498 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for Wiebe.job
[2013-05-05 15:33:15 | 000,001,050 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013-05-05 15:33:18 | 000,001,054 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart versie 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
Op computer: PC
Volume ### Ltr Label FS Type Grootte Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
volume 0 D Dvd-rom 0 B Geen medi
volume 1 G Dvd-rom 0 B Geen medi
volume 2 H Dvd-rom 0 B Geen medi
volume 3 C NTFS partitie 98 GB In orde Systeem
volume 4 E NieuwVolume NTFS partitie 146 GB In orde
volume 5 J NieuwVolume NTFS partitie 352 GB In orde
volume 6 I KINGSTON FAT32 Verwisselb 7438 MB In orde

========== Files - Unicode (All) ==========
[2012-06-06 18:41:29 | 000,011,932 | ---- | M] ()(C:\Users\Wiebe\Documents\??? ??? ??? ????.docx) -- C:\Users\Wiebe\Documents\یکی بود یکی نبود.docx
[2012-05-27 16:54:05 | 000,011,932 | ---- | C] ()(C:\Users\Wiebe\Documents\??? ??? ??? ????.docx) -- C:\Users\Wiebe\Documents\یکی بود یکی نبود.docx
[2011-06-27 21:36:11 | 000,015,254 | ---- | M] ()(C:\Users\Wiebe\Desktop\???? ?????.docx) -- C:\Users\Wiebe\Desktop\بسمه تعالی.docx
[2011-06-27 21:36:11 | 000,015,254 | ---- | C] ()(C:\Users\Wiebe\Desktop\???? ?????.docx) -- C:\Users\Wiebe\Desktop\بسمه تعالی.docx

< End of report >


OTL Extras logfile created on: 17-5-2013 12:22:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wiebe\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

2,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,44% Memory free
4,23 Gb Paging File | 2,48 Gb Available in Paging File | 58,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 1,73 Gb Free Space | 1,77% Space Free | Partition Type: NTFS
Drive E: | 146,48 Gb Total Space | 15,48 Gb Free Space | 10,57% Space Free | Partition Type: NTFS
Drive I: | 7,26 Gb Total Space | 7,26 Gb Free Space | 99,98% Space Free | Partition Type: FAT32
Drive J: | 352,03 Gb Total Space | 11,08 Gb Free Space | 3,15% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Wiebe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- J:\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- J:\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 30 E6 BE 93 74 52 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0358BF62-47CC-4A14-842A-44C4F666EDE5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B85E84D-2E46-424D-A24C-AB94BC805836}" = lport=2869 | protocol=6 | dir=in | app=system |
"{198867CD-0D0E-4587-A173-00BE04207EBD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1D83D507-1478-4FB6-9449-BA176A45CD7D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20AF690B-9E64-4A87-A12A-B9A1D784762F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{216C0E82-56E5-4A73-8939-1F132C3CDC68}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2ACA246F-1EE0-4655-9733-98F3A38B2689}" = lport=10244 | protocol=6 | dir=in | app=system |
"{2F0A28A6-A1C6-4093-9CCC-96C903710732}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{311F7DCC-9AAF-43D5-B750-EEE518E1A39C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{340F1658-6FD3-4C41-BA3F-999C67B3D033}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3620BBA5-BC48-4E91-86EF-8B610F3EECCD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{428E5953-68EC-4C09-BDBC-C0FF470A44E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4454D6CA-ECBF-47B6-833B-7D116FF0E903}" = lport=139 | protocol=6 | dir=in | app=system |
"{4673BE9A-8C25-425A-9C66-6C5057707B29}" = rport=138 | protocol=17 | dir=out | app=system |
"{49721DD6-155F-4FE6-8AB6-B0BF7014A48B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{514F581C-C019-4C82-91EA-DD57F169D95D}" = lport=138 | protocol=17 | dir=in | app=system |
"{547E8096-04DC-49F4-B1D5-CBCE69B18593}" = lport=10244 | protocol=6 | dir=in | app=system |
"{55C9B6A0-EFFB-441C-8A30-A8212880BDF5}" = rport=137 | protocol=17 | dir=out | app=system |
"{5A0AE898-2FE2-4635-B900-734A36808B80}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5A9DD77F-22BE-4897-9933-FF2599F68DFB}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5C445533-74C6-473A-9BF7-951C4784F99A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{607B3BBA-A702-4C83-8AF3-47264A4C2090}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{62DFA686-26CF-4E84-9C02-758631E54DF9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6A911B79-F215-4347-B016-7D5997EA5F6F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E724FA0-C9DA-44C1-AC78-B33A88BD14F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71BDE8C3-BDCC-4002-90C4-508ED9FD6681}" = rport=10244 | protocol=6 | dir=out | app=system |
"{725AA79B-E1AC-4B37-9E65-485A4D962EAE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{74EDF93E-E17F-44D3-884D-BF3E9AD6E8BB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7CA63393-F5D6-46B2-81D8-09A5627C4317}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{84CF86A1-2EF0-495D-96B3-BAD9702159CD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{857883D4-EE1D-4E0D-AEC8-4DBDF6D51128}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{85D6EA34-34AB-4901-BB77-AB34FA842C03}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97848312-81E6-4568-9CEE-28549787028F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{99E7AA95-6D16-48FF-8316-B700A5390CE5}" = lport=3390 | protocol=6 | dir=in | app=system |
"{9DBA19A6-E41C-4A50-8D3A-535035795812}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9F8C301F-A630-4C33-9220-37E6A3D6A922}" = lport=3390 | protocol=6 | dir=in | app=system |
"{A0E63B72-4911-4CA9-8FC1-3CA7D4B463E5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB2392A6-089E-4FEC-8359-7807B052CDDB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB984105-1AF9-498D-8CE6-4693DC60E7B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3A364F6-ED2D-4FB6-AC0D-694A95DCF1B2}" = lport=445 | protocol=6 | dir=in | app=system |
"{B52E2C5D-9785-48A2-85F1-EC39612D7866}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B95A3F9A-CF95-43F9-A138-A3924F39AF0D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BA540409-B2E7-442A-951A-47B4DA173F88}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{BD235D6F-A8C7-4701-856A-0C685A934256}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BED22D0D-3A8F-4EFB-B7A7-C26525595150}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BFA9514E-697F-413E-85A8-5147B3905D36}" = rport=139 | protocol=6 | dir=out | app=system |
"{C5162D68-17E4-4D61-BD1F-073551FA286D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{C7CA76B0-E301-46D3-A78D-70C316732B64}" = lport=137 | protocol=17 | dir=in | app=system |
"{C8968DCA-CAA8-4A3D-B63C-0E85601CFCD3}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6567AD9-3AB0-4FC0-8801-DE77AD7FAFEF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DBE576C3-64E4-4ED7-A063-0D6EA57A8C0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DC77F0F8-180B-486D-8CFF-E910A102EB65}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF485D44-8F20-4307-8DB5-05C5A5E49E55}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E60E4864-EFD4-4A71-9F54-E17B2B274FA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2DAB9FE-FBAD-43E2-BB3F-008D40DCAF2B}" = rport=10244 | protocol=6 | dir=out | app=system |
"{FF99CA70-48E6-44EE-8D6C-EEA921B39A60}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FFBD3D5C-70EF-47CA-873B-2DC0BDBB6A62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DCFC34-1F35-4AFE-9FCC-EE38AEFBC6E4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{027A3EFD-3C40-4080-A361-4B06EE7205EE}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{0492D37E-1AE9-4602-BF2A-32EED7AF47F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05E94625-35E5-480C-9F53-0B60BD0C5280}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{06FEA221-D59D-45D2-9C98-BF21A4985DB5}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{078B906C-EDF4-43E8-9D96-F13A1B2EDD8F}" = protocol=6 | dir=in | app=e:\starcraft\starcraft ii.exe |
"{0B178E1D-334B-44D1-8A32-A904FA366DE1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{0CDC423D-7F69-4864-8D17-C37CC752819A}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
"{10FE84E8-29AA-4116-8AA7-96CADBF83F06}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{11FFAE54-2D14-4248-AD35-CF1C8310B421}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\hotline_miami\hotlinemiami.exe |
"{13F61681-E073-4A53-9706-5E03E2699F9E}" = protocol=6 | dir=in | app=e:\assassinscreed\assassinscreedii.exe |
"{14B20585-59CB-44B4-B3F0-76B7BABF4FF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{182F6556-1007-491A-9960-3CB30A9A3992}" = protocol=6 | dir=in | app=e:\starcraft\versions\base15405\sc2.exe |
"{1909381C-5236-4885-99AC-B970FC194F75}" = protocol=6 | dir=out | app=system |
"{2666C747-4C99-4DE3-9F0F-634943A4EF13}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{272923DA-F280-451D-9127-726ADD508F78}" = protocol=17 | dir=in | app=e:\gtaiv\grand theft auto iv\launchgtaiv.exe |
"{28A5DE09-468B-4F81-99FB-9B2BECEA5EF3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{28F08E81-01E5-4A54-83EE-D1910170542C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{295DCC52-E6A4-4F23-BF9F-C7C7813E1979}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{297226FD-4936-4412-82F8-670EA8E39643}" = protocol=17 | dir=in | app=e:\starcraft\starcraft ii.exe |
"{2C4C31B7-CB16-4249-A3E9-3D17D8756DC2}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{301F1791-0748-4F21-A59D-EF16C245EBF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{320EA883-FD00-4CAE-A5DB-048D8186FEF3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{330C945D-7104-4E10-B2AD-912F1068C522}" = protocol=6 | dir=in | app=e:\assassinscreed\uplaybrowser.exe |
"{33894BE1-66E5-41F2-8930-9570C810C449}" = protocol=17 | dir=in | app=e:\gta4\rockstar games social club\rgsclauncher.exe |
"{339178F9-C497-4A80-BD61-C7C5C2754570}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{34DFDCC7-53D3-41C6-90D7-3EF09B4D815F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{35B85E84-F2AF-489F-8E33-99A0382535CD}" = protocol=6 | dir=in | app=e:\wic\wic_online.exe |
"{37514AB7-F897-4E9A-928D-233D4D4CCE70}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3D7990BB-3D0A-41A8-A968-92F984466235}" = protocol=6 | dir=in | app=e:\burnout\burnoutparadise.exe |
"{3D7A25E5-A2B9-4380-A619-F0C404602550}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{44C7285D-65C2-49BF-981C-78AFFAF2C6E0}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{46E2A4D3-BB92-4306-9E1B-7856212C471E}" = protocol=6 | dir=in | app=e:\burnout\burnoutconfigtool.exe |
"{4A430FE0-19E7-42A4-9603-398A86E9100C}" = protocol=6 | dir=in | app=e:\gta4\rockstar games social club\rgsclauncher.exe |
"{4A63D3CD-87C8-4E5F-9413-515197E2A508}" = protocol=6 | dir=in | app=e:\wic\wic_ds.exe |
"{589A1A98-A0CA-4398-8DC8-3530C3ECB441}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{598CB52C-BCE4-490A-B3F4-B59878A80424}" = protocol=6 | dir=in | app=e:\gtaiv\grand theft auto iv\launchgtaiv.exe |
"{5C265DD2-81A4-4B61-A8B0-7F770951A3E0}" = protocol=17 | dir=in | app=e:\crysis\bin32\crysis.exe |
"{5D1730C8-E706-4500-9283-2E728B1BBD7B}" = protocol=17 | dir=in | app=e:\starcraft\versions\base15405\sc2.exe |
"{5D8221B6-85B8-4569-A319-FAFD2D87A9FD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{5DAF1BEA-F729-4475-B147-420BA250FAB8}" = protocol=6 | dir=in | app=e:\wic\wic.exe |
"{5DC6421D-BF4C-45C5-9CF7-BF61A66E2FCA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{5DE403C7-40D9-4D6C-84F5-CD57A9F0813C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5EAC0980-90BF-4F61-B00F-FDA08F6F1AAE}" = protocol=17 | dir=in | app=e:\wic\wic_online.exe |
"{5F3A1CEF-9AB5-41E5-8A1F-4F2588816852}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5F4D0EA0-0EB4-4462-B87E-0960DDD557A6}" = protocol=17 | dir=in | app=j:\rainbow six\binaries\r6vegas2_launcher.exe |
"{63F245C7-6DD1-4C21-9A68-CEEA29D4C549}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{69187744-B971-4C41-9561-CCC6AFF0148D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A06919F-6F43-4FB2-A03B-40CB2E1E26F2}" = protocol=6 | dir=in | app=j:\rainbow six\binaries\r6vegas2_launcher.exe |
"{6A802A61-A871-4695-B214-575D702660FC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{6AC77299-510B-4CB8-9C71-8AB82A770A18}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B4B9E27-2215-45AA-A240-6E60F2181AA0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6F675D26-E14B-45B4-ADF8-CCBEA6BBC177}" = protocol=1 | dir=in | [email protected],-28543 |
"{71435ED4-316D-4D9F-A370-90917EFFF4FF}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{78259478-2FCA-4784-B52C-902147FE0F6A}" = protocol=17 | dir=in | app=e:\crysis\bin32\crysisdedicatedserver.exe |
"{79537B1D-26E5-4062-86C1-BC159CAFF87F}" = protocol=6 | dir=in | app=e:\crysis\bin32\crysis.exe |
"{7CC13656-EB6A-40E4-8285-E55EF5DA2233}" = protocol=17 | dir=in | app=e:\assassinscreed\assassinscreediigame.exe |
"{7D27C3AB-508F-4C7D-AFF0-3D447D6DBBD1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EB95289-551B-4EBA-83AF-73222D976792}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{7F0574F7-C36E-420F-9835-58C39F331D7B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{843C8D79-F899-4668-8BF7-63D85ABB2E6D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{847C0C25-72A9-48E4-9799-DC683E7893ED}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{8483D5F7-9F19-4546-ABBA-71FA92DF586C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{84B4E8E9-C18F-4819-9572-01D07AA84D0E}" = protocol=17 | dir=in | app=j:\rainbow six\binaries\r6vegas2_game.exe |
"{85A7EF58-FF01-43E8-9376-7B8F1D8029F7}" = protocol=6 | dir=in | app=e:\crysis\bin32\crysisdedicatedserver.exe |
"{85B88713-B37C-4B8D-8440-230F1BADE7E1}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8822E89F-F3A7-43AB-B0FA-BEDAC48F4727}" = protocol=6 | dir=in | app=e:\burnout\burnoutlauncher.exe |
"{882B6DF1-EADC-4989-B68A-B8DF871A7B71}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C0C7FF5-BA77-4229-9DFB-3AEAA62A796D}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\arma 2\arma2.exe |
"{8CE62EEF-A78A-40BF-B23E-E190F553425F}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{8F85E658-517F-4B29-81CE-B79ADEFDFD92}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{8FA29751-1B13-4C98-B53E-C4ADDFD82EDE}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{903BE92A-3FB6-4DC4-AEF9-A8761209B6E9}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{90C18A4C-3222-45E4-9811-40590F030F00}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{936F779F-67F6-46B0-B7B4-4D76921A9C8B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{94AC6A16-9B44-4F7D-9E20-42E37EA8BE60}" = protocol=17 | dir=in | app=e:\wic\wic_ds.exe |
"{9530D104-7D94-45B3-BA20-CCEDDB74814F}" = protocol=58 | dir=out | [email protected],-28546 |
"{9AFA8E47-586B-4E07-8C70-4CDE67A8A85F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{9E10BE3F-16F5-4614-A9B0-F925E70994EB}" = protocol=17 | dir=in | app=e:\burnout\burnoutparadise.exe |
"{9E23697C-B742-4F73-923A-04AF4A559597}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9E8DA036-14D5-4207-A9BD-DBE7DB00ED8C}" = protocol=6 | dir=in | app=e:\crysis\bin64\crysis.exe |
"{A22AE777-2741-4122-9C71-45BE92D69C9A}" = protocol=17 | dir=in | app=e:\wic\wic.exe |
"{A59C0578-FA8F-43CD-8C5A-3D367CEDA136}" = protocol=17 | dir=in | app=e:\assassinscreed\assassinscreedii.exe |
"{A7AB5CEF-A2A1-41C6-8367-D9E4FA096331}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA4A3515-1699-4DB2-B667-9E667F51B569}" = protocol=6 | dir=in | app=e:\civ 4\beyond the sword\civ4beyondsword.exe |
"{AA98581A-3ECD-459B-9828-D9499D46D09A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{ACFBD2F1-8323-4743-9510-39EE2C66D7C0}" = protocol=58 | dir=in | [email protected],-28545 |
"{AE8536E7-C757-44C5-B0D4-60E57F968F77}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"{B47F07FE-ECCB-47F5-B33F-78F1FFD56FB4}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{B54D58C3-5E24-4110-BFA8-B8531A045C86}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B7301626-6092-4C8B-AF03-326748E18867}" = protocol=58 | dir=in | [email protected],-148 |
"{B9CBDA26-2EA4-423B-BB81-868D9C1B5144}" = protocol=6 | dir=in | app=j:\rainbow six\binaries\r6vegas2_game.exe |
"{BC95AB4C-F166-4330-8D00-EDA8376AC5C2}" = protocol=6 | dir=in | app=e:\civ 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{BF886C6A-0834-4E5D-A75D-705A83C027DF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{BFC6627A-2870-4F5D-9098-35B60906ACB4}" = protocol=6 | dir=in | app=e:\crysis\bin64\crysisdedicatedserver.exe |
"{C4CA92C9-6467-4C36-864D-6BFC973B8F87}" = protocol=17 | dir=in | app=e:\civ 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{C5DCA1E6-74B6-4442-B760-57EFEC734769}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C6807768-CBEA-492C-9A7E-2AECD9935A8B}" = protocol=17 | dir=in | app=e:\crysis\bin64\crysisdedicatedserver.exe |
"{CF21EB24-88CD-439C-BA68-8A18EAAB8AD2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0200EFD-8E5B-4E16-B848-3CB77530B70F}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D21B74E2-ACAA-4BAE-8BE2-385F18D02961}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D2C12CEA-74EF-4488-B61C-9E301A97CE8B}" = protocol=17 | dir=in | app=e:\assassinscreed\uplaybrowser.exe |
"{D4B2B666-A75D-4B2B-A360-9BF76380D73B}" = protocol=6 | dir=in | app=e:\assassinscreed\assassinscreediigame.exe |
"{D7068A55-A558-4827-8F45-63508AC85416}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{DC9A90E3-79C2-402F-8E7B-7E1C8AD70495}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{DCC1CF66-257E-4D04-9247-EA5D9F94E2FF}" = protocol=17 | dir=in | app=e:\burnout\burnoutlauncher.exe |
"{E26E99E4-EC5C-4BF5-A52F-81A82F6B8F64}" = protocol=17 | dir=in | app=e:\crysis\bin64\crysis.exe |
"{E39114FE-87D4-4537-AEF3-CC1809CBFB4A}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{E3FC2B5F-2E20-40E7-83E1-98491152E60A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{E79197E8-C442-49AF-B18D-FF22B0330D52}" = protocol=1 | dir=out | [email protected],-28544 |
"{E8551C2E-A8DD-45F9-BA44-BD203ADE75B8}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{EC203BE9-7D84-439F-8895-7DCAA0776C93}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\arma 2\arma2.exe |
"{EFE32091-38D2-45C7-A9EE-00FA5B915E20}" = protocol=17 | dir=in | app=e:\civ 4\beyond the sword\civ4beyondsword.exe |
"{F5862937-3D9D-4C19-813B-AA0178E5C47E}" = protocol=17 | dir=in | app=e:\burnout\burnoutconfigtool.exe |
"{FDDDDA95-8834-473B-9D2C-9BD7EF1B88F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1521098E-299B-4254-90DA-671FB8446BE2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{23105005-F1D0-413F-B8E1-01091559E4DE}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{285F13DD-C591-4662-A0F0-479C35E47B58}E:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{3BE2384F-78F5-4790-837E-412567E14863}C:\program files (x86)\505games\1c\men of war\mow.exe" = protocol=6 | dir=in | app=c:\program files (x86)\505games\1c\men of war\mow.exe |
"TCP Query User{3F7AFF57-F976-43C7-8D55-5195EE2C0C04}E:\xbmc\xbmc.exe" = protocol=6 | dir=in | app=e:\xbmc\xbmc.exe |
"TCP Query User{49AB8556-CFE6-4AD6-B3D8-7D1FFC4E4B71}J:\aagame\system\armyops.exe" = protocol=6 | dir=in | app=j:\aagame\system\armyops.exe |
"TCP Query User{588DA7D1-F50D-4FB7-BB0D-6C767CA987D0}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{6CE321B4-4612-4378-B9D8-3998E051265D}E:\dead space game\dead space.exe" = protocol=6 | dir=in | app=e:\dead space game\dead space.exe |
"TCP Query User{760CBA98-16EC-4016-8D92-1B912C8BBA71}E:\arma game\arma2.exe" = protocol=6 | dir=in | app=e:\arma game\arma2.exe |
"TCP Query User{7E662801-CD44-4DF5-A238-8EABB6787B1C}J:\civ 4\beyond the sword\civ4beyondsword.exe" = protocol=6 | dir=in | app=j:\civ 4\beyond the sword\civ4beyondsword.exe |
"TCP Query User{8E2C1453-DDD0-4374-814D-38EA7999A4FA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{8F98484D-FC74-471E-A3DF-3A5F786C4B1C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{9722F470-C45D-46C0-9B26-1857CD0129A9}J:\gamespy\comrade.exe" = protocol=6 | dir=in | app=j:\gamespy\comrade.exe |
"TCP Query User{A30FABBC-7F86-477F-AF14-0A7FB1CF15D7}E:\portal 2\portal2.exe" = protocol=6 | dir=in | app=e:\portal 2\portal2.exe |
"TCP Query User{A6766EF1-3DE8-41D9-A864-208C37D2649A}J:\aa\aadeployclient.exe" = protocol=6 | dir=in | app=j:\aa\aadeployclient.exe |
"TCP Query User{A9403783-0162-47D5-BCC5-B62FCC35492D}E:\sixupdater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=e:\sixupdater\tools\bin\rsync.exe |
"TCP Query User{ACCA74B4-0DD7-4291-B683-87D6ECBE6973}E:\left 4 dead\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=e:\left 4 dead\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe |
"TCP Query User{B1FEDFF9-3798-42CA-88CB-FD686CEA7505}E:\gtaiv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=e:\gtaiv\grand theft auto iv\gtaiv.exe |
"TCP Query User{B920F20F-BA55-4427-98B0-DE4F4F455A89}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{C4BF5163-C1FA-4DAE-A8FA-68C92E57B96E}J:\civ 4\pitboss.exe" = protocol=6 | dir=in | app=j:\civ 4\pitboss.exe |
"TCP Query User{C7815C96-17A7-4DE3-893E-F17CB9BA9FE6}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{E060439B-4060-47B0-AF7C-26A4CAE8D475}J:\soulseek\slsk.exe" = protocol=6 | dir=in | app=j:\soulseek\slsk.exe |
"TCP Query User{E5AFA8F9-CBF4-4F68-8B17-7A156A72D42E}E:\dead space game\dead space.exe" = protocol=6 | dir=in | app=e:\dead space game\dead space.exe |
"TCP Query User{F037EBA3-D31D-4580-8C15-DBF24A83408B}E:\arma\arma\arma.exe" = protocol=6 | dir=in | app=e:\arma\arma\arma.exe |
"TCP Query User{F4B840EB-9234-4FE3-B15C-91922A63153B}C:\program files (x86)\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\soulseek\slsk.exe |
"UDP Query User{1651605D-6974-4228-8457-7BF22BB155CE}E:\portal 2\portal2.exe" = protocol=17 | dir=in | app=e:\portal 2\portal2.exe |
"UDP Query User{21D2D14C-E260-465D-B6B4-95D1F0F97DD1}J:\gamespy\comrade.exe" = protocol=17 | dir=in | app=j:\gamespy\comrade.exe |
"UDP Query User{2818825E-EF1A-4B70-81CD-6EE127E883A6}E:\dead space game\dead space.exe" = protocol=17 | dir=in | app=e:\dead space game\dead space.exe |
"UDP Query User{2941AD2F-08FB-49D2-8EF7-7FACF2822334}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{2CBA77C1-6C77-4A64-AC1A-1736ED7EB250}E:\xbmc\xbmc.exe" = protocol=17 | dir=in | app=e:\xbmc\xbmc.exe |
"UDP Query User{4FFC7939-E048-44D6-B2A9-E1BD231128BE}E:\arma\arma\arma.exe" = protocol=17 | dir=in | app=e:\arma\arma\arma.exe |
"UDP Query User{62640463-535A-44EB-A78F-1EA7512FCF4B}E:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{636AF811-3101-4F9B-892C-E6B1389D180B}C:\program files (x86)\505games\1c\men of war\mow.exe" = protocol=17 | dir=in | app=c:\program files (x86)\505games\1c\men of war\mow.exe |
"UDP Query User{65B76C34-4BC9-448E-A248-94D9650AA36C}C:\program files (x86)\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\soulseek\slsk.exe |
"UDP Query User{66FE1E36-1489-4C97-99A3-01F5DF7436EC}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{6B152EF8-3AF0-491C-B7D3-CCE4E8E451E9}J:\aa\aadeployclient.exe" = protocol=17 | dir=in | app=j:\aa\aadeployclient.exe |
"UDP Query User{79D53538-3391-4882-9FB8-AE120775214A}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{83F52F16-8BA0-4B04-85AA-B5DF241FEE04}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{8D487F72-EF31-496B-8357-BA6470356337}J:\aagame\system\armyops.exe" = protocol=17 | dir=in | app=j:\aagame\system\armyops.exe |
"UDP Query User{A84887E0-7BC1-4390-8FCE-F3B006D73F30}E:\arma game\arma2.exe" = protocol=17 | dir=in | app=e:\arma game\arma2.exe |
"UDP Query User{ADBCB255-53AF-4B48-8E60-89C24D2C68D8}E:\sixupdater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=e:\sixupdater\tools\bin\rsync.exe |
"UDP Query User{AFEFA482-4887-4F88-88C5-B426CA5F9448}E:\gtaiv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=e:\gtaiv\grand theft auto iv\gtaiv.exe |
"UDP Query User{D8A7EFD6-2F2E-45BE-A20D-51EC2BAFDEEE}J:\civ 4\pitboss.exe" = protocol=17 | dir=in | app=j:\civ 4\pitboss.exe |
"UDP Query User{DEAE41B1-D685-4883-B23B-DC93B9D91840}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{EB4237CA-DE84-47C1-A900-37865AB6BC45}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{EE355667-888B-4980-A388-683ADCBE4DA1}E:\left 4 dead\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=e:\left 4 dead\left.4.dead.full-rip.skullptura\left 4 dead\left4dead.exe |
"UDP Query User{F2D37908-CE11-499C-8B00-98F6C27A10F5}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{F68E0DA8-EE5D-4595-9AF1-9C1426A7B6F2}E:\dead space game\dead space.exe" = protocol=17 | dir=in | app=e:\dead space game\dead space.exe |
"UDP Query User{FD85AAE5-2487-48FC-8AA4-043DB7E3E2B4}J:\soulseek\slsk.exe" = protocol=17 | dir=in | app=j:\soulseek\slsk.exe |
"UDP Query User{FEC225CF-A853-43C0-A519-76D7E425BB52}J:\civ 4\beyond the sword\civ4beyondsword.exe" = protocol=17 | dir=in | app=j:\civ 4\beyond the sword\civ4beyondsword.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB58402A-43DE-551C-2B40-DD1CF0E21240}" = ccc-utility64
"{AD27BE4B-A261-4F0A-AB5A-476C83EDAED2}" = AVG 2013
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}" = AMD Catalyst Install Manager
"AVG" = AVG 2013
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020032F6-05D6-42CE-9835-F24BDF8D4F7F}" = KORG microKORG XL Sound Editor
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1" = Men of War (Remove Only)
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = Catalyst Control Center
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish
"{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish
"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese
"{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}" = Sony Sound Forge 9.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German
"{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish
"{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{894084B6-BC69-43B7-BF06-B93AECFEA520}" = GameSpy Comrade
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0413-1000-0000000FF1CE}_HOMESTUDENTR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_HOMESTUDENTR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_HOMESTUDENTR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout™ Paradise The Ultimate Box
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A11E24AD-A7EB-78C9-F792-AD9CDDB8B651}" = Catalyst Control Center InstallProxy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel® Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1043-7B44-A95000000001}" = Adobe Reader 9.5.4 - Nederlands
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}" = Sony Noise Reduction Plug-In 2.0e
"{D820BECD-97D3-4942-B6CF-1B670CA7690C}" = ABN AMRO e.dentifier2 software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English
"{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F41D847E-D635-4A60-B3CB-E08CFB24F1F9}" = COWON S9 User's Guide
"{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FD416706-875C-4B0B-A23A-9E740DAE029E}" = Tom Clancy's Rainbow Six Vegas 2
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 4.1.5.0
"Aangifte inkomstenbelasting 2008" = Aangifte inkomstenbelasting 2008
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AngryBirdsStarWars 1.00" = AngryBirdsStarWars 1.00
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"BattlEye" = BattlEye Uninstall
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Cakewalk VST Adapter 4.5.1.0" = Cakewalk VST Adapter 4.5.1.0
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Civilization.V.GOTY.incl.Gods.and.Kings_is1" = Civilization.V.GOTY.incl.Gods.and.Kings
"Close Combat 3.00" = Microsoft Close Combat III
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAZ Studio 3 3.0.1.120" = DAZ Studio 3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS Utility" = Canon Utilities EOS Utility
"Fallout New Vegas_is1" = Fallout New Vegas
"FLAC To MP3_is1" = FLAC To MP3 V4.0.4
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.5
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"ImgBurn" = ImgBurn
"IsoBuster_is1" = IsoBuster 2.5.5
"Jagged Alliance 2 Gold" = Jagged Alliance 2 Gold
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"Kinetic 2" = Kinetic 2
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MyCamera" = Canon Utilities MyCamera
"NSS" = Norton Security Scan
"OpenAL" = OpenAL
"PhotoMeister2_is1" = PhotoMeister 2
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Postal 2_is1" = Portal 2
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SimCity 3000" = SimCity 3000
"Six Updater Suite" = Six Updater Suite
"Soulseek" = SoulSeek Client 156c
"Steam App 219150" = Hotline Miami
"Steam App 33910" = Arma 2
"Steam App 3592" = Plants vs. Zombies Demo
"Stop Motion Pro v4_is1" = Stop Motion Pro v4
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"vr3d" = vr3d
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1087465187-3853098166-3709601896-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"uTorrent" = µTorrent
"XBMC" = XBMC
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17-12-2011 10:36:54 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =

Error - 17-12-2011 10:43:52 | Computer Name = PC | Source = Windows Search Service | ID = 3006
Description =

Error - 17-12-2011 10:43:53 | Computer Name = PC | Source = Windows Search Service | ID = 3007
Description =

Error - 17-12-2011 11:07:42 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =

Error - 18-12-2011 13:16:53 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =

Error - 19-12-2011 19:21:00 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =

Error - 20-12-2011 15:50:01 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =

Error - 23-12-2011 16:00:16 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =

Error - 24-12-2011 7:41:40 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =

Error - 27-12-2011 17:09:53 | Computer Name = PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 3-3-2011 15:14:52 | Computer Name = PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 3-3-2011 15:36:13 | Computer Name = PC | Source = McrMgr | ID = 107
Description =

Error - 3-3-2011 15:36:18 | Computer Name = PC | Source = McrMgr | ID = 109
Description =

Error - 7-3-2011 17:43:05 | Computer Name = PC | Source = McrMgr | ID = 109
Description =

[ System Events ]
Error - 17-5-2013 4:59:31 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description =

Error - 17-5-2013 4:59:31 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17-5-2013 4:59:31 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description =

Error - 17-5-2013 5:01:24 | Computer Name = PC | Source = ipnathlp | ID = 30005
Description = De DHCP-allocator heeft een DHCP-server gevonden met IP-adres 192.168.0.1
op hetzelfde netwerk als de interface met IP-adres 192.168.0.102. De allocator
heeft zichzelf op de interface uitgeschakeld om DHCP-clients niet te verwarren.

Error - 17-5-2013 5:59:22 | Computer Name = PC | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 11:52:15 op 17-5-2013 is onverwacht
gebeurd.

Error - 17-5-2013 5:59:51 | Computer Name = PC | Source = ipnathlp | ID = 34001
Description = De IPv6-stack kan niet door ICS_IPV6 worden geconfigureerd.

Error - 17-5-2013 6:00:44 | Computer Name = PC | Source = Service Control Manager | ID = 7006
Description =

Error - 17-5-2013 6:00:44 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17-5-2013 6:24:09 | Computer Name = PC | Source = ipnathlp | ID = 30005
Description = De DHCP-allocator heeft een DHCP-server gevonden met IP-adres 192.168.0.1
op hetzelfde netwerk als de interface met IP-adres 192.168.0.102. De allocator
heeft zichzelf op de interface uitgeschakeld om DHCP-clients niet te verwarren.

Error - 17-5-2013 6:24:09 | Computer Name = PC | Source = ipnathlp | ID = 30009
Description = De DHCP-allocator heeft een netwerkfout gevonden tijdens het antwoorden
via IP-adres 0.0.0.0 op een aanvraag van een client. De gegevens bevinden zich
in de foutcode.


< End of report >


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-17 13:16:08
-----------------------------
13:16:08.510 OS Version: Windows x64 6.0.6002 Service Pack 2
13:16:08.511 Number of processors: 2 586 0x1706
13:16:08.511 ComputerName: PC UserName:
13:16:08.992 Initialize success
13:16:17.454 AVAST engine defs: 13051601
13:16:23.216 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
13:16:23.219 Disk 0 Vendor: SAMSUNG_HD642JJ 1AA01112 Size: 610480MB BusType: 3
13:16:23.273 Disk 0 MBR read successfully
13:16:23.283 Disk 0 MBR scan
13:16:23.319 Disk 0 Windows VISTA default MBR code
13:16:23.341 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100000 MB offset 2048
13:16:23.360 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 150000 MB offset 204802048
13:16:23.390 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 360477 MB offset 512002048
13:16:23.458 Disk 0 scanning C:\Windows\system32\drivers
13:16:44.420 Service scanning
13:17:01.059 Modules scanning
13:17:01.065 Disk 0 trace - called modules:
13:17:01.090 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80026452c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:17:01.095 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002952060]
13:17:01.099 3 CLASSPNP.SYS[fffffa60011cec33] -> nt!IofCallDriver -> [0xfffffa80027ab520]
13:17:01.103 5 acpi.sys[fffffa6000b81fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa80027b1060]
13:17:01.107 \Driver\atapi[0xfffffa8002768e70] -> IRP_MJ_CREATE -> 0xfffffa80026452c0
13:17:01.743 AVAST engine scan C:\Windows
13:17:13.453 AVAST engine scan C:\Windows\system32
13:21:03.135 AVAST engine scan C:\Windows\system32\drivers
13:21:12.756 AVAST engine scan C:\Users\Wiebe
13:40:27.551 AVAST engine scan C:\ProgramData
13:47:46.857 Scan finished successfully
13:49:53.822 Disk 0 MBR has been saved successfully to "C:\Users\Wiebe\Desktop\MBR.dat"
13:49:53.838 The log file has been saved successfully to "C:\Users\Wiebe\Desktop\aswMBR.txt"
13:50:06.122 Disk 0 MBR has been saved successfully to "C:\Users\Wiebe\Desktop\MBR.dat"
13:50:06.126 The log file has been saved successfully to "C:\Users\Wiebe\Desktop\aswMBR.txt"
13:51:14.166 Disk 0 MBR has been saved successfully to "C:\Users\Wiebe\Desktop\MBR.dat"
13:51:14.185 The log file has been saved successfully to "C:\Users\Wiebe\Desktop\aswMBR.txt"
13:52:56.291 Disk 0 MBR has been saved successfully to "I:\MBR.dat"
13:52:56.306 The log file has been saved successfully to "I:\aswMBR.txt"
  • 0

#4
Ashholt

Ashholt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Josh, I really don't know how to upload the screenshot. The 'share image' button ask for an url. Sorry about this.
  • 0

#5
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Sorry I gave you incorrect instructions. In order to post the image simply click the browse button below the post text box, navigate to and open your screenshot, click the Attach this File button, wait for the upload to finish, then click the Add to Post button to the right of the attachment section and paste where you desire in your post.
  • 0

#6
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Hi Ashholt. I finished looking at your OTL logs and your aswMBR log. They all look clean. I will look over again tomorrow to make sure I didn't miss anything. Please get back to me with that screenshot so I can see what's going on.
Take Care,
Josh
  • 0

#7
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Just looked through OTL logs again and all is clean. I'd like to take a look at what the antivirus is showing so maybe we can determine whether malware is actually present or not. I'm doubtful since there are no signs in the OTL log.
  • 0

#8
Ashholt

Ashholt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Josh,

Thank you for scanning the logfiles. The plot seems to thicken. I uploaded the screenshot. The Dutch text translastes into: filename contained a virus and has been deleted.

printscreen.jpg
  • 0

#9
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Let's take a look at the file details and infections detected.
Double-click the AVG icon in the notification area near the clock in the bottom right. You might have to click the arrow to make it visible.
Then click Options in the upper right, go to History, and click Resident Shield Results. Click the Export button, export as a file, then post in your next post. Also do you have AVG 2013 free?
  • 0

#10
Ashholt

Ashholt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Resident Shield detection
Detection name;"Result";"Detection time";"Object Type";"Process"
Potentially harmful program Crack.ME, e:\ABStarwars\angry.birds.all-patch.offline.v1.3.exe;"Moved to Virus Vault";"19-5-2013, 0:44:48";"File or Directory";""

There you go. Strangely enough the firefox file doesn't show up in the log (made sure to try and download it again - with the same result -before looking into the avg history). Chucked out the folder containing the file mentioned by the way.

I do use avg 2013 free.

Edited by Ashholt, 18 May 2013 - 05:41 PM.

  • 0

Advertisements


#11
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
I am consulting a colleague and will get back to you tomorrow around 1:30 US pacific time UTC-8
  • 0

#12
Ashholt

Ashholt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Roger.
  • 0

#13
Ashholt

Ashholt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Josh, it's solved! I did some searching this afternoon and the provided link below (bottom of the linked page) explains it all. I uninstalled both avg 2013 and 2012 with the software from the avg site and just downloaded firefox.
Nevertheless, thank you very much for all your time and efforts. As soon as I get my paypal password again (long story) I will express my gratitude in cold, hard dollars! Not an empty promise, I really appreciate what you and your fellow 'geeks' do on this site.

http://www.sevenforu...deleted-2.html.

Cheers,

Ash.
  • 0

#14
Crag_Hack

Crag_Hack

    Trusted Helper

  • Malware Removal
  • 1,775 posts
Sweet :) I was actually gonna google it today since that's pretty much the only option left. Glad to hear you were able to solve the problem. Here's my all good speech in case you want to read and maybe learn a few things:

Now that we're done scanning for and disinfecting malware it's time to clean up. I noticed you have outdated adobe reader. You will want to upgrade this to prevent possible infection through this app in the future.

Upgrading Adobe Reader:
  • For XP: Go to Start Menu --> Control Panel --> Add or Remove Programs
  • For Vista/7: Go to Start Menu --> Control Panel --> Programs and Features
  • Scroll to and select the Adobe Reader entry
  • Click Remove or Uninstall
  • Follow the instructions
  • Go to this site: http://get.adobe.com/reader/ or http://www.foxitsoft...ure_PDF_Reader/ for Foxit Reader (I prefer Foxit - it is less targeted by malware and allows pdf form editing)
  • Download and install the newest Adobe Reader (or Foxit)

You can now remove all the tools that were used to disinfect your computer by running OTL and clicking the CleanUp button.

Now that your computer is disinfected it is important to keep it that way. What follows are guidelines to keeping your computer malware-free.

You absolutely must have an antivirus program installed. This is important because the antivirus program runs in the background of the computer and prevents viruses from both infecting the computer and doing malicious things to the computer. This can prevent many infections in the first place. Just as a city without police would be chaotic so would a computer with an anti-virus program. I recommend the free programs Avira AntiVir Personal and avast! Free Anti-Virus . Also make absolutely sure to only have one anti-virus installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

It is also advised to have an anti-spyware program as well. I recommend the paid version of Malwarebytes' Anti-Malware. This program complementing your anti-virus can protect your computer from most infections out there. Make absolutely sure to only have one anti-spyware installed as more than one can slow your computer, create software conflicts, and increase your vulnerability to viruses and malware.

A program to complement your anti-virus and anti-spyware with passive protection is SpywareBlaster. SpywareBlaster is not a malware scanner or removal tool and uses no system resources except a little disk space. It does a great job of preventing malware from being installed in the first place! It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them from malicious websites. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run SpywareBlaster
  • Click Updates on the left of the screen
  • Click the 'Check for Updates' button and let the program update
  • Click 'Protection Status' on the left of the screen
  • Click 'Enable All Protection' on the bottom of the screen and SpywareBlaster will implement its protection
  • Exit the program
Another program to add additional protection is Spybot Search and Destroy. It works similar to SpywareBlaster by providing passive protection. You can download it here. To use it to protect your computer install it then do the following regularly at your concenience (once a week is adequate):
  • Run Spybot S&D
  • Click "Search for Updates"
  • Click "Continue"
  • Click "Download" - ignore if it says "please select some update files from the list first"
  • Click "OK" in update window if it prompts you
  • Click "Exit" in update window when update finishes or if Spybot said "please select some update files from the list first"
  • Go back to Spybot main window
  • Close Internet Explorer/Firefox/Chrome if they are open
  • Click "Immunize"
  • Wait for the progress meter to complete
  • Click the "Immunize" button with the plus sign next to it towards the top of the window
  • Wait for the progress meter to complete
  • Close the program
And one last program to add additional protection is Panda USB vaccine. This program disables the autorun rile on removable devices. You can vaccinate both a computer and a removable device. To download and run refer to here.

Another important thing to have installed is a firewall to secure communications to and from your computer. The firewall prevents inbound communications from the Internet to your computer that could be malicious in nature. Some firewalls also regulate outbound communications from your computer to the Internet that could be malicious as well. Inbound communications can take advantage of security holes in software running on your computer to gain control of your computer and infect you with malware. Outbound communications can be from malware on your computer to malicious websites on the Internet, containing information about your computer usage and even your passwords. For these reasons it is essential to the security of your computer to install a firewall. Make sure to only install one firewall as any more than that would prove to be redundant - one firewall is just as effective as multiple ones. Also more than one firewall could cause software conflicts. This applies to the Windows firewall as well - if you use a third-party firewall make sure to disable the Windows firewall. I recommend ZoneAlarm Free Firewall or Comodo Firewall.

Besides these measures, an equally important step to take to protect your computer from malware is to update all programs regularly including Windows Updates. Windows, Java, Adobe Flash, PDF readers, and other programs have security holes in them that leave your computer vulnerable to malicious code from hackers that could infect your computer with malware when taken advantage of. Updates close these holes. For this reason it is important to always update programs when prompted. Windows Updates is enabled by default in Windows and Java, Flash, and others have auto-update programs enabled by default as well. You will not have to worry about setting up the auto-update feature for these programs unless you altered the settings to begin with. Make sure as well to never update a program via e-mail - companies will never send e-mails to update their products. In order to help you update programs you might want to download and run FileHippo.com Update Checker from here. This program will tell you which programs need to be updated.

One last thing to consider is to exercise caution when browsing the web and viewing e-mails. Try to stay away from non-reputable websites including websites for software piracy and pornography. By staying away from these websites you decrease your chances of malware infection significantly. To help you exercise caution in your browsing habits you can download and install Web of Trust into your web browser here. This program will install in your browser and color code the website you are viewing to inform you if it is safe or not; green means safe, yellow means proceed with caution, and red means danger. Viewing e-mails should also be done with caution. If you don't recognize an email as one from a known or requested source then you will be safer to avoid opening it. File attachments should be opened only with extreme caution as they can contain files that exploit security holes on your computer and infect you with malware. Never open an attachment unless you are expecting it or you verify that the sender intended to send it to you. Also make sure to scan the attachment before opening it.

You might want to use an alternate browser than Internet Explorer. Firefox and Google Chrome are excellent candidates. They are more secure than Internet Explorer and are just as functional. You can download Google Chrome here and Firefox here.

Something just as important as preventing infection by malware is to backup your data. You can read about different methods here.

Some articles you might be interested in reading to reiterate points I have addressed in this post as well as make new points follow:
By following these steps you should ensure that you most likely will never get infected with malware again. Good luck and safe browsing!

-Josh
  • 0

#15
Ashholt

Ashholt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Maybe it would be a good idea to add 'solved' to this topic title. Can't figure out how to do it myself though.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP